Lucene search
K

74 matches found

RedhatCVE
RedhatCVE
added 2026/02/14 7:23 a.m.6 views

CVE-2026-1721

Summary A Reflected Cross-Site Scripting XSS vulnerability was discovered in the AI Playground's OAuth callback handler. The errordescription query parameter was directly interpolated into an HTML script tag without proper escaping, allowing attackers to execute arbitrary JavaScript in the contex...

6.2CVSS5.9AI score0.00371EPSS
Exploits0References1
OSV
OSV
added 2026/02/13 9:4 p.m.3 views

GHSA-W5CR-2QHR-JQC5 Cloudflare Agents has a Reflected Cross-Site Scripting (XSS) vulnerability in AI Playground site

Summary A Reflected Cross-Site Scripting XSS vulnerability was discovered in the AI Playground's OAuth callback handler. The errordescription query parameter was directly interpolated into an HTML script tag without proper escaping, allowing attackers to execute arbitrary JavaScript in the contex...

6.2CVSS6AI score
Exploits0References4
Snyk
Snyk
added 2026/02/13 9:4 p.m.3 views

Cross-site Scripting (XSS)

Overview agents is an A home for your AI agents Affected versions of this package are vulnerable to Cross-site Scripting XSS via the errordescription query parameter, which is directly interpolated into an HTML script tag without proper escaping. An attacker can execute arbitrary JavaScript in th...

8.2CVSS5.7AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/02/13 9:4 p.m.11 views

Cloudflare Agents has a Reflected Cross-Site Scripting (XSS) vulnerability in AI Playground site

Summary A Reflected Cross-Site Scripting XSS vulnerability was discovered in the AI Playground's OAuth callback handler. The errordescription query parameter was directly interpolated into an HTML script tag without proper escaping, allowing attackers to execute arbitrary JavaScript in the contex...

5.9AI score
Exploits0References4Affected Software1
OSV
OSV
added 2026/02/13 3:31 a.m.4 views

GHSA-CVHV-6XM6-C3V4 Cloudflare Agents is Vulnerable to Reflected Cross-Site Scripting in the AI Playground's OAuth callback handler

Summary A Reflected Cross-Site Scripting XSS vulnerability was discovered in the AI Playground's OAuth callback handler. The errordescription query parameter was directly interpolated into an HTML script tag without proper escaping, allowing attackers to execute arbitrary JavaScript in the contex...

6.2CVSS6AI score0.00371EPSS
Exploits0References4
NVD
NVD
added 2026/02/13 3:15 a.m.13 views

CVE-2026-1721

Summary A Reflected Cross-Site Scripting XSS vulnerability was discovered in the AI Playground's OAuth callback handler. The errordescription query parameter was directly interpolated into an HTML script tag without proper escaping, allowing attackers to execute arbitrary JavaScript in the contex...

6.2CVSS0.00371EPSS
Exploits0References1
Snyk
Snyk
added 2026/02/13 2:55 a.m.5 views

Cross-site Scripting (XSS)

Overview agents is an A home for your AI agents Affected versions of this package are vulnerable to Cross-site Scripting XSS via the errordescription query parameter in the OAuth callback handler, which is directly interpolated into an HTML script tag without proper escaping. An attacker can...

8.2CVSS5.7AI score0.00371EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/13 1:46 a.m.5 views

CVE-2026-1721 Reflected Cross-Site Scripting (XSS) vulnerability in AI Playground site

Summary A Reflected Cross-Site Scripting XSS vulnerability was discovered in the AI Playground's OAuth callback handler. The errordescription query parameter was directly interpolated into an HTML script tag without proper escaping, allowing attackers to execute arbitrary JavaScript in the contex...

6.2CVSS5.9AI score0.00371EPSS
Exploits0References1
OSV
OSV
added 2026/02/13 1:46 a.m.2 views

CVE-2026-1721 Reflected Cross-Site Scripting (XSS) vulnerability in AI Playground site

Summary A Reflected Cross-Site Scripting XSS vulnerability was discovered in the AI Playground's OAuth callback handler. The errordescription query parameter was directly interpolated into an HTML script tag without proper escaping, allowing attackers to execute arbitrary JavaScript in the contex...

6.2CVSS6.2AI score0.00371EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/02/13 1:46 a.m.7 views

CVE-2026-1721

Summary A Reflected Cross-Site Scripting XSS vulnerability was discovered in the AI Playground's OAuth callback handler. The errordescription query parameter was directly interpolated into an HTML script tag without proper escaping, allowing attackers to execute arbitrary JavaScript in the contex...

6.2CVSS5.9AI score0.00371EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/13 12:0 a.m.9 views

PT-2026-7962

Name of the Vulnerable Software and Affected Versions AI Playground versions prior to 0.3.10 Description A Reflected Cross-Site Scripting XSS issue exists in the AI Playground's OAuth callback handler. The error description query parameter is directly interpolated into an HTML script tag without...

6.2CVSS5.8AI score0.00371EPSS
Exploits0References13
CNNVD
CNNVD
added 2026/02/13 12:0 a.m.7 views

Cloudflare Agents 安全漏洞

Cloudflare Agents is an open-source tool developed by Cloudflare for building and deploying AI agents on Cloudflare platforms. There is a security vulnerability in Cloudflare Agents, which stems from the improper escaping of the errordescription query parameter in the OAuth callback handler of th...

6.2CVSS5.7AI score0.00371EPSS
Exploits0References1
Veracode
Veracode
added 2025/12/13 4:19 a.m.6 views

Phishing Attack

Keycloak is vulnerable to a phishing attack. The vulnerability is due to unsanitized user-controlled input in the errordescription query parameter being rendered directly in trusted error pages, which allows an attacker to craft misleading URLs that display fake messages, links, or contact detail...

4.3CVSS6.9AI score0.00291EPSS
Exploits0References12Affected Software2
Hacker One
Hacker One
added 2025/11/13 10:29 p.m.18 views

Cloudflare Public Bug Bounty: AI Playground XSS to steal user-chat messages and access to connected MCP Server

A reflected XSS vulnerability was discovered in the AI Playground OAuth handler due to unescaped interpolation of the errordescription parameter into a script tag. The issue has been patched, and users of the open-source Agents SDK should upgrade to v0.3.10...

5.5AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/11/12 3:47 a.m.17 views

CVE-2025-12021

The WP-OAuth plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'errordescription' parameter in all versions up to, and including, 0.4.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...

6.1CVSS5.6AI score0.00316EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/11 6:30 a.m.5 views

EUVD-2025-60951

The WP-OAuth plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'errordescription' parameter in all versions up to, and including, 0.4.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...

6.1CVSS5.2AI score0.00316EPSS
Exploits0References5
NVD
NVD
added 2025/11/11 4:15 a.m.25 views

CVE-2025-12021

The WP-OAuth plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'errordescription' parameter in all versions up to, and including, 0.4.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...

6.1CVSS0.00316EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/11/11 3:30 a.m.9 views

CVE-2025-12021 WP-OAuth <= 0.4.1 - Reflected Cross-Site Scripting

The WP-OAuth plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'errordescription' parameter in all versions up to, and including, 0.4.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...

6.1CVSS0.00316EPSS
Exploits0References4
CVE
CVE
added 2025/11/11 3:30 a.m.16 views

CVE-2025-12021

CVE-2025-12021 affects the WordPress WP-OAuth plugin, with Reflected Cross-Site Scripting via the error_description parameter in all versions up to and including 0.4.1 due to insufficient input sanitization and output escaping. This enables unauthenticated attackers to inject scripts in pages tha...

6.1CVSS5.3AI score0.00316EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/11/11 12:0 a.m.7 views

PT-2025-46272

Name of the Vulnerable Software and Affected Versions WP-OAuth plugin for WordPress versions up to and including 0.4.1 Description The WP-OAuth plugin for WordPress is susceptible to Reflected Cross-Site Scripting. This is due to insufficient input sanitization and output escaping related to the...

6.1CVSS6.2AI score0.00316EPSS
Exploits0References6
Rows per page
Query Builder