Lucene search
K

47 matches found

EUVD
EUVD
added 2026/06/12 7:6 p.m.11 views

EUVD-2026-35395

TYPO3 CMS has Cross-Site Scripting in Indexed Search...

5.1CVSS5.2AI score0.00269EPSS
Exploits0References6
NVD
NVD
added 2026/06/09 11:16 a.m.11 views

CVE-2026-47348

Editors with access to create or modify page content were able to include HTML markup in page titles that were stored in the search index without sanitization. When displayed in frontend search results via the Indexed Search plugin, these titles were rendered without proper output encoding,...

5.1CVSS0.00269EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.9 views

TYPO3 CMS 跨站脚本漏洞

TYPO3 CMS is a content management system developed under the open source TYPO3 framework. Versions of TYPO3 CMS from 13.0.0 to 13.4.30, and from 14.0.0 to 14.3.2 contain a cross-site scripting vulnerability. This vulnerability arises due to HTML tags in page titles being left uncleaned during...

5.1CVSS4.8AI score0.00269EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/22 12:31 a.m.13 views

EUVD-2026-31358

Concrete CMS 9.5.0 and below is vulnerable to unauthenticated page metadata disclosure across every page with a configured summary template, revealing the existence of private, draft, and restricted pages while leaking title, path, description, and author information. The Concrete CMS security te...

6.3CVSS5.8AI score0.00195EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/04 8:21 p.m.6 views

CVE-2026-5077

The Total theme for WordPress is vulnerable to Stored Cross-Site Scripting via post titles in versions up to, and including, 2.2.1 due to insufficient output escaping when rendering thetitle inside HTML attribute context in the home blog section template. This makes it possible for authenticated...

5.4CVSS6AI score0.00194EPSS
Exploits0References1
NVD
NVD
added 2026/05/02 10:16 a.m.6 views

CVE-2026-5077

The Total theme for WordPress is vulnerable to Stored Cross-Site Scripting via post titles in versions up to, and including, 2.2.1 due to insufficient output escaping when rendering thetitle inside HTML attribute context in the home blog section template. This makes it possible for authenticated...

5.4CVSS0.00194EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/14 9:36 p.m.10 views

EUVD-2026-22750

Docmost is open-source collaborative wiki and documentation software. An authorization bypass vulnerability in versions 0.70.0 through 0.70.2 exposes restricted child page titles and text snippets through the public search endpoint POST /api/search/share-search for publicly shared content. This...

4.3CVSS5.8AI score0.00213EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2026/04/14 9:36 p.m.9 views

CVE-2026-33146

Docmost is open-source collaborative wiki and documentation software. An authorization bypass vulnerability in versions 0.70.0 through 0.70.2 exposes restricted child page titles and text snippets through the public search endpoint POST /api/search/share-search for publicly shared content. This...

4.3CVSS5.8AI score0.00213EPSS
Exploits2References2Affected Software1
CVE
CVE
added 2026/02/19 4:36 a.m.9 views

CVE-2025-13438

The CVE CVE-2025-13438 concerns the WordPress plugin Page Title, Description & Open Graph Updater. Affected versions: all up to and including 1.02. Root cause: missing nonce validation on multiple AJAX actions (e.g., dieno_update_page_title) leading to Cross-Site Request Forgery. Impact as stated...

4.3CVSS5.3AI score0.00173EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/02/11 7:44 p.m.7 views

CVE-2026-24045

Docmost is open-source collaborative wiki and documentation software. From 0.20.0 and before 0.25.0, the public share page functionality in Docmost does not properly HTML-escape page titles before inserting them into meta tags and the title tag. This allows Stored Cross-Site Scripting XSS attacks...

7.3CVSS6AI score0.00224EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/02/10 4:56 p.m.2 views

CVE-2026-24045

Docmost is open-source collaborative wiki and documentation software. From 0.20.0 and before 0.25.0, the public share page functionality in Docmost does not properly HTML-escape page titles before inserting them into meta tags and the title tag. This allows Stored Cross-Site Scripting XSS attacks...

7.3CVSS6AI score0.00224EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/14 12:0 a.m.8 views

PT-2026-2845

The Short Link plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'short link post title' and 'short link page title' parameters in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

4.4CVSS5AI score0.002EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/09 11:48 a.m.6 views

CVE-2009-4526

The Send by e-mail sub-module in the Print aka Printer, e-mail and PDF versions module 5.x before 5.x-4.9 and 6.x before 6.x-1.9, a module for Drupal, does not properly enforce privilege requirements, which allows remote attackers to read page titles by requesting a "Send to friend" form...

5CVSS7AI score0.01489EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/22 7:21 a.m.5 views

CVE-2023-53953

WebsiteBaker 2.13.3 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts when creating web pages. Attackers can craft malicious payloads in page titles that execute arbitrary JavaScript when the page is viewed by other users...

5.4CVSS6.2AI score0.00201EPSS
Exploits1References1
EUVD
EUVD
added 2025/12/19 9:30 p.m.9 views

EUVD-2025-204598

WebsiteBaker 2.13.3 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts when creating web pages. Attackers can craft malicious payloads in page titles that execute arbitrary JavaScript when the page is viewed by other users...

6.4CVSS5.8AI score0.00201EPSS
Exploits1References4
OSV
OSV
added 2025/12/19 9:15 p.m.3 views

CVE-2023-53953

WebsiteBaker 2.13.3 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts when creating web pages. Attackers can craft malicious payloads in page titles that execute arbitrary JavaScript when the page is viewed by other users...

5.4CVSS5.8AI score0.00201EPSS
Exploits1References3
NVD
NVD
added 2025/12/19 9:15 p.m.3 views

CVE-2023-53953

WebsiteBaker 2.13.3 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts when creating web pages. Attackers can craft malicious payloads in page titles that execute arbitrary JavaScript when the page is viewed by other users...

5.4CVSS0.00201EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/12/19 9:7 p.m.27 views

CVE-2023-53953 WebsiteBaker 2.13.3 Stored Cross-Site Scripting via Page Creation

WebsiteBaker 2.13.3 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts when creating web pages. Attackers can craft malicious payloads in page titles that execute arbitrary JavaScript when the page is viewed by other users...

5.4CVSS0.00201EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/12/19 12:0 a.m.2 views

PT-2025-52524

Name of the Vulnerable Software and Affected Versions WebsiteBaker version 2.13.3 Description An authenticated user can inject malicious scripts when creating web pages, leading to the execution of arbitrary JavaScript when a page is viewed by other users. The issue is due to a stored cross-site...

5.4CVSS6.3AI score0.00201EPSS
Exploits1References8
Veracode
Veracode
added 2025/12/13 6:9 a.m.7 views

Cross-site Scripting (XSS)

getkirby/cms is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of user-controlled fields such as page titles or usernames displayed in the "Changes" dialog, which allows an attacker to inject malicious code that executes when another authenticated user...

5.4CVSS5.9AI score0.00156EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder