Lucene search
K

93 matches found

ATTACKERKB
ATTACKERKB
added 4 days ago6 views

CVE-2026-15284

The King Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'formpageid' parameter in versions up to, and including, 51.1.62 This is due to insufficient input sanitization in the addtosubmissions function, which applies sanitizetextfield which preserves...

6.4CVSS6.1AI score0.00307EPSS
Exploits0References11
Cvelist
Cvelist
added 5 days ago31 views

CVE-2026-13441 EventPrime <= 4.3.4.2 - Unauthenticated Stored Cross-Site Scripting via 'new_event_type_background_color' Parameter

The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'neweventtypebackgroundcolor' parameter in all versions up to, and including, 4.3.4.2 due to insufficient input sanitization and output escaping. This makes it possible...

7.2CVSS0.00247EPSS
Exploits0References8
NVD
NVD
added last week6 views

CVE-2026-48952

Lack of escaping leads to an XSS vulnerability in the update list view of cominstaller...

8.4CVSS0.00147EPSS
Exploits0References1
NVD
NVD
added last week7 views

CVE-2026-48953

Lack of escaping leads to an XSS vulnerability in the generic image output layout...

8.4CVSS0.00147EPSS
Exploits0References1
CVE
CVE
added last week9 views

CVE-2026-48952

CVE-2026-48952 affects Joomla core, specifically the com_installer update list view. Root cause is lack of escaping, resulting in an XSS vulnerability. CVSS 4.0 base score 8.4 ( HIGH ) with network attack vector, low attack complexity, high impact to confidentiality and integrity, and low impact ...

8.4CVSS5.9AI score0.00147EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added last week37 views

CVE-2026-48952 Joomla! Core - [20260706] - XSS in com_installer

Lack of escaping leads to an XSS vulnerability in the update list view of cominstaller...

8.4CVSS0.00147EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added last week9 views

CVE-2026-48952 Joomla! Core - [20260706] - XSS in com_installer

Lack of escaping leads to an XSS vulnerability in the update list view of cominstaller...

8.4CVSS5.9AI score0.00147EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added last week6 views

CVE-2026-48950 Joomla! Core - [20260704] - XSS in com_templates

Lack of escaping leads to an XSS vulnerability in the file management view of comtemplates...

8.4CVSS5.9AI score0.00147EPSS
Exploits0References1
Cvelist
Cvelist
added last week34 views

CVE-2026-48950 Joomla! Core - [20260704] - XSS in com_templates

Lack of escaping leads to an XSS vulnerability in the file management view of comtemplates...

8.4CVSS0.00147EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added last week8 views

CVE-2026-48951 Joomla! Core - [20260705] - XSS in various modalreturn layouts

Lack of escaping leads to XSS vulnerabilities in modalreturn layouts of various components...

8.4CVSS5.9AI score0.00147EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added last week8 views

CVE-2026-48953 Joomla! Core - [20260707] - XSS in the generic image output layout

Lack of escaping leads to an XSS vulnerability in the generic image output layout...

8.4CVSS5.9AI score0.00147EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added last week7 views

CVE-2026-48953

Lack of escaping leads to an XSS vulnerability in the generic image output layout...

8.4CVSS5.9AI score0.00147EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/06/26 12:16 a.m.8 views

CVE-2026-13083

A flaw was found in the Pen Drive report generator. Cluster-sourced data is rendered into HTML reports without proper escaping or sanitization. An attacker with cluster administrator privileges can inject a stored cross-site scripting XSS payload into cluster objects such as ClusterVersion...

6.9CVSS0.00176EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.57 views

PT-2026-51580

Name of the Vulnerable Software and Affected Versions @rtk-ai/rtk-rewrite version 1.0.0 Description The @rtk-ai/rtk-rewrite OpenClaw plugin fails to properly escape input passed to a shell-backed execSync function. While JSON.stringify is used to wrap values in double quotes, it does not neutrali...

6.3CVSS6.2AI score0.00288EPSS
Exploits1References4
CVE
CVE
added 2026/06/09 3:41 a.m.22 views

CVE-2026-8977

The WP GDPR Cookie Consent plugin for WordPress (versions up to and including 1.0.0) is vulnerable to Stored Cross-Site Scripting via the ninja_gdpr_ajax_actions AJAX action. The root cause is multi-fold: missing capability and nonce checks in handleAjaxCalls(), insufficient input sanitization of...

6.4CVSS5.7AI score0.00188EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:40 p.m.12 views

CVE-2026-25901

Lack of output escaping leads to a XSS vector in the multilingual associations component...

6.9CVSS5.4AI score0.00175EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:40 p.m.9 views

CVE-2026-25900

Lack of output escaping leads to a XSS vector in the feed modules...

6.9CVSS5.4AI score0.00175EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/02 10:1 p.m.34 views

CVE-2026-42507 Arbitrary inputs are included in errors without any escaping in net/textproto

When returning errors, functions in the net/textproto package would include its input as part of the error. This might allow an attacker to inject misleading content to errors that are printed or logged...

0.0037EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/02 4:1 p.m.13 views

CVE-2026-30894

Lack of output escaping leads to a XSS vector in the content history component...

6.9CVSS5.8AI score0.00175EPSS
Exploits0References1
OSV
OSV
added 2026/05/28 8:45 a.m.10 views

BIT-JOOMLA-2026-30894 Joomla! Core - [20260503] - XSS in com_contenthistory

Lack of output escaping leads to a XSS vector in the content history component...

6.9CVSS5.8AI score0.00175EPSS
Exploits0References2
Rows per page
Query Builder