Lucene search
K

212 matches found

Positive Technologies
Positive Technologies
added 2025/05/15 12:0 a.m.5 views

PT-2025-21283 · Unknown · Phpgurukul Vehicle Record Management System

Name of the Vulnerable Software and Affected Versions: Phpgurukul Vehicle Record Management System version 1.0 Description: The issue concerns a Cross Site Scripting XSS vulnerability. It affects the /edit-brand.php endpoint, specifically when the bid parameter, represented as brandId, is used...

6.1CVSS5.7AI score0.00241EPSS
Exploits1References4
CVE
CVE
added 2025/05/13 8:32 p.m.43 views

CVE-2025-30315

Summary: Adobe Connect versions ≤ 12.8 are vulnerable to a stored XSS in vulnerable form fields, allowing injected JavaScript to run in a victim’s browser when visiting the affected page. Impact (as stated): stored XSS with potential for script execution in the user context. Affected components: ...

6.1CVSS5.8AI score0.00235EPSS
Exploits0References1Affected Software1
Snyk
Snyk
added 2025/05/07 9:31 p.m.3 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the collection, Wishlist, and album components. An attacker can escalate privileges by injecting malicious scripts. Details Cross-site scripting or XSS is a code vulnerability that occurs when an attacker...

6.1CVSS5.5AI score0.0024EPSS
Exploits1References2
Veracode
Veracode
added 2025/05/07 5:20 a.m.9 views

Cross-Site Scripting (XSS)

yeswiki/yeswiki is vulnerable to Reflected Cross-Site Scripting Reflected XSS. The vulnerability is due to insufficient sanitization of user-supplied input in URLs, which allows attackers to inject malicious scripts that are reflected in the server’s response...

4.8CVSS6.1AI score0.00241EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2025/04/25 12:0 a.m.4 views

PT-2025-17888 · WordPress · Add Google +1 (Plus One) Social Share Button

Name of the Vulnerable Software and Affected Versions: Add Google +1 Plus one social share Button plugin for WordPress version 1.0.0 and earlier Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the google-plus-one-share-button page...

6.1CVSS6.7AI score0.00261EPSS
Exploits0References9
WPVulnDB
WPVulnDB
added 2025/04/24 12:0 a.m.10 views

1 Decembrie 1918 <= 1.dec.2012 - Cross-Site Request Forgery to Stored Cross-Site Scripting

Description The 1 Decembrie 1918 plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.dec.2012. This is due to missing or incorrect nonce validation on the 1-decembrie-1918/1-decembrie-1918.php page. This makes it possible for unauthenticated...

6.1CVSS6.3AI score0.00261EPSS
Exploits0References1
Snyk
Snyk
added 2025/04/10 6:49 p.m.3 views

Cross-site Scripting (XSS)

Overview wikimedia/parsoid is a bidirectional parser between wikitext and HTML5. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper handling of Unicode normalization in the Action API. An attacker can manipulate script processing by injecting malicious...

6.1CVSS5.3AI score0.00334EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/04/01 12:0 a.m.6 views

PT-2025-14406 · Wbw · Product Table By Wbw

Name of the Vulnerable Software and Affected Versions: Product Table by WBW versions 2.1.4 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS. This enables potential attackers to...

7.1CVSS7.5AI score0.00363EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/03/29 12:26 a.m.11 views

CVE-2025-28253

Cross-Site Scripting XSS vulnerability in MainWP MainWP Dashboard v5.3.4 exists in class/class-mainwp-post-handler.php, where unsanitized user input from $POST'sites', $POST'clients', and $POST'search' is passed into the MainWPUser::rendertable function. Despite using sanitizetextfield and...

6.2AI score
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/03/22 1:25 p.m.13 views

CVE-2025-0183

A stored cross-site scripting XSS vulnerability exists in the Latex Proof-Reading Module of binary-husky/gptacademic version 3.9.0. This vulnerability allows an attacker to inject malicious scripts into the debuglog.html file generated by the module. When an admin visits this debug report, the...

