Lucene search
+L

5171 matches found

EUVD
EUVD
added yesterday4 views

EUVD-2026-45031

remorses/genql before version 6.3.4 allows an authenticated attacker with control of the GraphQL schema that is passed to genql to inject arbitrary JavaScript or TypeScript. The malicious code is injected into the generated schema.ts file and executes when the genql client is bundled and imported...

7.1CVSS6.2AI score
Exploits0References4
Nuclei
Nuclei
added yesterday138 views

Limit Login Attempts - Stored Cross-Site Scripting

Limit Login Attempts WordPress plugin 4.0.72 contains a stored cross-site scripting caused by unsanitized and unescaped settings, letting malicious administrators inject Javascript code, exploit requires administrator privileges. id: CVE-2022-1029 info: name: Limit Login Attempts - Stored...

4.8CVSS6AI score0.00848EPSS
Exploits2References1
Nuclei
Nuclei
added yesterday70 views

XWiki >= 3.4-milestone-1 - Cross-Site Scripting

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page XSS. It's possible to exploit the deletespace template to perform a XSS, e.g. by using URL such as:...

9.6CVSS6.4AI score0.02182EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday21 views

KodExplorer - Cross-Site Scripting

KodExplorer is susceptible to a reflected cross-site scripting XSS vulnerability in the file view functionality.The vulnerability exists in app/template/api/view.html where user-supplied input in the 'path' parameter is directly echoed without proper sanitization.This allows attackers to inject...

6.1CVSS6.4AI score0.00705EPSS
Exploits0References2
NVD
NVD
added yesterday6 views

CVE-2026-12869

The Header Footer Builder for Elementor WordPress plugin before 1.2.1 does not require an administrative capability for its dashboard template-import action it allows any editposts user, so a Contributor can import a template containing an Elementor HTML widget configured to display site-wide,...

6.1CVSS0.00152EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added yesterday4 views

CVE-2026-12869

The Header Footer Builder for Elementor WordPress plugin before 1.2.1 does not require an administrative capability for its dashboard template-import action it allows any editposts user, so a Contributor can import a template containing an Elementor HTML widget configured to display site-wide,...

6.1CVSS6.1AI score0.00152EPSS
Exploits0References1
EUVD
EUVD
added yesterday6 views

EUVD-2026-44878

The Header Footer Builder for Elementor WordPress plugin before 1.2.1 does not require an administrative capability for its dashboard template-import action it allows any editposts user, so a Contributor can import a template containing an Elementor HTML widget configured to display site-wide,...

6.1CVSS6.1AI score0.00152EPSS
Exploits0References1
NVD
NVD
added 3 days ago6 views

CVE-2026-44752

SAP NetWeaver Application Server Java allows an unauthenticated attacker to inject malicious JavaScript through crafted URLs. When a victim accesses such a URL, the script executes in the user's browser, allowing the attacker to access sensitive session information and modify non-sensitive data...

8.2CVSS0.00263EPSS
Exploits0References2
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-43587

SAP NetWeaver Application Server Java allows an unauthenticated attacker to inject malicious JavaScript through crafted URLs. When a victim accesses such a URL, the script executes in the user's browser, allowing the attacker to access sensitive session information and modify non-sensitive data...

8.2CVSS6.1AI score0.00263EPSS
Exploits0References2
CVE
CVE
added 3 days ago20 views

CVE-2026-44752

CVE-2026-44752 affects SAP NetWeaver Application Server Java (often noted with the Configuration Wizard). The vulnerability is a Cross-Site Scripting (XSS) issue where an unauthenticated attacker can inject malicious JavaScript through crafted URLs. When a victim loads such a URL, the script runs...

8.2CVSS6.1AI score0.00263EPSS
Exploits0References2
NVD
NVD
added 4 days ago5 views

CVE-2026-58500

MCP Appium is an MCP server that provides AI assistants with tools to automate mobile app testing on Android and iOS. In versions prior to 1.85.10, the createLocatorGeneratorUI function interpolates attacker-controlled element attributes — text, content-desc, resource-id, and locator selector...

8.2CVSS0.00276EPSS
Exploits0References2
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-43270

Enterprise Cloud Database developed by Ragic has a Stored Cross-Site Scripting vulnerability, allowing unauthenticated remote attackers to inject persistent JavaScript code executed in users' browsers upon page load...

6.1CVSS6.2AI score0.00205EPSS
Exploits0References2
Cvelist
Cvelist
added 4 days ago34 views

CVE-2026-15552 Ragic|Enterprise Cloud Database - Stored Cross-Site Scripting

Enterprise Cloud Database developed by Ragic has a Stored Cross-Site Scripting vulnerability, allowing unauthenticated remote attackers to inject persistent JavaScript code executed in users' browsers upon page load...

6.1CVSS0.00205EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 4 days ago5 views

PT-2026-57883

Name of the Vulnerable Software and Affected Versions MCP Appium versions prior to 1.85.10 Description The createLocatorGeneratorUI function fails to escape HTML or JavaScript context when interpolating element attributes—specifically text, content-desc, resource-id, and locator selector...

8.2CVSS6.2AI score0.00276EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 5 days ago7 views

PT-2026-57559

Name of the Vulnerable Software and Affected Versions luci-app-upnp affected versions not specified Description Stored cross-site scripting occurs when unauthenticated LAN clients inject JavaScript through UPnP IGD AddPortMapping SOAP requests. The issue arises because the NewPortMappingDescripti...

8.8CVSS6.1AI score0.00289EPSS
Exploits0References6
Cvelist
Cvelist
added last week30 views

CVE-2026-41877 Stored XSS in R-SOFT DMS

R-SOFT DMS is vulnerable to Stored XSS in file upload functionality. Authenticated attacker can inject arbitrary HTML and JS into the name of the file being uploaded, which will be executed when visiting file list or upload status by other users. This issue was fixed in version v3.19-2832 and...

5.1CVSS0.0039EPSS
Exploits0References1
NVD
NVD
added 2026/07/09 10:17 p.m.8 views

CVE-2026-55424

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, a topic "featured link" was not sufficiently normalized and escaped before being rendered in the topic list, allowing a user who can set a featured link to inject JavaScript when default Content...

7.4CVSS0.0027EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2026/07/09 10:1 p.m.5 views

CVE-2026-55424

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, a topic "featured link" was not sufficiently normalized and escaped before being rendered in the topic list, allowing a user who can set a featured link to inject JavaScript when default Content...

7.4CVSS6AI score0.0027EPSS
Exploits0References10Affected Software1
NVD
NVD
added 2026/07/09 5:16 p.m.8 views

CVE-2026-13461

When coupled with the SSL bypass vulnerability, JavaScript can be injected into a WebView in the PayRange version 7.0.7 app. The injection of specific JavaScript function calls allows the attacker to escape the WebView sandbox and perform a number of dangerous actions on the user's device...

9.6CVSS0.0034EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/09 5:8 p.m.35 views

CVE-2026-13461 PayRange version 7.0.7 contains a JavaScript injection vulnerability

When coupled with the SSL bypass vulnerability, JavaScript can be injected into a WebView in the PayRange version 7.0.7 app. The injection of specific JavaScript function calls allows the attacker to escape the WebView sandbox and perform a number of dangerous actions on the user's device...

0.0034EPSS
Exploits0References2
Rows per page
Query Builder