Lucene search
K

895 matches found

EUVD
EUVD
added 2026/02/15 1:58 p.m.5 views

EUVD-2019-19421

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by exploiting the passthroughnetworks parameter in vpnipsecsettings.php. Attackers can craft POST requests with JavaScript payloads in the passthroughnetworks parameter to execu...

6.1CVSS5.8AI score0.00319EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/02/11 9:5 a.m.3 views

CVE-2025-13649

An attacker with access to the web application ZeusWeb of the provider Microcom in this case, registration is not necessary, but the action must be performed who has the vulnerable software could introduce arbitrary JavaScript by injecting an XSS payload into the ‘Email’ parameters within the...

5.1CVSS5.7AI score0.00227EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/11 12:0 a.m.10 views

PT-2026-7507

An attacker with access to the web application ZeusWeb of the provider Microcom in this case, registration is required who has the vulnerable software could introduce arbitrary JavaScript by injecting an XSS payload into the ‘Name’ and “Surname” parameters within the ‘My Account’ section at the...

4.8CVSS5.7AI score0.00227EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/02/06 7:7 a.m.14 views

CVE-2026-1953

Nukegraphic CMS v3.1.2 contains a stored cross-site scripting XSS vulnerability in the user profile edit functionality at /ngc-cms/user-edit-profile.php. The application fails to properly sanitize user input in the name field before storing it in the database and rendering it across multiple CMS...

8.2CVSS5.6AI score0.00422EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.5 views

PT-2026-5823

Victor CMS 1.0 contains a stored cross-site scripting vulnerability in the 'comment author' POST parameter that allows attackers to inject malicious scripts. Attackers can submit crafted JavaScript payloads through the comment submission form to execute arbitrary code in victim browsers...

7.2CVSS5.7AI score0.00234EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/01/26 5:42 p.m.2 views

CVE-2020-36954

Xeroneit Library Management System 3.1 contains a stored cross-site scripting vulnerability in the Book Category feature that allows administrators to inject malicious scripts. Attackers can insert a payload in the Category Name field to execute arbitrary JavaScript code when the page is loaded...

6.4CVSS6.1AI score0.0031EPSS
Exploits0References4
CVE
CVE
added 2026/01/24 12:5 a.m.23 views

CVE-2026-24399

ChatterMate (no-code AI chatbot framework) is vulnerable in versions 1.0.8 and earlier due to input-processed HTML/JavaScript payloads. An iframe payload containing a javascript: URI can be processed in the browser context, allowing access to client-side data (localStorage tokens, cookies) and re...

9.3CVSS5.4AI score0.00302EPSS
Exploits1References3Affected Software1
GithubExploit
GithubExploit
added 2026/01/22 3:58 p.m.151 views

FlaskRCE

FlaskRCE PoC --- Technical Write‑Up Repository: https://g...

6AI score
Exploits0
OSV
OSV
added 2026/01/16 7:16 p.m.4 views

CVE-2021-47839

Marky 0.0.1 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts into markdown files. Attackers can upload crafted markdown files with embedded JavaScript payloads that execute when the file is opened, potentially enabling remote code executio...

5.1CVSS6AI score
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/16 2:20 a.m.5 views

CVE-2025-70890

A stored cross-site scripting XSS vulnerability exists in Cyber Cafe Management System v1.0. An authenticated attacker can inject arbitrary JavaScript code into the username parameter via the add-users.php endpoint. The injected payload is stored and executed in the victim s browser when the...

6.1CVSS5.8AI score0.00216EPSS
Exploits2References1
OSV
OSV
added 2026/01/15 9:16 p.m.5 views

CVE-2025-70890

A stored cross-site scripting XSS vulnerability exists in Cyber Cafe Management System v1.0. An authenticated attacker can inject arbitrary JavaScript code into the username parameter via the add-users.php endpoint. The injected payload is stored and executed in the victim s browser when the...

6.1CVSS5.8AI score0.00216EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
added 2026/01/15 12:0 a.m.2 views

CVE-2025-70891

A stored cross-site scripting XSS vulnerability exists in Phpgurukul Cyber Cafe Management System v1.0 within the user management module. The application does not properly sanitize or encode user-supplied input submitted via the uadd parameter in the add-users.php endpoint. An authenticated...

6.1CVSS5.4AI score0.00216EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added 2026/01/15 12:0 a.m.5 views

PT-2026-3114

Name of the Vulnerable Software and Affected Versions Cyber Cafe Management System version 1.0 Description A stored cross-site scripting XSS issue exists. An authenticated attacker can inject arbitrary JavaScript code into the username parameter through the ''/add-users.php'' endpoint. The inject...

6.1CVSS5.9AI score0.00216EPSS
Exploits2References5
RedhatCVE
RedhatCVE
added 2026/01/09 10:49 a.m.10 views

CVE-2022-37028

ISAMS 22.2.3.2 is prone to stored Cross-site Scripting XSS attack on the title field for groups, allowing an attacker to store a JavaScript payload that will be executed when another user uses the application...

5.4CVSS5.8AI score0.00448EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:41 a.m.8 views

CVE-2022-26497

BigBlueButton Greenlight 2.11.1 allows XSS. A threat actor could have a username containing a JavaScript payload. The payload gets executed in the browser of the victim in the "Share room access" dialog if the victim has shared access to the particular room with the attacker previously...

5.4CVSS6.7AI score0.008EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:11 a.m.7 views

CVE-2019-11199

Dolibarr ERP/CRM 9.0.1 was affected by stored XSS within uploaded files. These vulnerabilities allowed the execution of a JavaScript payload each time any regular user or administrative user clicked on the malicious link hosted on the same domain. The vulnerabilities could be exploited by low...

5.4CVSS6AI score0.01041EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:36 a.m.22 views

CVE-2024-34241

A cross-site scripting XSS vulnerability in Rocketsoft Rocket LMS 1.9 allows an administrator to store a JavaScript payload using the admin web interface when creating new courses and new course notifications...

4.8CVSS5.5AI score0.00762EPSS
Exploits4References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:25 a.m.5 views

CVE-2023-4564

This vulnerability could allow an attacker to store a malicious JavaScript payload in the broadcast message parameter within the admin panel...

4.8CVSS6.7AI score0.00401EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:10 a.m.6 views

CVE-2022-35950

OroCommerce is an open-source Business to Business Commerce application. In versions 4.1.0 through 4.1.13, 4.2.0 through 4.2.10, 5.0.0 prior to 5.0.11, and 5.1.0 prior to 5.1.1, the JS payload added to the product name may be executed at the storefront when adding a note to the shopping list line...

6.9CVSS6.6AI score0.00358EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:48 a.m.12 views

CVE-2022-27238

BigBlueButton version 2.4.7 or earlier is vulnerable to stored Cross-Site Scripting XSS in the private chat functionality. A threat actor could inject JavaScript payload in his/her username. The payload gets executed in the browser of the victim each time the attacker sends a private message to t...

5.4CVSS5.5AI score0.00418EPSS
Exploits0References1
Rows per page
Query Builder