CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

12 matches found

RedhatCVE•added 2026/04/09 7:23 p.m.•1 views

CVE-2026-35534

ChurchCRM is an open-source church management system. Prior to 7.1.0, a stored cross-site scripting vulnerability exists in PersonView.php due to incorrect use of sanitizeText as an output sanitizer for HTML attribute context. The function only strips HTML tags, it does not escape quote character...

7.6CVSS6AI score0.00038EPSS

Exploits0References1

NVD•added 2026/04/07 4:16 p.m.•0 views

CVE-2026-35534

7.6CVSS0.00038EPSS

Exploits0References1

ATTACKERKB•added 2026/04/07 3:47 p.m.•1 views

CVE-2026-35534

7.6CVSS6AI score0.00038EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2026/04/07 3:47 p.m.•1 views

CVE-2026-35534 ChurchCRM has Stored XSS in PersonView.php via Facebook Field Attribute Injection

7.6CVSS6AI score0.00038EPSS

Exploits0References1

Cvelist•added 2026/04/07 3:47 p.m.•12 views

CVE-2026-35534 ChurchCRM has Stored XSS in PersonView.php via Facebook Field Attribute Injection

7.6CVSS0.00038EPSS

Exploits0References1

CVE•added 2026/04/07 3:47 p.m.•4 views

CVE-2026-35534

ChurchCRM prior to version 7.1.0 is vulnerable to a stored cross-site scripting (XSS) in PersonView.php due to improper use of sanitizeText() as an output sanitizer for HTML attribute context. The function strips tags but does not escape quote characters, enabling an attacker with the EditRecords...

7.6CVSS6AI score0.00038EPSS

Exploits0References1Affected Software1

EUVD•added 2026/04/07 3:47 p.m.•0 views

EUVD-2026-19718

7.6CVSS6AI score0.00038EPSS

Exploits0References1

Positive Technologies•added 2026/04/07 12:0 a.m.•1 views

PT-2026-30887

7.6CVSS6AI score0.00038EPSS

Exploits0References2

Prion•added 2023/01/19 6:15 p.m.•13 views

Cross site scripting

An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. Default installations of Ghost allow non-administrator users to inject arbitrary Javascript in posts, which allow privilege escalation to administrator via XSS. To trigger this...

4.9CVSS5.4AI score0.00361EPSS

Exploits1References1Affected Software1

Cvelist•added 2023/01/19 5:2 p.m.•15 views

CVE-2022-47195

9CVSS5.6AI score0.00361EPSS

Exploits1References1

Positive Technologies•added 2023/01/19 12:0 a.m.•2 views

PT-2023-15234 · Ghost Foundation · Ghost

Name of the Vulnerable Software and Affected Versions: Ghost Foundation Ghost version 5.9.4 Description: An insecure default vulnerability exists in the Post Creation functionality, allowing non-administrator users to inject arbitrary Javascript in posts. This enables privilege escalation to...

9CVSS7.1AI score0.00361EPSS

Exploits1References7

CNNVD•added 2023/01/19 12:0 a.m.•2 views

Ghost Foundation Ghost 跨站脚本漏洞

Ghost Foundation Ghost is a Ghost open source personal blogging system written in JavaScript. A security vulnerability exists in Ghost Foundation Ghost 5.9.4, which stems from an insecure default vulnerability in the post creation feature of Ghost Foundation Ghost 5.9.4. The default installation ...

9CVSS7.4AI score0.00361EPSS

Exploits1References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by