Lucene search
K

18 matches found

EUVD
EUVD
added yesterday4 views

EUVD-2026-42062

Lack of escaping leads to an XSS vulnerability in the generic image output layout...

8.4CVSS5.9AI score
Exploits0References1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2026/05/15 12:0 a.m.3 views

[20260707] - Core - XSS in the generic image output layout

Lack of escaping leads to an XSS vulnerability in the generic image output layout...

8.4CVSS5.9AI score
Exploits0Affected Software1
OSV
OSV
added 2026/03/09 7:48 p.m.8 views

GHSA-R633-FCGP-M532 FileBrowser Quantum: Stored XSS in public share page via unsanitized share metadata (text/template misuse)

Summary Stored XSS is possible via share metadata fields e.g., title, description that are rendered into HTML for /public/share/ without context-aware escaping. The server uses text/template instead of html/template, allowing injected scripts to execute when victims visit the share URL. Details T...

8.9CVSS6AI score0.00347EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-1786

Malicious code in bioql PyPI...

6.1CVSS6.2AI score0.00689EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/05/23 9:49 a.m.6 views

CVE-2024-7687

The AZIndex WordPress plugin through 0.8.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

6.1CVSS5.8AI score0.00172EPSS
Exploits1References1
CVE
CVE
added 2025/02/21 9:12 p.m.87 views

CVE-2025-27109

SolidJS CVE-2025-27109 describes a Cross-Site Scripting (XSS) vulnerability where user input rendered inside illegal inlined JSX fragments could be unescaped. Affected: SolidJS library with problematic JSX fragment handling. Root cause: lack of escaping in JSX fragments that allows user input to ...

7.3CVSS7.1AI score0.00303EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/08/09 10:16 a.m.101 views

CVE-2024-22116 Remote code execution within ping script

An administrator with restricted permissions can exploit the script execution functionality within the Monitoring Hosts section. The lack of default escaping for script parameters enabled this user ability to execute arbitrary code via the Ping script, thereby compromising infrastructure...

9.9CVSS0.01603EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/09/27 12:0 a.m.6 views

Microweber 跨站脚本漏洞

Microweber is an online store management system that provides drag and drop functionality from the Microweber community in the United States. The system includes modules for adding products, images, and more. A cross-site scripting vulnerability exists in Microweber versions prior to 2.0, which...

6.1CVSS6.1AI score0.01061EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2023/06/30 6:31 p.m.24 views

MediaWiki Cross-site Scripting vulnerability

An issue was discovered in SiteLinksView.php in Wikibase in MediaWiki through 1.39.3. There is XSS via a crafted badge title attribute. This is also related to lack of escaping in wbTemplate from resources/wikibase/templates.js for quotes which can be in a title attribute...

6.1CVSS6.2AI score0.00689EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2023/06/30 6:31 p.m.19 views

GHSA-FMRF-P77G-VV5C MediaWiki Cross-site Scripting vulnerability

An issue was discovered in SiteLinksView.php in Wikibase in MediaWiki through 1.39.3. There is XSS via a crafted badge title attribute. This is also related to lack of escaping in wbTemplate from resources/wikibase/templates.js for quotes which can be in a title attribute...

6.1CVSS5.8AI score0.00689EPSS
Exploits1References5
OSV
OSV
added 2023/06/30 5:15 p.m.18 views

CVE-2023-37302

An issue was discovered in SiteLinksView.php in Wikibase in MediaWiki through 1.39.3. There is XSS via a crafted badge title attribute. This is also related to lack of escaping in wbTemplate from resources/wikibase/templates.js for quotes which can be in a title attribute...

6.1CVSS5.8AI score
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/06/30 12:0 a.m.15 views

CVE-2023-37302

An issue was discovered in SiteLinksView.php in Wikibase in MediaWiki through 1.39.3. There is XSS via a crafted badge title attribute. This is also related to lack of escaping in wbTemplate from resources/wikibase/templates.js for quotes which can be in a title attribute...

6AI score0.00689EPSS
Exploits1References3
WPVulnDB
WPVulnDB
added 2022/09/08 12:0 a.m.20 views

Zephyr Project Manager < 3.2.55 - Unauthorised AJAX Calls To Stored XSS

The plugin does not have any authorisation as well as CSRF in all its AJAX actions, allowing unauthenticated users to call them either directly or via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping, it could also allow them to perform Stored Cross-Site Scripting attacks...

5.4CVSS2.1AI score0.00381EPSS
Exploits2Affected Software1
wpexploit
wpexploit
added 2022/08/17 12:0 a.m.498 views

WP STAGING < 2.9.18 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup With the web browser inspector, change the input...

4.8CVSS4.7AI score0.00538EPSS
Exploits2
ATTACKERKB
ATTACKERKB
added 2022/06/20 11:15 a.m.5 views

CVE-2022-1829

The Inline Google Maps WordPress plugin through 5.11 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping...

6.5CVSS6.6AI score0.00513EPSS
Exploits2References2
Cvelist
Cvelist
added 2022/02/21 10:45 a.m.35 views

CVE-2021-25075 Duplicate Page or Post < 1.5.1 - Arbitrary Settings Update to Stored XSS

The Duplicate Page or Post WordPress plugin before 1.5.1 does not have any authorisation and has a flawed CSRF check in the wpdevartduplicatepostparametrssaveindb AJAX action, allowing any authenticated users, such as subscriber to call it and change the plugin's settings, or perform such attack...

4.3AI score0.01582EPSS
Exploits2References1
CNNVD
CNNVD
added 2021/12/20 12:0 a.m.4 views

MartDevelopers iResturant 跨站脚本漏洞

MartDevelopers iResturant is an open source lightweight restaurant Erp from MartDevelopers Kenya, designed to integrate social restaurant operations into a single system. A cross-site scripting vulnerability exists in version 1.0 of MartDevelopers iRestaurant, which stems from a lack of filtering...

10CVSS6.9AI score0.0344EPSS
Exploits0References3
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2018/01/21 12:0 a.m.31 views

[20180101] - Core - XSS vulnerability in module chromes

Lack of escaping in the module chromes leads to XSS vulnerabilities in the module system...

6.1CVSS1.8AI score0.02031EPSS
Exploits0Affected Software1
Rows per page
Query Builder