Lucene search
K

232 matches found

RedhatCVE
RedhatCVE
added 2025/12/16 8:44 p.m.6 views

CVE-2023-53882

JLex GuestBook 1.6.4 contains a reflected cross-site scripting vulnerability in the 'q' URL parameter that allows attackers to inject malicious scripts. Attackers can craft malicious links with XSS payloads to steal session tokens or execute arbitrary JavaScript in victims' browsers...

5.1CVSS6AI score0.00327EPSS
Exploits0References1
NVD
NVD
added 2025/12/15 9:15 p.m.9 views

CVE-2023-53882

JLex GuestBook 1.6.4 contains a reflected cross-site scripting vulnerability in the 'q' URL parameter that allows attackers to inject malicious scripts. Attackers can craft malicious links with XSS payloads to steal session tokens or execute arbitrary JavaScript in victims' browsers...

5.1CVSS0.00327EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/12/15 8:28 p.m.22 views

CVE-2023-53882 JLex GuestBook 1.6.4 Reflected Cross-Site Scripting via URL Parameter

JLex GuestBook 1.6.4 contains a reflected cross-site scripting vulnerability in the 'q' URL parameter that allows attackers to inject malicious scripts. Attackers can craft malicious links with XSS payloads to steal session tokens or execute arbitrary JavaScript in victims' browsers...

5.1CVSS0.00327EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/12/15 12:0 a.m.4 views

JLex GuestBook 跨站脚本漏洞

JLex GuestBook is a visitor message board component of JLexArt open source. A cross-site scripting vulnerability exists in JLex GuestBook version 1.6.4, which stems from the presence of reflective cross-site scripting in the q URL parameter, which could lead to the injection of malicious script...

5.1CVSS6.4AI score0.00327EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/15 12:0 a.m.8 views

PT-2025-51300

Name of the Vulnerable Software and Affected Versions JLex GuestBook version 1.6.4 Description The software contains a reflected cross-site scripting issue in the q URL parameter. This allows attackers to inject malicious scripts. Attackers can create malicious links with XSS payloads to...

5.1CVSS6.2AI score0.00327EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/12/09 6:29 p.m.5 views

CVE-2025-40700

Reflected Cross-Site Scripting XSS in IDI Eikon's Governalia. The vulnerability allows an attacker to execute JavaScript code in the victim's browser when a malicious URL with the 'q' parameter in '/search' is sent to them. This vulnerability can be exploited to steal sensitive information such a...

5.1CVSS6.1AI score0.00161EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/02 1:8 p.m.12 views

CVE-2025-40700 Reflected Cross-Site Scripting (XSS) in Governalia by IDI Eikon

Reflected Cross-Site Scripting XSS in IDI Eikon's Governalia. The vulnerability allows an attacker to execute JavaScript code in the victim's browser when a malicious URL with the 'q' parameter in '/search' is sent to them. This vulnerability can be exploited to steal sensitive information such a...

5.1CVSS0.00161EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/11/13 6:0 p.m.11 views

CVE-2025-20379

In Splunk Enterprise versions below 10.0.1, 9.4.5, 9.3.7, and 9.2.9 and Splunk Cloud Platform versions below 9.3.2411.116, 9.3.2408.124, 10.0.2503.5 and 10.1.2507.1, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could run a saved search with a risky command using th...

3.5CVSS6.8AI score0.00276EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/12 5:23 p.m.2 views

CVE-2025-20379 Risky command safeguards bypass using the “/services/streams/search“ REST endpoint through “q“ parameter in Splunk Enterprise

In Splunk Enterprise versions below 10.0.1, 9.4.5, 9.3.7, and 9.2.9 and Splunk Cloud Platform versions below 9.3.2411.116, 9.3.2408.124, 10.0.2503.5 and 10.1.2507.1, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could run a saved search with a risky command using th...

3.5CVSS6.5AI score0.00276EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/12 5:23 p.m.12 views

CVE-2025-20379 Risky command safeguards bypass using the “/services/streams/search“ REST endpoint through “q“ parameter in Splunk Enterprise

In Splunk Enterprise versions below 10.0.1, 9.4.5, 9.3.7, and 9.2.9 and Splunk Cloud Platform versions below 9.3.2411.116, 9.3.2408.124, 10.0.2503.5 and 10.1.2507.1, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could run a saved search with a risky command using th...

3.5CVSS0.00276EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/10 5:11 p.m.6 views

CVE-2025-63543

TechStore 1.0 is vulnerable to Cross Site Scripting XSS in the /searchresults endpoint via the q parameter...

6.1CVSS6.3AI score0.00208EPSS
Exploits1References1
OSV
OSV
added 2025/11/07 9:15 p.m.6 views

CVE-2025-63543

TechStore 1.0 is vulnerable to Cross Site Scripting XSS in the /searchresults endpoint via the q parameter...

6.1CVSS5.8AI score0.00208EPSS
Exploits1References1
NVD
NVD
added 2025/11/07 9:15 p.m.19 views

CVE-2025-63543

TechStore 1.0 is vulnerable to Cross Site Scripting XSS in the /searchresults endpoint via the q parameter...

6.1CVSS0.00208EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/11/07 12:0 a.m.5 views

CVE-2025-63543

TechStore 1.0 is vulnerable to Cross Site Scripting XSS in the /searchresults endpoint via the q parameter...

5.8AI score0.00208EPSS
Exploits1References1
CVE
CVE
added 2025/11/07 12:0 a.m.16 views

CVE-2025-63543

CVE-2025-63543 affects TechStore 1.0 with an unvalidated q parameter in the /search_results endpoint, enabling Cross-Site Scripting (XSS). Public sources across Red Hat, NVD, CNNVD, EUVD, CVE/CVEList, and Vuln enrichment consistently describe a reflected/stored-like XSS concern tied to the search...

6.1CVSS5.8AI score0.00208EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2025/11/07 12:0 a.m.11 views

CVE-2025-63543

TechStore 1.0 is vulnerable to Cross Site Scripting XSS in the /searchresults endpoint via the q parameter...

0.00208EPSS
Exploits1References1
NVD
NVD
added 2025/10/27 11:15 a.m.7 views

CVE-2025-12267

A flaw has been found in abhicodebox ModernShop 20250922. This issue affects some unknown processing of the file /search. Executing manipulation of the argument q can lead to cross site scripting. The attack may be performed from remote. The exploit has been published and may be used...

5.3CVSS0.00316EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/10/27 12:0 a.m.6 views

PT-2025-43934

Name of the Vulnerable Software and Affected Versions abhicodebox ModernShop version 20250922 Description A flaw exists in the processing of the /search file within abhicodebox ModernShop. Manipulation of the q argument can lead to cross site scripting, potentially allowing for remote attacks. Th...

5.3CVSS5.9AI score0.00316EPSS
Exploits1References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-14965

Malware in sbrugna...

5.3CVSS5.5AI score0.01444EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/06 6:31 p.m.2 views

EUVD-2025-32551

Cross Site Scripting vulnerability in DokuWiki 2025-05-14a 'Librarian'56.1 allows a remote attacker to execute arbitrary code via the q parameter...

6.5CVSS6.6AI score0.01272EPSS
Exploits0References3
Rows per page
Query Builder