Lucene search
K

52 matches found

Positive Technologies
Positive Technologies
added 2025/12/03 12:0 a.m.6 views

PT-2025-48961

Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 10.0.2 Splunk Enterprise versions 9.2.10 through 9.4.6 Splunk Enterprise versions 9.3.8 Splunk Secure Gateway app versions below 3.7.28 Splunk Secure Gateway app versions 3.8.58 and below Splunk Secure Gatew...

6.5CVSS6.2AI score0.00371EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2025/12/03 12:0 a.m.5 views

Splunk Enterprise 9.2 < 9.2.10, 9.3 < 9.3.8, 9.4 < 9.4.6, 10.0 < 10.0.2 (SVD-2025-1208)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2025-1208 advisory. - In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and versions below 3.9.10, 3.8.58 and 3.7.28 of the...

6.5CVSS6AI score0.00371EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2021-11252

Malware in sbrugna...

5.4CVSS5.5AI score0.0076EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-11251

Malware in sbrugna...

5.4CVSS5.5AI score0.00792EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/05/23 7:21 a.m.6 views

CVE-2024-44771

BigId PrivacyPortal v179 is vulnerable to Cross Site Scripting XSS via the "Label" field in the Report template function...

6.1CVSS6AI score0.00239EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:5 a.m.8 views

CVE-2023-47095

A Stored Cross-Site Scripting XSS vulnerability in the Custom fields of Edit Virtual Server under System Customization in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the Batch Label field while details of Virtual Server...

5.4CVSS5.5AI score0.00441EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:34 p.m.13 views

CVE-2021-24339

The Pods – Custom Content Types and Fields WordPress plugin before 2.7.27 was vulnerable to an Authenticated Stored Cross-Site Scripting XSS security vulnerability within the 'Menu Label' field parameter...

5.4CVSS5.7AI score0.0076EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:16 a.m.3 views

CVE-2014-3841

Cross-site scripting XSS vulnerability in the Contact Bank plugin before 2.0.20 for WordPress allows remote attackers to inject arbitrary web script or HTML via the Label field, related to form layout configuration. NOTE: some of these details are obtained from third party information...

4.3CVSS6AI score0.01948EPSS
Exploits0References1
Snyk
Snyk
added 2025/04/11 2:41 p.m.5 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the field label or handle during the import process from JSON. An attacker can execute arbitrary scripts in the context of the interface by inserting malicious content into these fields. Note: This is only...

6.1CVSS5.6AI score0.002EPSS
Exploits0References2
Snyk
Snyk
added 2025/03/26 8:34 p.m.3 views

Improper Encoding or Escaping of Output

Overview django-tomselect is a Django autocomplete widgets and views using Tom Select Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output in form widget input, including the labelfield parameter. An attacker can hide the contents between tags in code from...

3.4CVSS7.1AI score
Exploits0References3
NVD
NVD
added 2025/01/13 7:15 p.m.10 views

CVE-2024-44771

BigId PrivacyPortal v179 is vulnerable to Cross Site Scripting XSS via the "Label" field in the Report template function...

6.1CVSS0.00239EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/01/13 12:0 a.m.4 views

BigId PrivacyPortal 安全漏洞

BigId PrivacyPortal is a data security and privacy tool from BigId, Inc. A security vulnerability exists in BigId PrivacyPortal version v179 that stems from a cross-site scripting XSS attack on the Label field in the Report Template feature...

6.1CVSS5.9AI score0.00239EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/10/05 12:0 a.m.4 views

WordPress plugin Contact Form 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists i...

4.9CVSS6AI score0.00368EPSS
Exploits0References5
OSV
OSV
added 2023/11/06 9:15 p.m.3 views

CVE-2023-5530

The Ninja Forms Contact Form WordPress plugin before 3.6.34 does not sanitize and escape its label fields, which could allow high privilege users such as admin to perform Stored XSS attacks. Only users with the unfilteredhtml capability can perform this, and such users are already allowed to use ...

4.8CVSS5.8AI score0.0062EPSS
Exploits2References2
OSV
OSV
added 2023/11/01 12:15 a.m.7 views

CVE-2023-47095

A Stored Cross-Site Scripting XSS vulnerability in the Custom fields of Edit Virtual Server under System Customization in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the Batch Label field while details of Virtual Server...

5.4CVSS5.9AI score0.00441EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2023/11/01 12:15 a.m.5 views

CVE-2023-47095

A Stored Cross-Site Scripting XSS vulnerability in the Custom fields of Edit Virtual Server under System Customization in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the Batch Label field while details of Virtual Server...

5.4CVSS5.9AI score0.00441EPSS
Exploits1References2
NVD
NVD
added 2023/11/01 12:15 a.m.25 views

CVE-2023-47095

A Stored Cross-Site Scripting XSS vulnerability in the Custom fields of Edit Virtual Server under System Customization in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the Batch Label field while details of Virtual Server...

5.4CVSS5.2AI score0.00441EPSS
Exploits1References1
Prion
Prion
added 2023/11/01 12:15 a.m.19 views

Cross site scripting

A Stored Cross-Site Scripting XSS vulnerability in the Custom fields of Edit Virtual Server under System Customization in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the Batch Label field while details of Virtual Server...

4.9CVSS5.2AI score0.00441EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2023/10/06 12:0 a.m.4 views

PortlandLabs Concrete CMS 跨站脚本漏洞

PortlandLabs Concrete CMS is a team-oriented open source content management system of the United States PortlandLabs company . A cross-site scripting vulnerability exists in the PortlandLabs Concrete CMS Custom Label field. The vulnerability stems from the lack of effective filtering and escaping...

5.4CVSS5.9AI score0.00542EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/12/18 12:0 a.m.5 views

Shoplazza LifeStyle 跨站脚本漏洞

Shoplazza LifeStyle is an e-commerce website by Shoplazza, Inc. A security vulnerability exists in Shoplazza LifeStyle version 1.1, which stems from cross-site scripting due to incorrect manipulation of the parameters Subheading/Heading/Text/Button Text/Label...

5.4CVSS5.3AI score0.00503EPSS
Exploits0References4
Rows per page
Query Builder