Lucene search
K

450 matches found

Positive Technologies
Positive Technologies
added 2025/09/24 12:0 a.m.7 views

PT-2025-39244

Name of the Vulnerable Software and Affected Versions Schema & Structured Data for WP & AMP versions prior to 1.50 Description The software does not properly handle HTML tag attribute modifications, which allows for unauthenticated attackers to conduct Stored Cross-Site Scripting XSS attacks via...

6.1CVSS5AI score0.00197EPSS
Exploits0References7
Snyk
Snyk
added 2025/09/22 3:40 p.m.3 views

Cross-site Scripting (XSS)

Overview ammonia is a whitelist-based HTML sanitization library. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the cleaning process when handling embedded svg or math tags. An attacker can execute arbitrary scripts in the context of the affected application by...

6.3CVSS5.5AI score
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/09/11 8:27 p.m.5 views

CVE-2025-34175

In pfSense CE /usr/local/www/suricata/suricatafilecheck.php, the value of the filehash parameter is directly displayed without sanitizing for HTML-related characters/strings. This can result in reflected cross-site scripting if the victim is authenticated...

5.1CVSS6.3AI score0.14775EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/09/09 12:0 a.m.2 views

Netgate pfSense CE 安全漏洞

Netgate pfSense CE is a FreeBSD-based open source firewall and routing platform from Netgate, Inc. that supports enterprise-class network security and network management features. A security vulnerability exists in Netgate pfSense CE that stems from the policyname parameter not being cleaned of...

5.4CVSS5.8AI score0.00793EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/08/21 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2024-53986

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of...

6.1CVSS5.8AI score0.00462EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2025/06/23 3:15 p.m.2 views

CVE-2025-48700

An issue was discovered in Zimbra Collaboration ZCS 8.8.15 and 9.0 and 10.0 and 10.1. A Cross-Site Scripting XSS vulnerability in the Zimbra Classic UI allows attackers to execute arbitrary JavaScript within the user's session, potentially leading to unauthorized access to sensitive information...

6.1CVSS6.1AI score0.01761EPSS
Exploits0References4
NVD
NVD
added 2025/06/23 3:15 p.m.5 views

CVE-2025-48700

An issue was discovered in Zimbra Collaboration ZCS 8.8.15 and 9.0 and 10.0 and 10.1. A Cross-Site Scripting XSS vulnerability in the Zimbra Classic UI allows attackers to execute arbitrary JavaScript within the user's session, potentially leading to unauthorized access to sensitive information...

6.1CVSS0.01761EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/06/23 12:0 a.m.4 views

PT-2025-26606

Name of the Vulnerable Software and Affected Versions Zimbra Collaboration ZCS versions 8.8.15, 9.0, 10.0 and 10.1 Description A Cross-Site Scripting XSS issue exists in the Zimbra Classic UI due to insufficient sanitization of HTML content. This allows attackers to execute arbitrary JavaScript...

6.4CVSS7.7AI score0.01761EPSS
Exploits0References25
OSV
OSV
added 2025/06/09 9:50 p.m.8 views

CLSA-2025-1749505823 gcc: Fix of CVE-2020-11023

CVE-2020-11023: sanitize HTML content passed to DOM manipulation methods to prevent execution of untrusted code...

6.9CVSS6.9AI score0.8383EPSS
Exploits6References1
NVD
NVD
added 2025/06/04 8:15 p.m.11 views

CVE-2025-32015

FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, HTML is sanitized improperly inside the attribute, which leads to cross-site scripting XSS by loading an attacker's UserJS inside . In order to execute the attack, the attacker needs to control one of the victim's feeds and...

6.7CVSS0.00387EPSS
Exploits1References2
OSV
OSV
added 2025/06/04 7:59 p.m.7 views

CVE-2025-32015 FreshRSS vulnerable to Cross-site Scripting by embedding <script> tag inside <iframe srcdoc>

FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, HTML is sanitized improperly inside the attribute, which leads to cross-site scripting XSS by loading an attacker's UserJS inside . In order to execute the attack, the attacker needs to control one of the victim's feeds and...

6.7CVSS6.6AI score0.00387EPSS
Exploits1References4
CVE
CVE
added 2025/06/04 7:59 p.m.57 views

CVE-2025-32015

FreshRSS before version 1.26.2 is affected by an XSS in the iframe srcdoc sanitization, allowing an attacker to load UserJS via a script src if they control a victim feed and have a user account. The attacker could access the victim’s account; if the victim is an admin, they could delete users or...

6.7CVSS6.6AI score0.00387EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2025/06/04 12:0 a.m.4 views

PT-2025-23853 · Freshrss · Freshrss

Name of the Vulnerable Software and Affected Versions: FreshRSS versions prior to 1.26.2 Description: The issue is related to improper HTML sanitization inside the attribute, leading to cross-site scripting XSS by loading an attacker's UserJS inside . To execute the attack, the attacker needs to...

6.7CVSS6.2AI score0.00387EPSS
Exploits1References7
OSV
OSV
added 2025/05/31 5:57 a.m.5 views

BIT-MOODLE-2024-34006 moodle: unsanitized HTML in site log for config_log_created

The site log report required additional encoding of event descriptions to ensure any HTML in the content is displayed in plaintext instead of being rendered...

4.3CVSS6.4AI score0.00353EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 10:46 a.m.7 views

CVE-2024-20462

A vulnerability in the web-based management interface of Cisco ATA 190 Series Multiplatform Analog Telephone Adapter firmware could allow an authenticated, local attacker with low privileges to view passwords on an affected device. This vulnerability is due to incorrect sanitization of HTML conte...

5.5CVSS6.5AI score0.00157EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:43 a.m.8 views

CVE-2024-23635

AntiSamy is a library for performing fast, configurable cleansing of HTML coming from untrusted sources. Prior to 1.7.5, there is a potential for a mutation XSS mXSS vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerability the...

6.1CVSS5.7AI score0.00368EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:32 a.m.6 views

CVE-2024-50582

In JetBrains YouTrack before 2024.3.47707 stored XSS was possible due to improper HTML sanitization in markdown elements...

5.4CVSS5.7AI score0.00292EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:7 a.m.22 views

CVE-2024-45031

When editing objects in the Syncope Console, incomplete HTML tags could be used to bypass HTML sanitization. This made it possible to inject stored XSS payloads which would trigger for other users during ordinary usage of the application. XSS payloads could also be injected in Syncope Enduser whe...

6.1CVSS5.8AI score0.0061EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:37 a.m.6 views

CVE-2024-56510

@marp-team/marp-core is the core for Marp, which is the ecosystem to write your presentation with plain Markdown. Marp Core from v3.0.2 to v3.9.0 and v4.0.0, are vulnerable to cross-site scripting XSS due to improper neutralization of HTML sanitization. Marp Core v3.9.1 and v4.0.1 have been patch...

5.3CVSS5.3AI score0.00307EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:36 a.m.10 views

CVE-2023-41167

@webiny/react-rich-text-renderer before 5.37.2 allows XSS attacks by content managers. This is a react component to render data coming from Webiny Headless CMS and Webiny Form Builder. Webiny is an open-source serverless enterprise CMS. The @webiny/react-rich-text-renderer package depends on the...

4.8CVSS5.8AI score0.0034EPSS
Exploits0References1
Rows per page
Query Builder