Lucene search
K

125 matches found

RedhatCVE
RedhatCVE
added 2 days ago6 views

CVE-2026-53606

A flaw was found in sanitize-html, an HTML sanitizer library. This vulnerability allows a remote attacker to perform Cross-Site Scripting XSS attacks. The issue occurs because the sanitizer does not properly validate dangerous URI schemes, such as javascript:, when they are used in certain HTML...

5.4CVSS5.8AI score0.00136EPSS
Exploits0References4
NVD
NVD
added 3 days ago8 views

CVE-2026-54889

Improper Neutralization of Input During Web Page Generation XSS vulnerability in leandrocp mdex allows cross-site scripting via unsanitized URL schemes in Quill Delta output. 'Elixir.MDEx':todelta/2 converts Markdown into a Quill Delta. 'Elixir.MDEx.DeltaConverter':defaultconvertnode/3 in...

5.1CVSS0.0031EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added last week5 views

keycloak: Keycloak: Cross-site scripting (XSS) via case-insensitive URI validation bypass

A flaw was found in Keycloak. A remote attacker with administrative privileges, specifically those with manage-client permission or access to client registration endpoints, could bypass client Uniform Resource Identifier URI validation. This is achieved by registering a malicious client with a...

7.3CVSS6.5AI score0.00422EPSS
Exploits0References4
NVD
NVD
added last week8 views

CVE-2026-9086

A flaw was found in Keycloak. A remote attacker with administrative privileges, specifically those with manage-client permission or access to client registration endpoints, could bypass client Uniform Resource Identifier URI validation. This is achieved by registering a malicious client with a...

7.3CVSS0.00422EPSS
Exploits0References7
EUVD
EUVD
added last week5 views

EUVD-2026-39473

A flaw was found in Keycloak. A remote attacker with administrative privileges, specifically those with manage-client permission or access to client registration endpoints, could bypass client Uniform Resource Identifier URI validation. This is achieved by registering a malicious client with a...

7.3CVSS6.5AI score0.00422EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added last week5 views

CVE-2026-9086 Keycloak: keycloak: cross-site scripting (xss) via case-insensitive uri validation bypass

A flaw was found in Keycloak. A remote attacker with administrative privileges, specifically those with manage-client permission or access to client registration endpoints, could bypass client Uniform Resource Identifier URI validation. This is achieved by registering a malicious client with a...

7.3CVSS6.5AI score0.00422EPSS
Exploits0References6
CVE
CVE
added last week15 views

CVE-2026-9086

Keycloak contains a cross-site scripting vulnerability (CVE-2026-9086) where an attacker with manage-client or client-registration access can bypass URI validation by registering a malicious redirect URI using a case-insensitive javascript: or data: scheme. This allows arbitrary code execution in...

7.3CVSS6.5AI score0.00422EPSS
Exploits0References7Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.7 views

PT-2026-52506

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description An issue exists where a remote attacker with administrative privileges, specifically those with manage-client permission or access to client registration endpoints, can bypass client Uniform...

7.3CVSS6.5AI score0.00422EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2026/06/22 11:58 p.m.7 views

Gogs has Stored XSS in `.ipynb` Preview

Summary Although .ipynb previews are sanitized on the server side via /-/api/sanitizeipynb, the inserted content is re-rendered on the client side without sanitization using marked on elements with the .nb-markdown-cell class. During this process, links containing schemes such as javascript: can ...

8.9CVSS5.8AI score0.00429EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.16 views

PT-2026-51122

Name of the Vulnerable Software and Affected Versions Symfony UX Icons affected versions not specified Description The ux icon Twig function is marked as safe for HTML, which prevents Twig from escaping its output. The Icon::toHtml function inlines SVG source code directly into the page. Because...

6.1CVSS5.5AI score
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/06/12 8:43 p.m.10 views

CVE-2026-45011 Apostrophe has stored XSS via javascript: URL in Image Widget Link

ApostropheCMS is an open-source Node.js content management system. Version 4.29.0 has a stored cross-site scripting vulnerability in the image widget functionality. A user with the Editor role can configure an image widget link to use a javascript: URL payload. Because editors have permission to...

