Lucene search
K

98 matches found

CNNVD
CNNVD
added 2026/06/03 12:0 a.m.7 views

Canarytokens 安全漏洞

Canarytokens is a network activity tracking system open-source by Thinkst Applied Research. There is a security vulnerability in Canarytokens, which stems from HTML injection in notification emails. This vulnerability may lead to interface manipulation and cross-site scripting attacks...

2.1CVSS4.9AI score0.00204EPSS
Exploits0References1
CVE
CVE
added 2026/04/16 9:48 a.m.9 views

CVE-2025-6024

CVE-2025-6024 affects multiple WSO2 products, where the authentication endpoint fails to encode user-supplied input before rendering, enabling a Cross-Site Scripting (XSS) vector in the authentication flow. The vulnerability arises from improper input encoding at the end-user page, allowing an at...

6.1CVSS5.7AI score0.0023EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/16 9:48 a.m.3 views

CVE-2025-6024 Cross-Site Scripting via Authentication Endpoint in Multiple WSO2 Products Allows Redirection to Malicious Websites

The authentication endpoint fails to encode user-supplied input before rendering it in the web page, allowing for script injection. An attacker can leverage this by injecting malicious scripts into the authentication endpoint. This can result in the user's browser being redirected to a malicious...

6.1CVSS5.7AI score0.0023EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/16 12:0 a.m.6 views

PT-2026-33305

The authentication endpoint fails to encode user-supplied input before rendering it in the web page, allowing for script injection. An attacker can leverage this by injecting malicious scripts into the authentication endpoint. This can result in the user's browser being redirected to a malicious...

6.1CVSS5.7AI score0.0023EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/06 5:20 p.m.8 views

EUVD-2026-19390

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, Tandoor Recipes allows authenticated users to inject arbitrary tags into recipe step instructions. The bleach.clean sanitizer explicitly whitelists the tag, causing the backend to...

5.4CVSS6.1AI score0.00173EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/18 7:34 a.m.4 views

CVE-2026-22322

A stored cross‑site scripting XSS vulnerability in the Link Aggregation configuration interface allows an unauthenticated remote attacker to create a trunk entry containing malicious HTML/JavaScript code. When the affected page is viewed, the injected script executes in the context of the victim’...

7.1CVSS5.8AI score0.00253EPSS
Exploits0References2
CVE
CVE
added 2026/03/18 7:34 a.m.17 views

CVE-2026-22322

CVE-2026-22322 describes a stored XSS in the Link Aggregation configuration interface. An unauthenticated attacker can create a trunk entry containing malicious HTML/JavaScript; when the affected page is viewed, the script executes in the victim’s browser, enabling unauthorized interface manipula...

7.1CVSS5.8AI score0.00253EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/18 12:0 a.m.4 views

PT-2026-26038

A stored cross‑site scripting XSS vulnerability in the Link Aggregation configuration interface allows an unauthenticated remote attacker to create a trunk entry containing malicious HTML/JavaScript code. When the affected page is viewed, the injected script executes in the context of the victim’...

7.1CVSS5.8AI score0.00253EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/02/11 12:0 a.m.8 views

PT-2026-7638

A stored HTML injection vulnerability in the Recipe Notes rendering component in Mealie 3.3.1 allows remote authenticated users to inject arbitrary HTML, resulting in user interface redressing within the recipe view...

5.8AI score0.0023EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/02/04 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2025-67849

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Moodle. This cross-site scripting XSS vulnerability, caused by improper sanitization of AI prompt responses, allows attackers to inject...

7.3CVSS5.2AI score0.00232EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/02/03 12:30 p.m.10 views

Moodle Cross-site Scripting (XSS) vulnerability

A flaw was found in Moodle. This Cross-site Scripting XSS vulnerability, caused by improper sanitization of AI prompt responses, allows attackers to inject malicious HTML or script into web pages. When other users view these compromised pages, their sessions could be stolen, or the user interface...

7.3CVSS5.4AI score0.00232EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2026/02/03 11:15 a.m.10 views

CVE-2025-67849

A flaw was found in Moodle. This cross-site scripting XSS vulnerability, caused by improper sanitization of AI prompt responses, allows attackers to inject malicious HTML or script into web pages. When other users view these compromised pages, their sessions could be stolen, or the user interface...

7.3CVSS0.00232EPSS
Exploits0References2
OSV
OSV
added 2026/02/03 10:52 a.m.7 views

CVE-2025-67849 Moodle: moodle: cross-site scripting (xss) via improper sanitization of ai prompt responses

A flaw was found in Moodle. This cross-site scripting XSS vulnerability, caused by improper sanitization of AI prompt responses, allows attackers to inject malicious HTML or script into web pages. When other users view these compromised pages, their sessions could be stolen, or the user interface...

7.3CVSS5.8AI score0.00232EPSS
Exploits0References5
EUVD
EUVD
added 2026/02/03 10:52 a.m.8 views

EUVD-2025-206737

A flaw was found in Moodle. This cross-site scripting XSS vulnerability, caused by improper sanitization of AI prompt responses, allows attackers to inject malicious HTML or script into web pages. When other users view these compromised pages, their sessions could be stolen, or the user interface...

7.3CVSS5AI score0.00232EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/03 10:52 a.m.31 views

CVE-2025-67849 Moodle: moodle: cross-site scripting (xss) via improper sanitization of ai prompt responses

A flaw was found in Moodle. This cross-site scripting XSS vulnerability, caused by improper sanitization of AI prompt responses, allows attackers to inject malicious HTML or script into web pages. When other users view these compromised pages, their sessions could be stolen, or the user interface...

7.3CVSS0.00232EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/03 12:0 a.m.9 views

Moodle 安全漏洞

Moodle is an open-source e-learning software platform developed by Moodle Foundation. It is also known as a course management system, learning management system, or virtual learning environment. Moodle has security vulnerabilities, which stem from improper handling of AI responses. These...

7.3CVSS5.5AI score0.00232EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-6806

Malicious code in bioql PyPI...

9CVSS6.6AI score0.00162EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-46855

Malicious code in bioql PyPI...

6.9CVSS6.6AI score0.00376EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.13 views

EUVD-2025-22741

Malicious code in bioql PyPI...

8.1CVSS6.4AI score0.00335EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-22740

Malicious code in bioql PyPI...

8.1CVSS6.4AI score0.00342EPSS
Exploits0References1
Rows per page
Query Builder