Lucene search
K

16 matches found

EUVD
EUVD
added 2026/06/20 6:27 p.m.8 views

EUVD-2026-38134

AVideo TopMenu plugin through version 26.0 contains a stored cross-site scripting vulnerability in menu item rendering due to missing output encoding of icon classes, URLs, and text labels. Attackers can inject malicious JavaScript through unescaped menu item fields that execute for all site...

6.1CVSS5.7AI score0.00167EPSS
Exploits0References2
NVD
NVD
added 2026/05/26 5:16 p.m.11 views

CVE-2026-30894

Lack of output escaping leads to a XSS vector in the content history component...

6.9CVSS0.00175EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/26 4:43 p.m.10 views

CVE-2026-30895

Lack of output escaping leads to a XSS vector in the readmore links for comcontent...

6.9CVSS5.8AI score0.00175EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.10 views

Joomla! CMS 跨站脚本漏洞

Joomla! CMS is a content management system developed under the open source Joomla! framework. Joomla! CMS has a cross-site scripting vulnerability, which stems from the lack of output escaping. This vulnerability may lead to cross-site scripting attacks within the content history component of the...

6.9CVSS5.6AI score0.00175EPSS
Exploits0References1
OSV
OSV
added 2026/05/07 9:2 p.m.4 views

GHSA-CWFQ-RFCR-8HMP Zebra's Transparent SIGHASH_SINGLE Handling Diverges from zcashd for Corresponding Outputs

Zebra Transparent SIGHASHSINGLE Corresponding-Output Handling Diverges From zcashd Summary For V5+ transparent spends, Zebra and zcashd disagree on the same consensus rule: SIGHASHSINGLE must fail when the input index has no corresponding output. zcashd treats this as consensus-invalid under...

9.2CVSS5.9AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/18 12:0 a.m.5 views

PT-2026-20393

Reflected Cross-Site Scripting XSS vulnerability in the Graylog Web Interface console, version 2.2.3, caused by a lack of proper sanitization and escaping in HTML output. Several endpoints include segments of the URL directly in the response without applying output encoding, allowing an attacker ...

5.3CVSS6.1AI score0.00204EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/06 4:1 p.m.6 views

CVE-2025-63083 Joomla! Core - [20260102] - XSS vector in the pagebreak plugin

Lack of output escaping leads to a XSS vector in the pagebreak plugin...

8.4CVSS5.9AI score0.00175EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/06 12:0 a.m.3 views

PT-2026-1463

Name of the Vulnerable Software and Affected Versions pagebreak plugin affected versions not specified Description A flaw exists due to missing output escaping, resulting in a cross-site scripting XSS vector in the pagebreak plugin. This could allow for the injection of malicious scripts into web...

8.4CVSS5.9AI score0.00175EPSS
Exploits0References4
OSV
OSV
added 2025/11/28 12:15 a.m.3 views

CVE-2025-66359

An issue was discovered in Logpoint before 7.7.0. Insufficient input validation and a lack of output escaping in multiple components leads to a cross-site scripting XSS vulnerability...

6.1CVSS5.6AI score0.0016EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/07 1:46 p.m.5 views

CVE-2025-5770

A reflected cross-site scripting XSS vulnerability exists in the authentication endpoints of multiple WSO2 products due to a lack of output encoding. A malicious actor can inject arbitrary JavaScript payloads into the authentication endpoint, which are reflected back in the response, enabling...

6.1CVSS6AI score0.0018EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/05 7:2 p.m.11 views

EUVD-2025-37921

A reflected cross-site scripting XSS vulnerability exists in the authentication endpoints of multiple WSO2 products due to a lack of output encoding. A malicious actor can inject arbitrary JavaScript payloads into the authentication endpoint, which are reflected back in the response, enabling...

6.1CVSS5.6AI score0.0018EPSS
Exploits0References3
OSV
OSV
added 2024/05/24 3:15 p.m.1 views

DEBIAN-CVE-2021-47522

In the Linux kernel, the following vulnerability has been resolved: HID: bigbenff: prevent null pointer dereference When emulating the device through uhid, there is a chance we don't have output reports and so reportfield is null...

5.5CVSS5.2AI score0.00239EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/11/02 10:6 a.m.20 views

CVE-2021-33611 Reflected cross-site scripting in vaadin-menu-bar webjar resources in Vaadin 14

Missing output sanitization in test sources in org.webjars.bowergithub.vaadin:vaadin-menu-bar versions 1.0.0 through 1.2.0 Vaadin 14.0.0 through 14.4.4 allows remote attackers to execute malicious JavaScript in browser by opening crafted URL...

6.1CVSS6.6AI score0.00955EPSS
Exploits1References2
Cvelist
Cvelist
added 2021/04/23 4:5 p.m.50 views

CVE-2019-25027 Reflected cross-site scripting in default RouteNotFoundError view in Vaadin 10 and 11-13

Missing output sanitization in default RouteNotFoundError view in com.vaadin:flow-server versions 1.0.0 through 1.0.10 Vaadin 10.0.0 through 10.0.13, and 1.1.0 through 1.4.2 Vaadin 11.0.0 through 13.0.5 allows attacker to execute malicious JavaScript via crafted URL...

6.1CVSS6.2AI score0.00668EPSS
Exploits0References2
Cvelist
Cvelist
added 2020/03/16 3:24 p.m.28 views

CVE-2019-19942

Missing output sanitation in Swisscom Centro Grande Centro Grande before 6.16.12, Centro Business 1.0 ADB before 7.10.18, and Centro Business 2.0 before 8.02.04 allows a remote attacker to perform DNS spoofing against the web interface via crafted hostnames in DHCP requests...

7.5AI score0.01629EPSS
Exploits1References2
Atlassian
Atlassian
added 2007/10/12 10:49 p.m.21 views

Security Issue: XSS in wiki exception error page

The confluence wiki does contain a XSS possibility in the exception error page. The user input string is NOT output encoded at following lines: a - - Query String: url=alertdocument.cookie b - javax.servlet.forward.querystring : url=alertdocument.cookie c - atlassian.core.seraph.original.url :...

6AI score
Exploits0
Rows per page
Query Builder