Lucene search
K

15837 matches found

Nuclei
Nuclei
added 11 hours ago27 views

WordPress Integrator 1.32 - Cross-Site Scripting

A cross-site scripting vulnerability in wp-integrator.php in the WordPress Integrator module 1.32 for WordPress allows remote attackers to inject arbitrary web script or HTML via the redirectto parameter to wp-login.php. id: CVE-2012-5913 info: name: WordPress Integrator 1.32 - Cross-Site Scripti...

4.3CVSS6.2AI score0.08732EPSS
Exploits1References5
Nuclei
Nuclei
added 11 hours ago13 views

WordPress Ultimate FAQs <= 1.8.24 – Unauthenticated HTML Content Injection

Functions/EWDUFAQImport.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows HTML content injection. id: CVE-2019-17233 info: name: WordPress Ultimate FAQs = 1.8.24 – Unauthenticated HTML Content Injection author: daffainfo severity: medium description: | Functions/EWDUFAQImport.ph...

6.1CVSS6.8AI score0.01843EPSS
Exploits1References2
Nuclei
Nuclei
added 11 hours ago39 views

osTicket < 1.10.2 - Cross-Site Scripting

Cross-site scripting XSS vulnerability in /scp/index.php in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the "sort" parameter. id: CVE-2018-7196 info: name: osTicket 1.10.2 - Cross-Site Scripting author: ritikchaddha severity: medium...

6.1CVSS6.5AI score0.02482EPSS
Exploits1References2
EUVD
EUVD
added yesterday7 views

EUVD-2026-43236

LuCI versions fail to properly encode DHCPv6 lease hostnames before rendering in status tables, allowing adjacent network attackers to inject HTML markup. Attackers can send a DHCPv6 Client FQDN containing script tags that execute in the administrator's browser when viewing DHCP lease pages...

9.4CVSS6.2AI score
Exploits0References2
CVE
CVE
added 3 days ago10 views

CVE-2026-41877

CVE-2026-41877 affects R-SOFT DMS. It is a Stored XSS in the file upload functionality: an authenticated attacker could inject arbitrary HTML/JS into the uploaded file’s name, which would be executed when other users view the file list or upload status. The issue has been fixed in version v3.19-2...

5.1CVSS6.2AI score0.0039EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 4 days ago6 views

CVE-2026-59855

SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, Asset.render in app/src/asset/index.ts interpolates the unsanitized this.path value into HTML assigned to innerHTML, allowing a crafted asset link containing a double quote to break out of the src attribute, inject an...

8.6CVSS6AI score0.00305EPSS
Exploits0References4Affected Software1
CVE
CVE
added 4 days ago7 views

CVE-2026-31981

A stored HTML injection vulnerability affects the Diagram tab and Graph view of Guardian/CMC (N2OS) prior to 26.2.0. An authenticated administrator can inject HTML into configuration data via multiple input vectors; when viewed by others, the HTML may render and enable phishing or open redirects....

5.9CVSS6AI score0.00142EPSS
Exploits0References1Affected Software2
EUVD
EUVD
added 4 days ago8 views

EUVD-2026-42456

Inappropriate implementation in WebGL in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: High...

6.1AI score0.00139EPSS
Exploits0References3
Cvelist
Cvelist
added 5 days ago29 views

CVE-2026-56283 Capgo - HTML Injection Leading to Open Redirection in Organization Settings

Capgo before 12.128.2 contains an html injection vulnerability in the organization settings endpoint that allows attackers to inject malicious HTML content. Attackers can craft payloads in the organization name field to redirect users to untrusted websites, enabling phishing attacks and...

5.4CVSS0.00138EPSS
Exploits0References2
EUVD
EUVD
added 5 days ago5 views

EUVD-2026-42252

Capgo before 12.128.2 contains an html injection vulnerability in the organization settings endpoint that allows attackers to inject malicious HTML content. Attackers can craft payloads in the organization name field to redirect users to untrusted websites, enabling phishing attacks and...

