Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

536 matches found

RedhatCVE
RedhatCVEadded 2024/09/17 8:44 p.m.30 views

CVE-2024-45812

A DOM clobbering vulnerability was found in ViteJS. This may lead to cross-site scripting XSS attacks on websites that include Vite-bundled files configured with an output format of cjs, iife, or umd, and allow users to inject certain scriptless HTML tags without properly sanitizing the name or i...

6.4CVSS5.5AI score0.00256EPSS
Exploits0References8
NVD
NVDadded 2024/09/12 9:15 a.m.11 views

CVE-2024-2010

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in TE Informatics V5 allows Reflected XSS. This issue affects V5: before 6.2...

8.8CVSS0.00166EPSS
Exploits0References2
OSV
OSVadded 2024/08/23 3:15 p.m.4 views

PYSEC-2024-180

Stored XSS in organizer and event settings of pretix up to 2024.7.0 allows malicious event organizers to inject HTML tags into e-mail previews on settings page. The default Content Security Policy of pretix prevents execution of attacker-provided scripts, making exploitation unlikely. However,...

5.4CVSS5.9AI score0.00151EPSS
Exploits0References2
OSV
OSVadded 2024/08/20 12:15 p.m.2 views

CVE-2024-41697

Priority - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS...

6.1CVSS5.8AI score0.00259EPSS
Exploits0References1
NVD
NVDadded 2024/08/20 12:15 p.m.25 views

CVE-2024-41697

Priority - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS...

6.1CVSS0.00259EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2024/08/20 11:48 a.m.17 views

CVE-2024-41697 Priority – CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

Priority - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS...

6.1CVSS6.8AI score0.00259EPSS
Exploits0References1
CVE
CVEadded 2024/08/20 11:48 a.m.54 views

CVE-2024-41697

CVE-2024-41697 corresponds to a Basic XSS (CWE-80) vulnerability with CVSS v3.1 metrics: Network attack vector, low attack complexity, no privileges required, user interaction required, and scope changed. Exploitation status is not indicated in the provided documents; the impact is limited to con...

6.1CVSS6.3AI score0.00259EPSS
Exploits0References1Affected Software1
Cvelist
Cvelistadded 2024/08/20 11:48 a.m.12 views

CVE-2024-41697 Priority – CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

Priority - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS...

6.1CVSS0.00259EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2024/08/20 12:0 a.m.3 views

PT-2024-29518 · Priority · Priority

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue concerns improper neutralization of script-related HTML tags in a web page, which is a basic cross-site scripting XSS problem. This can...

6.1CVSS5.9AI score0.00259EPSS
Exploits0References5
NVD
NVDadded 2024/07/30 9:15 a.m.19 views

CVE-2024-41693

Mashov - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS...

6.1CVSS0.00388EPSS
Exploits0References1
OSV
OSVadded 2024/07/30 9:15 a.m.1 views

CVE-2024-41693

Mashov - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS...

6.1CVSS5.8AI score0.00388EPSS
Exploits0References1
Cvelist
Cvelistadded 2024/07/30 8:28 a.m.17 views

CVE-2024-41693 Mashov - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

Mashov - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS...

6.1CVSS0.00388EPSS
Exploits0References1
CVE
CVEadded 2024/07/30 8:28 a.m.57 views

CVE-2024-41693

Mashov (an Israeli instructional management system) has a Cross-Site Scripting (XSS) flaw: CWE-80 due to improper neutralization of script-related HTML tags in web pages. The CVE-2024-41693 entry notes a basic XSS risk with CVSSv3.1 base score 6.1 (NETWORK, UI required, no privileges, changed sco...

6.1CVSS6.5AI score0.00388EPSS
Exploits0References1Affected Software1
Veracode
Veracodeadded 2024/07/25 5:17 a.m.12 views

Cross Site Scripting (XSS)

Sentry is vulnerable to Cross Site Scripting XSS. The vulnerability is due to lack of input sanitization for payloads sent from Integration platform integrations, which allows arbitrary HTML tags to be stored and rendered on the Issues page...

7.1CVSS6.1AI score0.04185EPSS
Exploits0References4Affected Software1
OSV
OSVadded 2024/07/22 12:30 p.m.4 views

GHSA-8PXV-X6JQ-5VW9 Apache Syncope Improper Input Validation vulnerability

When editing a user, group or any object in the Syncope Console, HTML tags could be added to any text field and could lead to potential exploits. The same vulnerability was found in the Syncope Enduser, when editing "Personal Information" or "User Requests". Users are recommended to upgrade to...

7.1CVSS5.8AI score0.05963EPSS
Exploits0References6
OSV
OSVadded 2024/07/22 10:15 a.m.21 views

CVE-2024-38503

When editing a user, group or any object in the Syncope Console, HTML tags could be added to any text field and could lead to potential exploits. The same vulnerability was found in the Syncope Enduser, when editing “Personal Information” or “User Requests”. Users are recommended to upgrade to...

5.4CVSS5.4AI score0.05963EPSS
Exploits0References3
NVD
NVDadded 2024/07/22 10:15 a.m.11 views

CVE-2024-38503

When editing a user, group or any object in the Syncope Console, HTML tags could be added to any text field and could lead to potential exploits. The same vulnerability was found in the Syncope Enduser, when editing “Personal Information” or “User Requests”. Users are recommended to upgrade to...

5.4CVSS0.05963EPSS
Exploits0References3
CVE
CVEadded 2024/07/22 9:46 a.m.67 views

CVE-2024-38503

Apache Syncope HTML-injection vulnerability (CVE-2024-38503) affects the Syncope Console and Enduser UI, where HTML tags can be injected into text fields during edits of users, groups, or other objects, potentially enabling exploits. The issue is documented across multiple sources (NVD, CNVD, Ver...

5.4CVSS6.3AI score0.05963EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichmentadded 2024/07/10 7:49 p.m.21 views

CVE-2024-38354 Cross-site Scripting in Hackmd.io Notes lead by HTML Injection

CodiMD allows realtime collaborative markdown notes on all platforms. The notebook feature of Hackmd.io permits the rendering of iframe HTML tags with an improperly sanitized name attribute. This vulnerability enables attackers to perform cross-site scripting XSS attacks via DOM clobbering. This...

8.1CVSS5.8AI score0.00965EPSS
Exploits1References1
CVE
CVEadded 2024/06/28 11:29 a.m.63 views

CVE-2024-5737

CVE-2024-5737 affects the AdmirorFrames Joomla! extension. Red Hat entries confirm the issue resides in afGdStream.php, which does not set a Content-Type, causing a default text/html to be used. An attacker may embed HTML in image data, which will be rendered by a webpage as HTML. The vulnerabili...

6.3CVSS6.3AI score0.16107EPSS
Exploits2References5Affected Software1
Rows per page
Query Builder