5.4CVSS5.6AI score0.00363EPSS
Exploits1References1
OSV
OSV
added 2025/03/20 10:15 a.m.7 views

CVE-2024-10725

A stored cross-site scripting XSS vulnerability exists in phpipam/phpipam version 1.5.2. This vulnerability allows an attacker to inject malicious scripts into the application, which are then executed in the context of other users who view the affected pages. The issue occurs when editing the NAT...

5.4CVSS5.5AI score
Exploits0References2
OSV
OSV
added 2025/03/20 10:15 a.m.10 views

CVE-2024-10721

A stored cross-site scripting XSS vulnerability was discovered in phpipam/phpipam version 1.5.2. This vulnerability allows an attacker to inject malicious scripts into the application, which can be executed in the context of other users who view the affected page. The issue occurs in the circuits...

5.4CVSS5.7AI score
Exploits0References2
OSV
OSV
added 2025/03/20 10:15 a.m.5 views

CVE-2024-10720

A stored cross-site scripting XSS vulnerability exists in phpipam/phpipam version 1.5.2. The vulnerability occurs in the 'Device Management' section under 'Administration' where an attacker can inject malicious scripts into the 'Name' and 'Description' fields when adding a new device type. This c...

6.1CVSS5.5AI score
Exploits0References2
CVE
CVE
added 2025/03/20 10:11 a.m.51 views

CVE-2024-10721

The CVE-2024-10721 entry describes a stored XSS in phpIPAM (version 1.5.2) on the circuits options page, exploitable via crafted input to execute scripts in other users’ contexts. The root cause is insufficient input filtering/escaping on the circuits options page, allowing injection of Web scrip...

5.4CVSS3.8AI score0.00315EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/03/20 10:11 a.m.11 views

CVE-2024-10721 Store XSS in phpipam/phpipam

A stored cross-site scripting XSS vulnerability was discovered in phpipam/phpipam version 1.5.2. This vulnerability allows an attacker to inject malicious scripts into the application, which can be executed in the context of other users who view the affected page. The issue occurs in the circuits...

3.5CVSS3.8AI score0.00315EPSS
Exploits1References2
CVE
CVE
added 2025/03/20 10:10 a.m.49 views

CVE-2024-10722

The CVE-2024-10722 entry concerns phpIPAM (phpipam/phpipam) version 1.5.2, with a stored XSS vulnerability in the Description field of custom fields under IP RELATED MANAGEMENT. The root cause is an input handling issue that allows injection of malicious scripts, leading to potential data theft, ...

5.4CVSS3.6AI score0.00315EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2025/03/20 10:10 a.m.54 views

CVE-2025-0192

CVE-2025-0192 describes a stored XSS in wandb/openui’s edit HTML functionality. The vulnerability allows injection of malicious scripts when modified HTML is shared with another user, potentially exposing prompt history and other sensitive data. Connected sources confirm the issue and its impact ...

5.4CVSS5.2AI score0.00279EPSS
Exploits0References1
NVD
NVD
added 2025/03/14 7:15 p.m.32 views

CVE-2025-29782

WeGIA is Web manager for charitable institutions A Stored Cross-Site Scripting XSS vulnerability was identified in the adicionartipodocsatendido.php endpoint in versions of the WeGIA application prior to 3.2.17. This vulnerability allows attackers to inject malicious scripts into the tipo...

6.4CVSS0.00253EPSS
Exploits1References2
Snyk
Snyk
added 2025/03/12 4:43 p.m.2 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper input sanitization in the rendering of web pages. An attacker can inject malicious scripts by submitting crafted input that is improperly sanitized before being included in the output HTML. Detai...

6.1CVSS5.3AI score0.00512EPSS
Exploits0References2
OSV
OSV
added 2025/03/10 7:28 p.m.16 views

GHSA-6HRW-X7PR-4MP8 LF Edge eKuiper allows Stored XSS in Rules Functionality

Summary Stored Cross-Site Scripting XSS vulnerability allows attackers to inject malicious scripts into web applications, which can then be executed in the context of other users' browsers. This can lead to unauthorized access to sensitive information, session hijacking, and spreading of malware,...

5.4CVSS4.9AI score0.00313EPSS
Exploits0References11
Rows per page
Query Builder