Lucene search
K

90 matches found

NVD
NVD
added last week6 views

CVE-2026-48952

Lack of escaping leads to an XSS vulnerability in the update list view of cominstaller...

8.4CVSS0.00147EPSS
Exploits0References1
EUVD
EUVD
added last week7 views

EUVD-2026-42070

Lack of escaping leads to an XSS vulnerability in the update list view of cominstaller...

8.4CVSS5.9AI score0.00147EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added last week6 views

CVE-2026-48952

Lack of escaping leads to an XSS vulnerability in the update list view of cominstaller...

8.4CVSS5.9AI score0.00147EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added last week37 views

CVE-2026-48952 Joomla! Core - [20260706] - XSS in com_installer

Lack of escaping leads to an XSS vulnerability in the update list view of cominstaller...

8.4CVSS0.00147EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added last week9 views

CVE-2026-48952 Joomla! Core - [20260706] - XSS in com_installer

Lack of escaping leads to an XSS vulnerability in the update list view of cominstaller...

8.4CVSS5.9AI score0.00147EPSS
Exploits0References1
CVE
CVE
added last week10 views

CVE-2026-48952

CVE-2026-48952 affects Joomla core, specifically the com_installer update list view. Root cause is lack of escaping, resulting in an XSS vulnerability. CVSS 4.0 base score 8.4 ( HIGH ) with network attack vector, low attack complexity, high impact to confidentiality and integrity, and low impact ...

8.4CVSS5.9AI score0.00147EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.10 views

PT-2026-56225

Name of the Vulnerable Software and Affected Versions Joomla! Core affected versions not specified Description Lack of escaping in the update list view of the com installer component leads to a Cross-Site Scripting XSS issue. XSS is a flaw that allows an attacker to inject malicious scripts into...

8.4CVSS6AI score0.00147EPSS
Exploits0References5
NVD
NVD
added 2026/06/12 4:16 p.m.20 views

CVE-2026-53568

Frappe is a full-stack web application framework. Prior to versions 15.107.2 and 16.17.4, there is a stored XSS vulnerablity in Frappe Report/List View. This issue has been patched in versions 15.107.2 and 16.17.4...

6.9CVSS0.00258EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 2:45 p.m.10 views

EUVD-2026-36460

Frappe is a full-stack web application framework. Prior to versions 15.107.2 and 16.17.4, there is a stored XSS vulnerablity in Frappe Report/List View. This issue has been patched in versions 15.107.2 and 16.17.4...

6.9CVSS5.1AI score0.00258EPSS
Exploits0References1
CVE
CVE
added 2026/06/12 2:45 p.m.18 views

CVE-2026-53568

Frappe stored XSS CVE-2026-53568 affects the Frappe full-stack web framework. A stored XSS vulnerability exists in the Report/List View via the set_link_title_field_value path, impacting versions prior to 15.107.2 and 16.17.4. The issue has been patched in those versions (15.107.2 and 16.17.4). P...

6.9CVSS5.2AI score0.00258EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.18 views

PT-2026-48917

Frappe is a full-stack web application framework. Prior to versions 15.107.2 and 16.17.4, there is a stored XSS vulnerablity in Frappe Report/List View. This issue has been patched in versions 15.107.2 and 16.17.4...

6.9CVSS5.1AI score0.00258EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.13 views

CVE-2026-47716

Bugsink is a self-hosted error tracking tool. Prior to 2.2.0, In affected versions, the issue list view authorizes access through the project in the URL, but applies the requested bulk action to the submitted issue IDs without also requiring those issues to belong to that project. This...

3.1CVSS5.5AI score0.00147EPSS
Exploits0References1
NVD
NVD
added 2026/05/26 5:16 p.m.23 views

CVE-2026-47716

Bugsink is a self-hosted error tracking tool. Prior to 2.2.0, In affected versions, the issue list view authorizes access through the project in the URL, but applies the requested bulk action to the submitted issue IDs without also requiring those issues to belong to that project. This...

3.1CVSS0.00147EPSS
Exploits0References2
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2026/05/21 12:0 a.m.6 views

[20260706] - Core - XSS in com_installer

Lack of escaping leads to an XSS vulnerability in the update list view of cominstaller...

8.4CVSS5.9AI score0.00147EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/04/15 4:17 a.m.4 views

CVE-2026-2396

The List View Google Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the event description in all versions up to, and including, 7.4.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS0.00221EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/04/15 3:39 a.m.6 views

WordPress List View Google Calendar plugin <= 7.4.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via Event Description vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via Event Description vulnerability discovered by Pattama Tangpoonponwiwat Kwan - - in WordPress Plugin List View Google Calendar versions = 7.4.3...

4.4CVSS5.8AI score0.00221EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/04/15 12:0 a.m.9 views

WordPress plugin List View Google Calendar 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

4.4CVSS5.9AI score0.00221EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/14 11:26 p.m.3 views

CVE-2026-2396

The List View Google Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the event description in all versions up to, and including, 7.4.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS5.9AI score0.00221EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/14 11:26 p.m.23 views

CVE-2026-2396 List View Google Calendar <= 7.4.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via Event Description

The List View Google Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the event description in all versions up to, and including, 7.4.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS0.00221EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/14 11:26 p.m.3 views

CVE-2026-2396 List View Google Calendar <= 7.4.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via Event Description

The List View Google Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the event description in all versions up to, and including, 7.4.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS5.9AI score0.00221EPSS
Exploits0References2
Rows per page
Query Builder