7.3CVSS5.2AI score0.00211EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/12 1:44 p.m.8 views

CVE-2026-53722 Nuxt: Reflected XSS in `<NuxtLink>` via unsanitised `javascript:` or `data:` URL

Nuxt is an open-source web development framework for Vue.js. Prior to versions 3.21.7 and 4.4.7, did not validate the URL scheme of values bound to its to or href props before rendering them into the href attribute of the underlying element. When an application binds attacker-controlled input a...

5.1CVSS4.8AI score0.00198EPSS
Exploits0References3
CVE
CVE
added 2026/06/12 1:44 p.m.22 views

CVE-2026-53722

CVE-2026-53722 affects Nuxt.js prior to versions 3.21.7 and 4.4.7, where did not validate URL schemes bound to its to or href before rendering. Attacker-controlled input (query parameters, CMS fields, or user URLs) can be reflected into the href attribute, enabling reflected DOM-based XSS via ja...

5.4CVSS4.8AI score0.00198EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/06/08 1:16 p.m.8 views

UBUNTU-CVE-2026-7186

Stored cross-site scripting in the URL dashboard widget in Checkmk 2.5.0p5, 2.4.0p31, 2.3.0p48, and all 2.2.0 versions allows a user with dashboard editing permissions to store a URL with a dangerous URI scheme such as javascript: that executes scripts in other users' browsers when they view the...

8.5CVSS5.2AI score0.00136EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/08 12:5 p.m.8 views

CVE-2026-7186

Stored cross-site scripting in the URL dashboard widget in Checkmk 2.5.0p5, 2.4.0p31, 2.3.0p48, and all 2.2.0 versions allows a user with dashboard editing permissions to store a URL with a dangerous URI scheme such as javascript: that executes scripts in other users' browsers when they view the...

8.5CVSS5.2AI score0.00136EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/06/08 12:5 p.m.8 views

EUVD-2026-35061

Stored cross-site scripting in the URL dashboard widget in Checkmk 2.5.0p5, 2.4.0p31, 2.3.0p48, and all 2.2.0 versions allows a user with dashboard editing permissions to store a URL with a dangerous URI scheme such as javascript: that executes scripts in other users' browsers when they view the...

8.5CVSS5.2AI score0.00136EPSS
Exploits0References1
CVE
CVE
added 2026/06/08 12:5 p.m.32 views

CVE-2026-7186

CVE-2026-7186 describes a stored cross-site scripting flaw in the Dashboard URL widget of Checkmk for versions &lt;2.5.0p5, &lt;2.4.0p31,

8.5CVSS5.2AI score0.00136EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/08 12:5 p.m.41 views

CVE-2026-7186 Fix stored XSS in URL dashboard widget via dangerous URI schemes

Stored cross-site scripting in the URL dashboard widget in Checkmk 2.5.0p5, 2.4.0p31, 2.3.0p48, and all 2.2.0 versions allows a user with dashboard editing permissions to store a URL with a dangerous URI scheme such as javascript: that executes scripts in other users' browsers when they view the...

8.5CVSS0.00136EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.10 views

PT-2026-47284

Stored cross-site scripting in the URL dashboard widget in Checkmk 2.5.0p5, 2.4.0p31, 2.3.0p48, and all 2.2.0 versions allows a user with dashboard editing permissions to store a URL with a dangerous URI scheme such as javascript: that executes scripts in other users' browsers when they view the...

8.5CVSS5.2AI score0.00136EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.10 views

Checkmk 跨站脚本漏洞

Checkmk is an IT monitoring platform developed by Checkmk Corporation. Versions of Checkmk prior to 2.5.0p5, 2.4.0p31, 2.3.0p48, and all 2.2.0 versions contain a cross-site scripting vulnerability. This vulnerability stems from a storage-based cross-site scripting vulnerability within the URL...

8.5CVSS5.1AI score0.00136EPSS
Exploits0References2
Rows per page
Query Builder