Lucene search
K

24 matches found

Positive Technologies
Positive Technologies
added 2026/03/02 12:0 a.m.6 views

PT-2026-22615

Name of the Vulnerable Software and Affected Versions Chamilo versions prior to 1.11.30 Description Chamilo, a learning management system, contains an input validation issue when importing user data from CSV files. Insufficient sanitization of the "Last Name", "First Name", and "Username" fields...

8.8CVSS6AI score0.00351EPSS
Exploits1References12
Positive Technologies
Positive Technologies
added 2026/01/09 12:0 a.m.5 views

PT-2026-1723

Name of the Vulnerable Software and Affected Versions Client Testimonial Slider versions up to and including 2.0 Description The Client Testimonial Slider plugin for WordPress is susceptible to Stored Cross-Site Scripting through the aft testimonial meta name custom field within the Client...

6.4CVSS5AI score0.00232EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2025/11/19 7:46 a.m.3 views

CVE-2025-13206 GiveWP - Donation Plugin and Fundraising Platform <= 4.13.0 - Unauthenticated Stored Cross-Site Scripting via 'name'

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘name’ parameter in all versions up to, and including, 4.13.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

7.2CVSS5AI score0.00217EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/11/04 12:53 a.m.5 views

CVE-2025-50363

Phpgurukul Maid Hiring Management System 1.0 is vulnerable to Cross Site Scripting XSS in /maid-hiring.php va the name field...

5.4CVSS6.2AI score0.00229EPSS
Exploits1References1
OSV
OSV
added 2025/11/03 5:15 p.m.7 views

CVE-2025-50363

Phpgurukul Maid Hiring Management System 1.0 is vulnerable to Cross Site Scripting XSS in /maid-hiring.php va the name field...

5.4CVSS5.8AI score0.00229EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2019-17085

Malware in sbrugna...

5.4CVSS5.5AI score0.00667EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/09/30 12:0 a.m.8 views

PT-2025-40044

Cross-site scripting XSS vulnerability in the Calendar widget in Liferay Portal 7.4.3.35 through 7.4.3.110, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.6, 7.4 update 35 through update 92, and 7.3 update 25 through update 36 allows remote attackers to inject arbitrary we...

4.8CVSS6AI score0.00207EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2025/09/27 1:46 a.m.2 views

CVE-2025-8440 Team Members <= 5.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Team Members plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the first and last name fields in all versions up to, and including, 5.3.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...

6.4CVSS4.7AI score0.00222EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 3:53 a.m.8 views

CVE-2023-33795

A stored cross-site scripting XSS vulnerability in the Create Contact Roles /tenancy/contact-roles/ function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field...

5.4CVSS5.5AI score0.00394EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:16 a.m.5 views

CVE-2019-17496

Craft CMS before 3.3.8 has stored XSS via a name field. This field is mishandled during site deletion...

6.1CVSS5.4AI score0.00831EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/07/09 12:0 a.m.5 views

PT-2024-29019 · Netbox · Netbox

Name of the Vulnerable Software and Affected Versions: netbox version 4.0.3 Description: A cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at "/dcim/power-feeds/id/edit/" API endpoint. Recommendations:...

7.1CVSS5.9AI score0.00398EPSS
Exploits1References5
CNNVD
CNNVD
added 2023/12/29 12:0 a.m.3 views

Sesami Cash Point & Transport Optimizer Security Vulnerability

Sesami Cash Point & Transport Optimizer is a solution from Sesami Corporation. A security vulnerability exists in Sesami Cash Point & Transport Optimizer CPTO version 6.3.8.6 that stems from the presence of a CSV injection vulnerability. The vulnerability allows remote attackers to obtain sensiti...

7.5CVSS6.8AI score0.00579EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/12/26 12:0 a.m.3 views

openCRX Security Vulnerabilities

openCRX is an open source Crm software. A security vulnerability exists in openCRX version 5.2.0, which stems from a cross-site scripting XSS vulnerability in the Name field...

5.4CVSS5.8AI score0.00397EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/12/25 12:0 a.m.5 views

SESAMI planfocus CPTO Cross-Site Scripting Vulnerability

SESAMI is an open framework for modern cash optimization. A cross-site scripting vulnerability exists in SESAMI planfocus CPTO version 6.3.8.6, which originates when inserting JavaScript into the Name field on the client side...

4.8CVSS6.1AI score0.0031EPSS
Exploits0References2
OSV
OSV
added 2023/05/24 8:15 p.m.13 views

CVE-2023-33798

A stored cross-site scripting XSS vulnerability in the Create Rack /dcim/rack/ function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field...

5.4CVSS5.7AI score
Exploits0References1
OSV
OSV
added 2022/12/02 8:15 p.m.2 views

CVE-2022-44959

webtareas 2.4p5 was discovered to contain a cross-site scripting XSS vulnerability in the component /meetings/listmeetings.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field...

5.4CVSS5.9AI score0.00415EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/06/16 12:0 a.m.4 views

webTareas 跨站脚本漏洞

webTareas is a web-based open source collaboration tool. The product supports project management, bug tracking, content management and meeting management. A security vulnerability exists in webTareas version 2.2p1, which originated from a cross-site scripting vulnerability found in the Name field...

5.4CVSS5.3AI score0.00446EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2022/05/26 5:15 p.m.2 views

CVE-2022-30494

In oretnom23 Automotive Shop Management System v1.0, the first and last name user fields suffer from a stored XSS Injection Vulnerability allowing remote attackers to gain admin access and view internal IPs...

5.4CVSS6.1AI score0.00596EPSS
Exploits1References2
Huntr
Huntr
added 2022/05/14 12:55 p.m.24 views

Html Injection lead to cross site scripting

Description Hi i Found a way to inject html in user's email. So in this case if a attacker set name of victim as html form it will be rendered by your system and then the render html will be sent to the victim Proof of Concept 1. Goto https://paraio.com/signup/ and in name field add this payload...

4.3CVSS0.00917EPSS
Exploits1
Huntr
Huntr
added 2022/04/30 2:15 p.m.5 views

Stored XSS in "campaigns"

Description The listmonk application is vulnerable to stored XSS in the "Name" input filed for "campaigns" for which when a user tried to delete the "campaigns" XSS gets triggered. Proof of Concept 1.Go to "Campaigns" - "All campaigns" - "New" 2.Put this payload: in the "Name" input field and fil...

0.2AI score
Exploits0
Rows per page
Query Builder