Lucene search
K

5968 matches found

RedhatCVE
RedhatCVE
added 2025/12/17 8:7 a.m.4 views

CVE-2025-14284

A flaw was found in @tiptap/extension-link. This vulnerability allows an attacker to execute arbitrary JavaScript JS code via unsanitized user input when setting or toggling links, by injecting a javascript: Uniform Resource Locator URL payload. Mitigation Mitigation for this issue is either not...

6.1CVSS6.8AI score0.00302EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2025/12/17 12:0 a.m.6 views

PT-2025-51981

Name of the Vulnerable Software and Affected Versions affected versions not specified Description A flaw exists in the file upload process within the bookmark and asset rendering pipeline. An attacker can upload a malicious SVG file containing JavaScript code. When an authenticated administrator...

8.2CVSS6.3AI score0.00256EPSS
Exploits0References5
Snyk
Snyk
added 2025/12/15 9:44 p.m.3 views

Cross-site Scripting (XSS)

Overview org.lucee:core is a coer build of Lucee Affected versions of this package are vulnerable to Cross-site Scripting XSS via the admin interface parameters. An attacker can execute arbitrary JavaScript in a victim's browser session by injecting malicious scripts through crafted requests to...

4.8CVSS5.4AI score0.00311EPSS
Exploits0References2
OSV
OSV
added 2025/12/15 2:15 p.m.6 views

CVE-2025-65778

An issue was discovered in Wekan The Open Source kanban board system up to version 18.15, fixed in 18.16. Uploaded attachments can be served with attacker-controlled Content-Type text/html, allowing execution of attacker-supplied HTML/JS in the application's origin and enabling session/token thef...

8.1CVSS7AI score
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/12/15 12:0 a.m.2 views

CVE-2025-65778

An issue was discovered in Wekan The Open Source kanban board system up to version 18.15, fixed in 18.16. Uploaded attachments can be served with attacker-controlled Content-Type text/html, allowing execution of attacker-supplied HTML/JS in the application's origin and enabling session/token thef...

6.7AI score0.00317EPSS
Exploits0References4
CNVD
CNVD
added 2025/12/15 12:0 a.m.3 views

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2026-0494065)

Adobe Experience Manager is enterprise-grade content management software CMS from Adobe for building, managing, and deploying digital experiences such as websites, mobile apps, digital assets, and forms. Adobe Experience Manager suffers from a cross-site scripting vulnerability that stems from a...

9.3CVSS5.8AI score0.00698EPSS
Exploits0References1
CNVD
CNVD
added 2025/12/15 12:0 a.m.2 views

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2026-00679)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

5.4CVSS6AI score0.00205EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/15 12:0 a.m.27 views

CVE-2025-65778

An issue was discovered in Wekan The Open Source kanban board system up to version 18.15, fixed in 18.16. Uploaded attachments can be served with attacker-controlled Content-Type text/html, allowing execution of attacker-supplied HTML/JS in the application's origin and enabling session/token thef...

0.00317EPSS
Exploits0References4
CVE
CVE
added 2025/12/15 12:0 a.m.13 views

CVE-2025-65778

CVE-2025-65778 affects Wekan (The Open Source Kanban Board) up to version 18.15; fixed in 18.16. Vulnerability arises when uploaded attachments are served with attacker-controlled Content-Type (text/html), permitting execution of attacker-supplied HTML/JS within the application's origin and enabl...

8.1CVSS6.7AI score0.00317EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/13 8:41 p.m.8 views

CVE-2025-67750

Lightning Flow Scanner provides a A CLI plugin, VS Code Extension and GitHub Action for analysis and optimization of Salesforce Flows. Versions 6.10.5 and below allow a maliciously crafted flow metadata file to cause arbitrary JavaScript execution during scanning. The APIVersion rule uses new...

8.4CVSS7.1AI score0.00166EPSS
Exploits0References1
Veracode
Veracode
added 2025/12/13 7:54 a.m.10 views

Cross-site Scripting (XSS)

prosemirrortohtml is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper escaping of HTML attribute values, which allows an attacker to inject and execute arbitrary JavaScript code through crafted input...

