Lucene search
K

252 matches found

NVD
NVD
added yesterday3 views

CVE-2026-47995

Adobe Commerce is affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerab...

8.1CVSS
Exploits0References1
NVD
NVD
added yesterday5 views

CVE-2026-47994

Adobe Commerce is affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerabl...

8.7CVSS
Exploits0References1
CVE
CVE
added yesterday8 views

CVE-2026-47994

Adobe Commerce is affected by a stored Cross-Site Scripting (XSS) vulnerability (CVE-2026-47994). The issue allows a low-privileged attacker to inject malicious scripts into vulnerable form fields, with malicious JavaScript potentially executing in a victim’s browser when visiting the page contai...

8.7CVSS6.1AI score
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.14 views

PT-2026-55518

Name of the Vulnerable Software and Affected Versions GenerateBlocks versions prior to 2.2.2 Description The GenerateBlocks plugin for WordPress contains a Stored Cross-Site Scripting issue caused by insufficient input sanitization and output escaping. Authenticated attackers with contributor-lev...

6.4CVSS6.1AI score0.00215EPSS
Exploits0References13
AstraLinux
AstraLinux
added 2026/06/23 11:48 a.m.6 views

Astra Linux – Vulnerability in Chromium

Inappropriate implementation in DevTools in Google Chrome prior to 145.0.7632.116 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via DevTools. Chromium security severity: High...

8.8CVSS7.8AI score0.00184EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/09 4:48 p.m.31 views

CVE-2026-47948 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...

5.4CVSS0.00307EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 4:48 p.m.23 views

CVE-2026-47966

Summary of CVE-2026-47966 : Adobe Experience Manager (AEM) versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be exploited by a low-privileged attacker to inject malicious scripts into vulnerable form fields. When victims vis...

5.4CVSS5.5AI score0.00224EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/09 4:48 p.m.36 views

CVE-2026-47973 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...

5.4CVSS0.00224EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 5:16 a.m.14 views

CVE-2026-8910

The WP Emoticon Rating plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web...

6.1CVSS0.0012EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.21 views

PT-2026-47259

Name of the Vulnerable Software and Affected Versions VMware Cloud Foundation Operations affected versions not specified Description Stored cross-site scripting issues exist where a malicious actor with privileges to create policies, views, or text-widgets can inject scripts. This allows the...

8CVSS5.2AI score0.00302EPSS
Exploits0References13
RedhatCVE
RedhatCVE
added 2026/06/05 7:39 p.m.10 views

CVE-2026-7421

The Passeum Ticketing plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.0. This is due to the getshopurl method returning the shopname setting value without sanitization when it begins with "http", combined with insufficient validation in th...

4.4CVSS5.6AI score0.00208EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:32 p.m.11 views

CVE-2026-6256

The Credits Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link' attribute of the 'credits' shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.7AI score0.00187EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/28 8:13 p.m.14 views

CVE-2026-46363

phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in FAQ creation and update endpoints that bypass sanitization through encode-decode cycles. The vulnerability allows authenticated attackers with FAQADD permission to inject malicious script tags via question or answer...

5.4CVSS5.7AI score0.00153EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.10 views

WordPress plugin WPBakery Page Builder Addons by Livemesh 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

6.4CVSS5.8AI score0.00223EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/20 1:25 a.m.15 views

EUVD-2026-31028

The BLOGCHAT Chat System plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.6.3. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious...

6.1CVSS5.7AI score0.00174EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2026/05/20 1:25 a.m.9 views

CVE-2026-8420

The BLOGCHAT Chat System plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.6.3. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious...

6.1CVSS5.7AI score0.00174EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.16 views

PT-2026-42077

Name of the Vulnerable Software and Affected Versions Amazon Scraper versions prior to 1.2 Description The Amazon Scraper plugin for WordPress contains a Cross-Site Request Forgery CSRF flaw. This occurs because of missing or incorrect nonce validation—a security token used to ensure requests are...

4.3CVSS5.7AI score0.00191EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.17 views

PT-2026-42078

Name of the Vulnerable Software and Affected Versions BLOGCHAT Chat System versions prior to 1.3.6.4 Description The BLOGCHAT Chat System plugin for WordPress contains a Cross-Site Request Forgery CSRF flaw. This occurs due to missing or incorrect nonce validation—a security token used to ensure...

6.1CVSS5.7AI score0.00174EPSS
Exploits0References12
EUVD
EUVD
added 2026/05/15 6:36 p.m.10 views

EUVD-2021-34815

Savsoft Quiz 5.0 contains a persistent cross-site scripting vulnerability in the user account settings page that allows authenticated attackers to inject malicious HTML and JavaScript code. Attackers can inject script payloads into user profile fields at the edituser endpoint, which execute in th...

6.4CVSS5.7AI score0.00243EPSS
Exploits0References4
NVD
NVD
added 2026/05/12 10:16 a.m.49 views

CVE-2026-25787

Affected devices do not properly validate and sanitize Technology Object TO name rendered on the "Motion Control Diagnostics" page of the web interface. This could allow an authenticated attacker who is authorized to download a TIA project into the product, to inject malicious scripts into the...

9.3CVSS0.0037EPSS
Exploits0References1
Rows per page
Query Builder