Lucene search
K

212 matches found

OSV
OSV
added 2025/03/10 7:28 p.m.16 views

GHSA-6HRW-X7PR-4MP8 LF Edge eKuiper allows Stored XSS in Rules Functionality

Summary Stored Cross-Site Scripting XSS vulnerability allows attackers to inject malicious scripts into web applications, which can then be executed in the context of other users' browsers. This can lead to unauthorized access to sensitive information, session hijacking, and spreading of malware,...

5.4CVSS4.9AI score0.00313EPSS
Exploits0References11
CNVD
CNVD
added 2025/03/10 12:0 a.m.8 views

Cisco TelePresence Management Suite Cross-Site Scripting Vulnerability

Cisco TelePresence Management Suite is a video server management program developed by Cisco. Cisco TelePresence Management Suite suffers from a cross-site scripting vulnerability that can be exploited by an attacker to inject malicious script or HTML code, which can be used to obtain sensitive...

5.4CVSS5.8AI score0.0024EPSS
Exploits0References1
CNVD
CNVD
added 2025/02/17 12:0 a.m.11 views

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2025-04682)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

5.4CVSS6.7AI score0.00384EPSS
Exploits0References1
OSV
OSV
added 2025/02/12 4:15 a.m.3 views

CVE-2024-13749

The StaffList plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.3. This is due to missing or incorrect nonce validation on the 'stafflist' page. This makes it possible for unauthenticated attackers to update settings and inject malicious we...

6.1CVSS7.2AI score
Exploits0References2
OSV
OSV
added 2025/02/11 6:31 p.m.5 views

GHSA-XWGX-8V72-4J5J Magento Stored Cross-Site Scripting (XSS) Vulnerability

Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed...

8.7CVSS5.2AI score0.00656EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/02/11 5:37 p.m.10 views

CVE-2025-24413 Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed...

8.7CVSS5.2AI score0.00656EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 5:28 a.m.18 views

CVE-2024-1097

A stored cross-site scripting XSS vulnerability exists in craigk5n/webcalendar version 1.3.0. The vulnerability occurs in the 'Report Name' input field while creating a new report. An attacker can inject malicious scripts, which are then executed in the context of other users who view the report,...

7.6CVSS5.2AI score0.00318EPSS
Exploits2References1
Veracode
Veracode
added 2025/01/24 4:9 a.m.7 views

Stored Cross-site Scripting (XSS)

librenms/librenms is vulnerable to stored cross-site scripting XSS. The vulnerability is due to improper input sanitization of the state parameter in ajaxform.php, which allows an attacker to inject malicious scripts that execute when a user views or interacts with the affected page...

5.4CVSS5.9AI score0.30854EPSS
Exploits1References5Affected Software1
Veracode
Veracode
added 2025/01/17 2:46 a.m.7 views

Cross-Site Scripting (XSS)

microweber/microweber is vulnerable to Cross Site Scripting. The vulnerability is due to insufficient input sanitization in the First Name and Last Name parameters, allows untrusted data to be executed as code, enabling the attacker to inject malicious scripts into the application...

4.7CVSS6.5AI score0.0109EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2025/01/15 11:5 a.m.15 views

CVE-2025-0193 Stored Cross-site Scripting (XSS) Vulnerability in the MGate 5121/5122/5123 Series

A stored Cross-site Scripting XSS vulnerability exists in the MGate 5121/5122/5123 Series firmware version v1.0 because of insufficient sanitization and encoding of user input in the "Login Message" functionality. An authenticated attacker with administrative access can exploit this vulnerability...

5.2CVSS0.00287EPSS
Exploits0References1
NVD
NVD
added 2025/01/13 9:15 p.m.28 views

CVE-2025-22616

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting XSS vulnerability was identified in the dependenteparentescoadicionar.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicio...

6.4CVSS0.00273EPSS
Exploits1References2
OSV
OSV
added 2025/01/13 8:54 p.m.17 views

CVE-2025-22616 WeGIA Cross-Site Scripting (XSS) Stored endpoint 'dependente_parentesco_adicionar.php' parameter 'descricao'

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting XSS vulnerability was identified in the dependenteparentescoadicionar.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicio...

6.4CVSS5.3AI score0.00273EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/01/13 8:50 p.m.41 views

CVE-2025-22618 WeGIA Cross-Site Scripting (XSS) Stored endpoint 'adicionar_cargo.php' parameter 'cargo'

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting XSS vulnerability was identified in the adicionarcargo.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into...

6.4CVSS0.00319EPSS
Exploits1References2
CVE
CVE
added 2025/01/09 12:0 a.m.54 views

CVE-2024-56377

CVE-2024-56377 describes a stored cross-site scripting (XSS) vulnerability in REDCap 14.9.6 related to survey titles and survey instructions. The issue allows authenticated users to inject malicious scripts into the Survey Title field, and the payload can execute when a user interacts with the su...

5.4CVSS5.7AI score0.00386EPSS
Exploits1References2Affected Software1
Veracode
Veracode
added 2025/01/08 8:36 a.m.12 views

Cross-Site Scripting (XSS)

tecnickcom/tcpdf is vulnerable to Cross-site Scripting XSS. The vulnerability is due to the Error function lacking an htmlspecialchars call for the error message, which allows an attacker to inject malicious scripts into the error message...

7.5CVSS6.6AI score0.00717EPSS
Exploits1References7Affected Software1
Cvelist
Cvelist
added 2025/01/07 4:21 a.m.14 views

CVE-2024-12049 Woo Ukrposhta <= 1.17.11 - Reflected Cross-Site Scripting via order, post, and idd Parameters

The Woo Ukrposhta plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'order', 'post', and 'idd' parameters in all versions up to, and including, 1.17.11 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

6.1CVSS0.00436EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/12/20 12:0 a.m.6 views

MONITORAPP Application Insight Web Application Firewall 安全漏洞

MONITORAPP Application Insight Web Application Firewall MONITORAPP AIWAF is a WEB FIREWALL from MONITORAPP USA. A security vulnerability exists in MONITORAPP Application Insight Web Application Firewall. An attacker can exploit this vulnerability to inject malicious scripts...

6.1CVSS6.7AI score0.00228EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/12/17 12:0 a.m.2 views

WordPress plugin Stop Registration Spam 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...

6.1CVSS8.2AI score0.00223EPSS
Exploits0References3
CNVD
CNVD
added 2024/12/13 12:0 a.m.10 views

Adobe Connect Cross-Site Scripting Vulnerability (CNVD-2025-02097)

Adobe Connect is a software for creating meeting environments from the American company Audobee Adobe. A security vulnerability exists in Adobe Connect version 12.6 and earlier and version 11.4.7 and earlier, which can be exploited by an attacker to inject malicious script into vulnerable form...

9.3CVSS6.7AI score0.00813EPSS
Exploits0References1
CNVD
CNVD
added 2024/12/13 12:0 a.m.3 views

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2025-11390)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

5.4CVSS5.5AI score0.00683EPSS
Exploits0References1
Rows per page
Query Builder