7.6CVSS6.1AI score0.00192EPSS
Exploits0References4Affected Software1
Veracode
Veracode
added 2025/12/13 7:39 a.m.9 views

Code Injection

Open WebUI is vulnerable to a code injection vulnerability. The vulnerability is due to improper handling of Server-Sent Event SSE execute events in the Direct Connections feature, which allows an attacker controlling a malicious external model server to inject and execute arbitrary JavaScript in...

8CVSS6.3AI score0.07767EPSS
Exploits1References3Affected Software2
Veracode
Veracode
added 2025/12/13 6:46 a.m.8 views

Self Cross-Site Scripting (Self-XSS)

privatebin/privatebin is vulnerable to self cross-site scripting Self-XSS. The vulnerability is due to improper handling and reflection of HTML content in filenames via the drag-and-drop helper, which allows an attacker to trick a macOS or Linux user into attaching a maliciously crafted file and...

5.4CVSS5.8AI score0.00107EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/13 12:0 a.m.8 views

PT-2025-51099

ShineLan-X contains a stored cross site scripting XSS vulnerability in the Plant Name field. A HTML payload will be displayed on the plant management page via a direct post. This may allow attackers to force a legitimate user’s browser’s JavaScript engine to run malicious code...

8.5CVSS5.6AI score0.00136EPSS
Exploits0References1
NVD
NVD
added 2025/12/12 9:15 p.m.3 views

CVE-2025-67750

Lightning Flow Scanner provides a A CLI plugin, VS Code Extension and GitHub Action for analysis and optimization of Salesforce Flows. Versions 6.10.5 and below allow a maliciously crafted flow metadata file to cause arbitrary JavaScript execution during scanning. The APIVersion rule uses new...

8.4CVSS0.00166EPSS
Exploits0References3
OSV
OSV
added 2025/12/12 9:15 p.m.4 views

CVE-2025-67634

The CISA Software Acquisition Guide Supplier Response Web Tool before 2025-12-11 was vulnerable to cross-site scripting via text fields. If an attacker could convince a user to import a specially-crafted JSON file, the Tool would load JavaScript from the file into the page. The JavaScript would...

6.1CVSS5.6AI score0.00159EPSS
Exploits0References3
CVE
CVE
added 2025/12/12 8:36 p.m.10 views

CVE-2025-67634

CVE-2025-67634 concerns the CISA Software Acquisition Guide Supplier Response Web Tool prior to 2025-12-11, which is affected by cross-site scripting via text fields when a user imports a crafted JSON file. The JavaScript could load into the page and execute in the user’s browser upon submission ...

6.1CVSS5.8AI score0.00159EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/12 8:36 p.m.5 views

CVE-2025-67634 Software Acquisition Guide Supplier Response Web Tool XSS

The CISA Software Acquisition Guide Supplier Response Web Tool before 2025-12-11 was vulnerable to cross-site scripting via text fields. If an attacker could convince a user to import a specially-crafted JSON file, the Tool would load JavaScript from the file into the page. The JavaScript would...

4.6CVSS5.8AI score0.00159EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/12/12 8:14 p.m.18 views

CVE-2025-67750 Lightning Flow Scanner is Vulnerable to Code Injection via Unsafe Use of new Function() in APIVersion Rule

Lightning Flow Scanner provides a A CLI plugin, VS Code Extension and GitHub Action for analysis and optimization of Salesforce Flows. Versions 6.10.5 and below allow a maliciously crafted flow metadata file to cause arbitrary JavaScript execution during scanning. The APIVersion rule uses new...

8.4CVSS0.00166EPSS
Exploits0References3
OSV
OSV
added 2025/12/12 8:14 p.m.5 views

CVE-2025-67750 Lightning Flow Scanner is Vulnerable to Code Injection via Unsafe Use of new Function() in APIVersion Rule

Lightning Flow Scanner provides a A CLI plugin, VS Code Extension and GitHub Action for analysis and optimization of Salesforce Flows. Versions 6.10.5 and below allow a maliciously crafted flow metadata file to cause arbitrary JavaScript execution during scanning. The APIVersion rule uses new...

8.4CVSS7AI score0.00166EPSS
Exploits0References5
Rows per page
Query Builder