Lucene search
+L

276 matches found

CVE
CVE
added 2025/08/28 12:0 a.m.25 views

CVE-2025-51971

CVE-2025-51971 affects PuneethReddyHC Online Shopping System Advanced 1.0. A reflected XSS exists in register.php due to unsanitized input in the f_name parameter being reflected in the response, allowing remote JavaScript injection. Impact is reflected, client-side HTML encoding/output escaping ...

5.4CVSS5.5AI score0.0025EPSS
Exploits1References1Affected Software1
Packet Storm
Packet Storm
added 2025/08/26 12:0 a.m.171 views

📄 Pharmacy Product Management System 1.0 Cross Site Scripting

Pharmacy Product Management System version 1.0 suffers from a persistent cross site scripting vulnerability. Exploit Title: Pharmacy Product Management System - Persistent XSS Date: 25.08.2025 Exploit Author: Ömer Ahmet Yılmaz Vendor Homepage:...

6.6AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/08/21 8:36 p.m.18 views

CVE-2025-9167

A vulnerability has been found in SolidInvoice up to 2.4.0. This vulnerability affects unknown code of the file /invoice/recurring of the component Recurring Invoice Module. The manipulation of the argument client name leads to cross site scripting. The attack may be initiated remotely. The explo...

5.4CVSS6.5AI score0.00264EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/08/19 12:0 a.m.10 views

PT-2025-33865 · Unknown · Solidinvoice

Name of the Vulnerable Software and Affected Versions: SolidInvoice versions prior to 2.4.1 Description: A vulnerability exists in SolidInvoice that allows for cross site scripting. The issue affects unknown code within the /invoice/recurring file of the Recurring Invoice Module. Manipulation of...

5.4CVSS6.7AI score0.00264EPSS
Exploits1References9
Tenable Nessus
Tenable Nessus
added 2025/08/19 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2024-46292

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A buffer overflow in modsecurity v3.0.12 allows attackers to cause a Denial of Service DoS via a crafted input inserted into the name parameter. NOTE: this is...

7.5CVSS6.2AI score0.00818EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/08/18 8:32 p.m.22 views

CVE-2025-9119 Netis WF2419 Wireless Settings index.htm cross site scripting

A vulnerability was determined in Netis WF2419 1.2.29433. This vulnerability affects unknown code of the file /index.htm of the component Wireless Settings Page. This manipulation of the argument SSID with the input causes cross site scripting. Remote exploitation of the attack is possible. The...

4.8CVSS0.00238EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/08/18 8:32 p.m.8 views

CVE-2025-9119 Netis WF2419 Wireless Settings index.htm cross site scripting

A vulnerability was determined in Netis WF2419 1.2.29433. This vulnerability affects unknown code of the file /index.htm of the component Wireless Settings Page. This manipulation of the argument SSID with the input causes cross site scripting. Remote exploitation of the attack is possible. The...

4.8CVSS6.7AI score0.00238EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/08/13 12:0 a.m.4 views

i-Educar 代码注入漏洞

i-Educar is a free educational software from Portábilis Open Source. A code injection vulnerability exists in i-Educar version 2.10 and earlier, which originates from a cross-site scripting attack due to manipulation of the neighborhood name parameter in the file /intranet/educarinstituicaocad.ph...

4.8CVSS4.1AI score0.00318EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/07/31 12:0 a.m.4 views

Q2A Ultimate SEO 跨站脚本漏洞

Q2A Ultimate SEO is a component of the Q2A Projects team that provides search engine optimization functionality for Question2Answer. A cross-site scripting vulnerability exists in Q2A Ultimate SEO that stems from insufficient validation of the name parameter input in /products//edit, which could...

5.1CVSS5.8AI score0.0049EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/07/16 12:0 a.m.4 views

WordPress plugin WP Event Manager 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

7.2CVSS5.8AI score0.00262EPSS
Exploits0References2
Snyk
Snyk
added 2025/06/19 4:19 p.m.5 views

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the listNames function. An attacker can cause significant CPU consumption and degrade server performance by supplying a crafted regular expression and influencing the set of resource names...

6.3CVSS6.8AI score0.0035EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 7:39 a.m.11 views

CVE-2024-31064

Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the First Name input field...

6.1CVSS7.4AI score0.00656EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:5 a.m.7 views

CVE-2023-30558

Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. User input coming from the dbname in the sql/datadictionary.py tablelist endpoint is passed to the methods that follow in...

6.5CVSS8.2AI score0.00835EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:25 p.m.9 views

CVE-2021-25324

MISP 2.4.136 has Stored XSS in the galaxy cluster view via a cluster name to app/View/GalaxyClusters/view.ctp...

6.1CVSS5.8AI score0.00795EPSS
Exploits0References1
OSV
OSV
added 2025/03/21 12:0 a.m.12 views

CVE-2025-30345

An issue was discovered in OpenSlides before 4.2.5. When creating new chats via the chatgroup.create action, the user is able to specify the name of the chat. Some HTML elements such as SCRIPT are filtered, whereas others are not. In most cases, HTML entities are encoded properly, but not when...

3.5CVSS6.8AI score0.0026EPSS
Exploits1References3
OSV
OSV
added 2025/02/18 6:0 p.m.6 views

UBUNTU-CVE-2024-45782

A flaw was found in the HFS filesystem. When reading an HFS volume's name at grubfsmount, the HFS filesystem driver performs a strcpy using the user-provided volume name as input without properly validating the volume name's length. This issue may read to a heap-based out-of-bounds writer,...

7.8CVSS6.2AI score0.002EPSS
Exploits0References2
OSV
OSV
added 2025/02/07 11:15 p.m.12 views

CVE-2025-1114

A vulnerability classified as problematic has been found in newbee-mall 1.0. Affected is the function save of the file /admin/categories/save of the component Add Category Page. The manipulation of the argument categoryName leads to cross site scripting. It is possible to launch the attack...

5.4CVSS3.8AI score0.00325EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/02/05 5:28 a.m.19 views

CVE-2024-1097

A stored cross-site scripting XSS vulnerability exists in craigk5n/webcalendar version 1.3.0. The vulnerability occurs in the 'Report Name' input field while creating a new report. An attacker can inject malicious scripts, which are then executed in the context of other users who view the report,...

7.6CVSS5.2AI score0.00318EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2025/01/23 12:0 a.m.7 views

PT-2025-3428 · Hortusfox · Hortusfox

Name of the Vulnerable Software and Affected Versions: HortusFox version 3.9 Description: The issue is related to a stored XSS vulnerability in the "Add Plant" function. The name input field does not sanitize or escape user inputs, allowing attackers to inject and execute arbitrary JavaScript...

5.4CVSS6.4AI score0.00252EPSS
Exploits1References6
CNVD
CNVD
added 2024/12/30 12:0 a.m.1 views

Chat System update_user.php File Cross-Site Scripting Vulnerability

Chat System is a chat system. Chat System suffers from a cross-site scripting vulnerability that stems from a lack of sufficient validation and escaping of the name parameter input in the file /admin/updateuser.php. The vulnerability can be exploited to conduct a cross-site scripting attack by...

7.6CVSS6.2AI score0.00458EPSS
Exploits0References1
Rows per page
Query Builder