5.4CVSS6AI score0.00138EPSS
Exploits0References2
CVE
CVE
added 5 days ago12 views

CVE-2026-55437

CVE-2026-55437 affects Coder: prior to 2.29.17, 2.32.7, 2.33.8, and 2.34.2, AgentLogLine uses ansi-to-html without escapeXML: true and injects via dangerouslySetInnerHTML, enabling stored HTML injection in workspace agent logs. Exploitation requires a user with workspace-owner access to view atta...

5.4CVSS6AI score0.00316EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 5 days ago40 views

CVE-2026-55437 Coder vulnerable to stored HTML injection via workspace agent logs in AgentLogLine component

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.17, 2.32.7, 2.33.8, and 2.34.2, the AgentLogLine dashboard component instantiated ansi-to-html without escapeXML: true and inserted the result via dangerouslySetInnerHTML so HTML embedded...

5.4CVSS0.00316EPSS
Exploits0References6
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-42150

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.17, 2.32.7, 2.33.8, and 2.34.2, the AgentLogLine dashboard component instantiated ansi-to-html without escapeXML: true and inserted the result via dangerouslySetInnerHTML so HTML embedded...

5.4CVSS6AI score0.00316EPSS
Exploits0References6
FreeBSD
FreeBSD
added 5 days ago3 views

Gitlab -- Vulnerabilities

Gitlab reports: Cross-site Scripting issue in vulnerability evidence table renderer impacts GitLab EE HTML Injection in wiki markup rendering impacts GitLab CE/EE Insufficiently Protected Credentials issue in repository mirroring impacts GitLab EE Improper Access Control issue in work items impac...

8.7CVSS5.9AI score0.00282EPSS
Exploits0References1
NVD
NVD
added 6 days ago7 views

CVE-2026-36163

An HTML injection vulnerability in the file view endpoint of LiquidFiles v4.2.7 allows authenticated attackers to execute arbitrary JavaScript in the context of the victim's browser via the uploading of and user interaction with a crafted HTML file...

5.4CVSS0.00141EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 6 days ago5 views

CVE-2026-55647

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, dashboard text components render stored component content with Vue v-html without server-side HTML sanitization, allowing an authenticated user who can edit dashboard component data to inject HTML with executable...

5.1CVSS6AI score0.00269EPSS
Exploits0References4Affected Software1
PyPA
PyPA
added 6 days ago7 views

HTML injection in Jupyter Notebook and JupyterLab leading to DOM Clobbering

ImpactThe vulnerability depends on user interaction by opening a malicious notebook with Markdown cells, or Markdown file using JupyterLab preview feature.A malicious user can access any data that the attacked user has access to as well as perform arbitrary requests acting as the attacked user...

8.8CVSS6.1AI score0.00373EPSS
Exploits0References7Affected Software1
EUVD
EUVD
added 6 days ago6 views

EUVD-2026-41954

showdown contains a stored cross-site scripting vulnerability in the parseHeaders function of src/subParsers/makehtml/tables.js that fails to properly escape table header ID attributes. Attackers can inject arbitrary HTML and script-executing SVG elements through double-quote characters in markdo...

6.1CVSS5.9AI score0.00198EPSS
Exploits0References5
Cvelist
Cvelist
added 6 days ago24 views

CVE-2026-36163

An HTML injection vulnerability in the file view endpoint of LiquidFiles v4.2.7 allows authenticated attackers to execute arbitrary JavaScript in the context of the victim's browser via the uploading of and user interaction with a crafted HTML file...

0.00141EPSS
Exploits0References2
NOZOMI
NOZOMI
added 6 days ago5 views

HTML injection in Diagram tab and Graph view in Guardian/CMC before 26.2.0

Summary A Stored HTML Injection vulnerability was discovered in the Diagram tab and Graph view due to a shared input validation function being insufficiently restrictive. Impact An authenticated user with administrative privileges can inject malicious HTML tags into N2OS configuration data throug...

5.9CVSS5.9AI score0.00142EPSS
Exploits0Affected Software2
Rows per page
Query Builder