Lucene search
K

36 matches found

CNNVD
CNNVD
added 2026/06/03 12:0 a.m.9 views

ERPNext 跨站脚本漏洞

ERPNext is a set of open-source enterprise resource planning solutions developed by the Indian company ERPNext. Version 16.16.0 of ERPNext contains a cross-site scripting vulnerability. This vulnerability arises from users with project record editing privileges being able to persist arbitrary...

4.8CVSS5.1AI score0.00261EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/15 12:0 a.m.11 views

Grafana 安全漏洞

Grafana is a set of open-source monitoring tools developed by Grafana Open Source, which provide a visual monitoring interface. This tool is primarily used for monitoring and analyzing systems such as Graphite, InfluxDB, and Prometheus. Grafana has a security vulnerability that stems from users...

6.5CVSS5.8AI score0.00255EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.10 views

MaxKB 代码问题漏洞

MaxKB is an open-source question-answering system based on large language models and RAG, developed by 1Panel-dev. Versions of MaxKB prior to 2.7.1 contained code vulnerabilities. These vulnerabilities stemmed from a flaw in sandbox network protection, which could be bypassed, allowing...

7.4CVSS5.9AI score0.00198EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/27 12:0 a.m.10 views

WordPress plugin OpenStreetMap 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

5.4CVSS5.9AI score0.00177EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/21 12:0 a.m.9 views

Discourse 安全漏洞

Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from a security vulnerability that stems from a user with tag editing privileges being able to edit and create synonyms...

3.8CVSS5.8AI score0.0016EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/16 12:0 a.m.9 views

Mattermost Plugins 安全漏洞

Mattermost Plugins is a plugin provided by the American company Mattermost, offering powerful feature extensions and tight integration with servers and network/desktop applications. Versions 11.3, 11.0.3, 11.2.2, and 10.10.11.0 of Mattermost Plugins contain security vulnerabilities. These...

4.3CVSS6.4AI score0.00162EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/02/27 12:0 a.m.6 views

PT-2026-22332

PluXml CMS is vulnerable to Stored XSS in Static Pages editing functionality. Attacker with editing privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. The vendor was notified early about this vulnerability, but didn't respond with...

5.1CVSS6AI score0.00177EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/16 5:26 p.m.15 views

CVE-2026-22867

LaSuite Doc is a collaborative note taking, wiki and documentation platform. From 3.8.0 to 4.3.0, a Stored Cross-Site Scripting XSS vulnerability exists in the Interlinking feature. When a user creates a link to another document within the editor, the URL of that link is not validated. An attacke...

8.7CVSS5.7AI score0.0025EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/15 7:24 p.m.4 views

CVE-2025-71164

Typesetter CMS versions up to and including 5.1 contain a reflected cross-site scripting XSS vulnerability in the Editing component. The images parameter submitted as images in a POST request is reflected into an HTML href attribute without proper context-aware output encoding in...

5.4CVSS5.6AI score0.00194EPSS
Exploits1References1
NVD
NVD
added 2026/01/15 5:16 p.m.12 views

CVE-2026-22867

LaSuite Doc is a collaborative note taking, wiki and documentation platform. From 3.8.0 to 4.3.0, a Stored Cross-Site Scripting XSS vulnerability exists in the Interlinking feature. When a user creates a link to another document within the editor, the URL of that link is not validated. An attacke...

8.7CVSS0.0025EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/15 12:0 a.m.5 views

PT-2026-3073

Name of the Vulnerable Software and Affected Versions LaSuite Doc versions 3.8.0 through 4.3.0 Description LaSuite Doc is a collaborative note taking, wiki and documentation platform. A Stored Cross-Site Scripting XSS issue exists in the Interlinking feature. When a user creates a link to another...

8.7CVSS6AI score0.0025EPSS
Exploits0References11
OSV
OSV
added 2026/01/14 6:27 p.m.7 views

CVE-2025-71164 Typesetter CMS Reflected XSS via Editing.php

Typesetter CMS versions up to and including 5.1 contain a reflected cross-site scripting XSS vulnerability in the Editing component. The images parameter submitted as images in a POST request is reflected into an HTML href attribute without proper context-aware output encoding in...

4.8CVSS6.1AI score0.00194EPSS
Exploits1References5
EUVD
EUVD
added 2026/01/14 6:27 p.m.5 views

EUVD-2026-2437

Typesetter CMS versions up to and including 5.1 contain a reflected cross-site scripting XSS vulnerability in the Editing component. The images parameter submitted as images in a POST request is reflected into an HTML href attribute without proper context-aware output encoding in...

4.8CVSS5.1AI score0.00194EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/01/14 12:0 a.m.9 views

PT-2026-2944

Name of the Vulnerable Software and Affected Versions Typesetter CMS versions up to and including 5.1 Description Typesetter CMS versions up to and including 5.1 have a reflected cross-site scripting XSS issue in the Editing component. The images parameter, submitted as images in a POST request, ...

5.4CVSS5.7AI score0.00194EPSS
Exploits1References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2002-0798

Malware in sbrugna...

2.1CVSS6.4AI score0.00309EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-1669

Malicious code in bioql PyPI...

5CVSS6.4AI score0.0153EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2025/07/05 8:4 p.m.14 views

CVE-2025-53368

Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. From versions 1.9.4 to before 3.4.0, page descriptions are inserted into raw HTML without proper sanitization by the Citizen skin when using the old search bar. Any user with page editing privileges can insert...

8.6CVSS5.3AI score0.00281EPSS
Exploits1References1
CVE
CVE
added 2025/07/03 7:34 p.m.33 views

CVE-2025-53368

Citizen is a MediaWiki skin. CVE-2025-53368 affects Citizen versions 1.9.4 up to, but not including, 3.4.0, where page descriptions are inserted into raw HTML without sanitization when using the legacy search bar. This enables stored XSS by any user with page editing privileges targeting other us...

8.6CVSS5.6AI score0.00281EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2025/07/03 12:0 a.m.11 views

PT-2025-27830 · Mediawiki · Mediawiki Citizen Skin

Name of the Vulnerable Software and Affected Versions: Citizen MediaWiki skin versions 1.9.4 through 3.4.0 Description: The Citizen MediaWiki skin has an issue where page descriptions are inserted into raw HTML without proper sanitization when using the old search bar. This allows any user with...

8.6CVSS5.4AI score0.00281EPSS
Exploits1References10
CNNVD
CNNVD
added 2024/07/31 12:0 a.m.6 views

XWiki Platform 安全漏洞

XWiki Platform is XWiki's open source suite of Wiki platforms for creating web collaboration applications. A security vulnerability exists in XWiki Platform that originates from allowing any user with editing privileges to execute arbitrary remote code by adding relevant instances to their user...

9.9CVSS7.6AI score0.01057EPSS
Exploits0References7
Rows per page
Query Builder