Lucene search
K

696 matches found

RedhatCVE
RedhatCVE
added 2026/05/24 2:12 a.m.14 views

CVE-2023-54349

AmazCart CMS 3.4 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting payloads through the search functionality. Attackers can enter script tags in the search box to execute arbitrary JavaScript that fires when...

6.1CVSS5.9AI score0.00265EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/16 12:0 a.m.14 views

PT-2026-41435

WordPress Theme Wibar 1.1.8 contains a stored cross-site scripting vulnerability in the Brand component that allows authenticated users to inject malicious scripts by manipulating the Logo URL parameter. Attackers with editor, administrator, contributor, or author privileges can inject...

6.4CVSS5.9AI score0.00243EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/15 9:45 p.m.9 views

CVE-2026-44549 Open WebUI: Stored XSS in excel file preview

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, Excel file attachments are previewed in an unsafe way. A crafted XLSX file payload can be used to cause the sheetjs function sheettohtml to embed an XSS payload into the generated...

7.3CVSS5.8AI score0.00318EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/05/15 9:31 p.m.12 views

Duplicate Advisory: phpMyFAQ has stored XSS via | raw Filter in search.twig — html_entity_decode(strip_tags()) Bypass in Search Result Rendering

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-pqh6-8fxf-jx22. This link is maintained to preserve external references. Original Description phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in search.twig where result.question and...

8.2CVSS5.2AI score0.00249EPSS
Exploits0References4Affected Software2
EUVD
EUVD
added 2026/05/15 6:36 p.m.10 views

EUVD-2026-30596

phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in search.twig where result.question and result.answerPreview are rendered with the raw filter, disabling autoescape protection. Attackers with FAQ editor privileges can inject HTML-entity-encoded payloads that bypass...

6.9CVSS5.8AI score0.00249EPSS
Exploits0References2
OSV
OSV
added 2026/05/15 8:50 a.m.8 views

BIT-NGINX-GATEWAY-2026-42926 NGINX ngx_http_proxy_v2_module vulnerability

When NGINX Open Source is configured to proxy HTTP/2 traffic by setting proxyhttpversion to 2, and also uses proxysetbody, an attacker may be able to inject frame headers and payload bytes to the upstream peer. Note: Software versions which have reached End of Technical Support EoTS are not...

6.3CVSS5.8AI score0.00339EPSS
Exploits1References2
OSV
OSV
added 2026/05/15 8:50 a.m.8 views

BIT-NGINX-2026-42926 NGINX ngx_http_proxy_v2_module vulnerability

When NGINX Open Source is configured to proxy HTTP/2 traffic by setting proxyhttpversion to 2, and also uses proxysetbody, an attacker may be able to inject frame headers and payload bytes to the upstream peer. Note: Software versions which have reached End of Technical Support EoTS are not...

6.3CVSS5.8AI score0.00339EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.10 views

phpMyFAQ 跨站脚本漏洞

phpMyFAQ is a multilingual, fully database-driven FAQ system developed by Thorsten Rinne. Versions of phpMyFAQ prior to 4.1.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from the use of the raw filter for rendering in result.question and result.answerPreview within...

8.2CVSS5.9AI score0.00249EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/13 6:30 p.m.10 views

EUVD-2026-30006

When NGINX Open Source is configured to proxy HTTP/2 traffic by setting proxyhttpversion to 2, and also uses proxysetbody, an attacker may be able to inject frame headers and payload bytes to the upstream peer. Note: Software versions which have reached End of Technical Support EoTS are not...

6.3CVSS5.8AI score0.00339EPSS
Exploits1References2
OSV
OSV
added 2026/05/13 4:16 p.m.8 views

ALPINE-CVE-2026-42926

When NGINX Open Source is configured to proxy HTTP/2 traffic by setting proxyhttpversion to 2, and also uses proxysetbody, an attacker may be able to inject frame headers and payload bytes to the upstream peer. Note: Software versions which have reached End of Technical Support EoTS are not...

6.3CVSS5.5AI score0.00339EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/05/13 2:12 p.m.11 views

CVE-2026-42926 NGINX ngx_http_proxy_v2_module vulnerability

When NGINX Open Source is configured to proxy HTTP/2 traffic by setting proxyhttpversion to 2, and also uses proxysetbody, an attacker may be able to inject frame headers and payload bytes to the upstream peer. Note: Software versions which have reached End of Technical Support EoTS are not...

6.3CVSS5.8AI score0.00339EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.16 views

PT-2026-40677

Name of the Vulnerable Software and Affected Versions NGINX Open Source versions prior to 1.30.0 Description When configured to proxy HTTP/2 traffic by setting proxy http version to 2 and utilizing proxy set body, an attacker may inject frame headers and payload bytes to the upstream peer...

6.3CVSS5.4AI score0.00339EPSS
Exploits1References30
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.10 views

PT-2026-40800

Name of the Vulnerable Software and Affected Versions Quark Drive versions prior to 0.8.5 Description A stored cross-site scripting issue exists in the System Configuration page. The template renders push config key names using the Vue.js v-html directive without proper escaping. Authenticated...

5.4CVSS5.6AI score0.00183EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.12 views

HTTP::Tiny 注入漏洞

HTTP::Tiny is a small, simple, and correct HTTP/1.1 client developed by Perldoc. Versions prior to HTTP::Tiny 0.093 had an injection vulnerability due to unvalidated CRLF characters. This vulnerability could allow attackers to inject additional headers and request payloads...

6.5CVSS5.8AI score0.00227EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/11 12:0 a.m.49 views

CVE-2025-61312

A reflected cross-site scripted XSS vulnerability in the acc-menupricess.php component of GmbH Mecury Managed Print Services docuForm v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable value...

0.00292EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/10 12:0 a.m.14 views

PT-2026-39474

WordPress 3dady real-time web stats plugin 1.0 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by exploiting unsanitized input fields. Attackers can insert JavaScript payloads in the dady input text or dady2 input text fields...

6.4CVSS6AI score0.00217EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/30 12:0 a.m.3 views

CVE-2026-36766

Multiple authenticated cross-site scripting XSS vulnerabilities in the XssHttpServletRequestWrapper class of shopizer v3.2.5 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the getInputStream or getReader functions...

5.3AI score0.00138EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/29 7:24 p.m.27 views

CVE-2018-25313 SysGauge 4.5.18 Local Denial of Service via Proxy Configuration

SysGauge 4.5.18 contains a buffer overflow vulnerability in the proxy configuration handler that allows local attackers to cause a denial of service by supplying an oversized string. Attackers can inject a large payload through the Proxy Server Host Name field in the Options menu to crash the...

6.9CVSS0.0012EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/29 7:24 p.m.5 views

CVE-2018-25299 Prime95 29.4b8 Local Buffer Overflow via SEH

Prime95 29.4b8 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by exploiting structured exception handling SEH mechanisms. Attackers can inject malicious payload through the optional proxy hostname field in the PrimeNet connection settings to trigger...

8.6CVSS6.2AI score0.00162EPSS
Exploits0References4
NVD
NVD
added 2026/04/29 4:16 p.m.5 views

CVE-2025-56535

A cross-site scripting XSS vulnerability in opennebula v6.10.0.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the zone attribute parameter...

6.1CVSS0.00185EPSS
Exploits2References2
Rows per page
Query Builder