Lucene search
+L

190 matches found

Vulnrichment
Vulnrichment
added 2026/02/09 7:45 p.m.4 views

CVE-2026-25496 Craft has a stored XSS in Number Prefix & Suffix Fields

Craft is a platform for creating digital experiences. In Craft versions 4.0.0-RC1 through 4.16.17 and 5.0.0-RC1 through 5.8.21, a stored XSS vulnerability exists in the Number field type settings. The Prefix and Suffix fields are rendered using the |md|raw Twig filter without proper escaping,...

4.8CVSS5.7AI score0.0036EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/01/09 9:50 a.m.7 views

CVE-2020-24582

Zulip Desktop before 5.4.3 allows XSS because string escaping is mishandled during composition of the HTML for the user interface...

6.1CVSS6AI score0.00685EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:13 a.m.12 views

CVE-2024-2772

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form settings in all versions up to, and including, 5.1.13 due to insufficient input sanitization and output escaping. This makes it...

9.8CVSS5.7AI score0.02333EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/12/21 12:0 a.m.3 views

WordPress plugin ELEX WordPress HelpDesk & Customer Ticketing System 跨站脚本漏洞

WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in PHP. WordPress is a blogging platform developed using the PHP language, which provides the ability to host a personal blog site on a PHP and MySQL based server.WordPress plugin is an...

7.2CVSS5.7AI score0.00194EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/17 6:21 p.m.7 views

CVE-2025-13537 Live Composer – Free WordPress Website Builder <= 2.0.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting

The Live Composer – Free WordPress Website Builder plugin for WordPress is vulnerable to multiple Stored Cross-Site Scripting vulnerabilities via DOM manipulation in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping on user-supplied attributes. Th...

6.4CVSS5.1AI score0.00193EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/11/27 12:0 a.m.6 views

PT-2025-48221

The Shouty plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the shouty shortcode in all versions up to, and including, 0.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...

6.4CVSS5AI score0.00189EPSS
Exploits0References4
EUVD
EUVD
added 2025/11/21 7:31 a.m.5 views

EUVD-2025-198387

The HotelRunner Booking Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'hotelrunner' shortcode in all versions up to, and including, 5.2.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS4.7AI score0.00166EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/11/05 12:0 a.m.6 views

SelfBest 安全漏洞

SelfBest is a development-focused platform from SelfBest, Inc. in the United States. A security vulnerability exists in SelfBest version 2023.3, which stems from insufficient cleanup and escaping of chat message input fields in the chat feature, which could lead to a stored cross-site scripting...

7.2CVSS5.9AI score0.00224EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/11/05 12:0 a.m.15 views

PT-2025-45070

Name of the Vulnerable Software and Affected Versions The Events Calendar plugin for WordPress versions 6.15.1.1 through 6.15.9 Description The Events Calendar plugin for WordPress is susceptible to a blind SQL injection issue. This is due to inadequate escaping of user-provided input and...

7.5CVSS7.2AI score0.16727EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-3365

Malware in sbrugna...

4.7CVSS7AI score0.01361EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-11598

Malware in sbrugna...

4.8CVSS4.9AI score0.00654EPSS
Exploits2References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-13268

Malware in sbrugna...

4.8CVSS5.5AI score0.01025EPSS
Exploits1References9
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-20516

Malicious code in bioql PyPI...

5.4CVSS6.6AI score0.0017EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-27451

Malicious code in bioql PyPI...

10CVSS6.5AI score0.0074EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.10 views

EUVD-2023-34182

Malicious code in bioql PyPI...

5.4CVSS5.6AI score0.00505EPSS
Exploits2References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2022-4761

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.02589EPSS
Exploits0References10
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-47883

Malicious code in bioql PyPI...

6.4CVSS6.5AI score0.00313EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.36 views

EUVD-2022-4110

Malicious code in bioql PyPI...

6.1CVSS6.5AI score0.01089EPSS
Exploits0References11
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-49892

Malicious code in bioql PyPI...

6.1CVSS6.5AI score0.00309EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.19 views

EUVD-2023-44181

Malicious code in bioql PyPI...

6.1CVSS6.3AI score0.00452EPSS
Exploits2References1
Rows per page
Query Builder