Lucene search
K

98 matches found

Positive Technologies
Positive Technologies
added 2025/06/06 12:0 a.m.7 views

PT-2025-24166 · Unknown · Melipayamak

Name of the Vulnerable Software and Affected Versions: Melipayamak versions through 2.2.12 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Stored XSS attacks. Recommendations: For versions throug...

5.9CVSS5.4AI score0.00212EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2025/05/27 7:1 a.m.8 views

CVE-2024-38866

Improper neutralization of input in Nagvis before version 1.9.47 which can lead to livestatus injection...

7.5CVSS5.2AI score0.00316EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 11:35 a.m.9 views

CVE-2025-22827

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in joomag WP Joomag wp-joomag allows DOM-Based XSS.This issue affects WP Joomag: from n/a through = 2.5.2...

6.5CVSS7.2AI score0.00206EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:10 a.m.6 views

CVE-2024-54348

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in yaycommerce Brand brand allows Stored XSS.This issue affects Brand: from n/a through = 1.1.6...

6.5CVSS7.2AI score0.00217EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:46 p.m.10 views

CVE-2022-3540

An issue has been discovered in hunter2 affecting all versions before 2.1.0. Improper handling of auto-completion input allows an authenticated attacker to extract other users email addresses...

6.5CVSS6.6AI score0.00387EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:22 p.m.5 views

CVE-2021-24554

The Paytm – Donation Plugin WordPress plugin through 1.3.2 does not sanitise, validate or escape the id GET parameter before using it in a SQL statement when deleting donations, leading to an authenticated SQL injection issue...

7.2CVSS7.3AI score0.05691EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:43 p.m.10 views

CVE-2020-5792

Improper neutralization of argument delimiters in a command in Nagios XI 5.7.3 allows a remote, authenticated admin user to write to arbitrary files and ultimately execute code with the privileges of the apache user...

7.2CVSS7.2AI score0.60966EPSS
Exploits4References1
NVD
NVD
added 2025/05/07 3:16 p.m.11 views

CVE-2025-47677

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in gt3themes Photo Gallery gt3-photo-video-gallery allows Stored XSS.This issue affects Photo Gallery: from n/a through = 2.7.7.25...

6.5CVSS0.00169EPSS
Exploits0References1
NVD
NVD
added 2025/05/07 3:16 p.m.16 views

CVE-2025-47495

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Blockspare Blockspare blockspare allows Stored XSS.This issue affects Blockspare: from n/a through = 3.2.9...

6.5CVSS0.00209EPSS
Exploits0References1
Ubuntu
Ubuntu
added 2025/05/06 9:58 a.m.63 views

USN-7486-1: FastCGI vulnerability

It was discovered that FastCGI incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary code...

9.3CVSS8AI score0.00566EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2025/05/02 9:46 p.m.6 views

CVE-2025-21572

OpenGrok 1.13.25 has a reflected Cross-Site Scripting XSS issue when producing the history view page. This happens through improper handling of path segments. The application reflects unsanitized user input into the HTML output...

6.1CVSS6AI score0.00202EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/29 4:34 a.m.10 views

CVE-2025-46338 Audiobookshelf Vulnerable to Cross-Site-Scripting Reflected via POST Request in /api/upload

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to version 2.21.0, an improper input handling vulnerability in the /api/upload endpoint allows an attacker to perform a reflected cross-site scripting XSS attack by submitting malicious payloads in the libraryId field. The...

6.9CVSS5.8AI score0.00292EPSS
Exploits1References2
CVE
CVE
added 2025/04/29 4:34 a.m.70 views

CVE-2025-46338

Audiobookshelf (self-hosted audiobook/podcast server) has a known XSS vulnerability in /api/upload (via the libraryId field) in versions prior to 2.21.0. The issue stems from improper input handling; unsanitized input is reflected in the server error message, enabling arbitrary JavaScript executi...

6.9CVSS5.8AI score0.00292EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2025/04/22 10:15 a.m.2 views

CVE-2025-46238

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in rbaer List Last Changes allows Stored XSS. This issue affects List Last Changes: from n/a through 1.2.1...

5.4CVSS5.8AI score0.00173EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/19 6:0 a.m.17 views

CVE-2024-13926 WP-Syntax <= 1.2 - Author+ Potential ReDoS

The WP-Syntax WordPress plugin through 1.2 does not properly handle input, allowing an attacker to create a post containing a large number of tags, thereby exploiting a catastrophic backtracking issue in the regular expression processing to cause a DoS...

0.0044EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/04/10 12:58 p.m.8 views

CVE-2025-25197 Silverstripe Elemental enables XSS attacks in elemental "Content blocks in use" reports

Silverstripe Elemental extends a page type to swap the content area for a list of manageable elements to compose a page out of rather than a single text field. An elemental block can include an XSS payload, which can be executed when viewing the "Content blocks in use" report. The vulnerability i...

5.4CVSS6AI score0.00265EPSS
Exploits0References3
NVD
NVD
added 2025/04/01 3:16 p.m.3 views

CVE-2025-31738

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in yazamodeveloper LeadQuizzes leadquizzes allows Stored XSS.This issue affects LeadQuizzes: from n/a through = 1.1.0...

6.5CVSS0.00331EPSS
Exploits0References1
CVE
CVE
added 2025/03/26 2:24 p.m.48 views

CVE-2025-23542

CVE-2025-23542 is a reflected XSS in the WordPress plugin RDP Linkedin Login (vendor: WordPress plugin, affected: versions up to 1.7.0). The NVD/Red Hat and CVE enrichment confirm the flaw stems from improper input neutralization during web page generation, enabling reflected XSS. CVSSv3.1 base s...

7.1CVSS7.2AI score0.00277EPSS
Exploits0References1
NVD
NVD
added 2025/02/14 1:15 p.m.5 views

CVE-2025-23647

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ariagle WP-Clap wp-clap allows Reflected XSS.This issue affects WP-Clap: from n/a through = 1.5...

7.1CVSS0.0026EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/02/04 7:21 a.m.20 views

CVE-2025-22205 Extension - admiror-design-studio.com - Path traversal in the Admiror Gallery 4.x component for Joomla

Improper handling of input variables lead to multiple path traversal vulnerabilities in the Admiror Gallery extension for Joomla in version branch 4.x...

0.00493EPSS
Exploits0References1
Rows per page
Query Builder