Lucene search
+L

232 matches found

NVD
NVD
added 2025/10/06 4:15 p.m.5 views

CVE-2025-61224

Cross Site Scripting vulnerability in DokuWiki 2025-05-14a 'Librarian'56.1 allows a remote attacker to execute arbitrary code via the q parameter...

6.5CVSS0.01272EPSS
Exploits0References2
OSV
OSV
added 2025/10/06 4:15 p.m.3 views

DEBIAN-CVE-2025-61224

Cross Site Scripting vulnerability in DokuWiki 2025-05-14a 'Librarian'56.1 allows a remote attacker to execute arbitrary code via the q parameter...

6.5CVSS5.9AI score0.01272EPSS
Exploits0References1
OSV
OSV
added 2025/10/06 4:15 p.m.5 views

CVE-2025-61224

Cross Site Scripting vulnerability in DokuWiki 2025-05-14a 'Librarian'56.1 allows a remote attacker to execute arbitrary code via the q parameter...

6.5CVSS6.2AI score0.01272EPSS
Exploits0References2
OSV
OSV
added 2025/10/06 4:15 p.m.4 views

UBUNTU-CVE-2025-61224

Cross Site Scripting vulnerability in DokuWiki 2025-05-14a 'Librarian'56.1 allows a remote attacker to execute arbitrary code via the q parameter...

6.5CVSS6.2AI score0.01272EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/10/06 12:0 a.m.2 views

CVE-2025-61224

Cross Site Scripting vulnerability in DokuWiki 2025-05-14a 'Librarian'56.1 allows a remote attacker to execute arbitrary code via the q parameter...

6.5CVSS6.8AI score0.01272EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/10/06 12:0 a.m.2 views

PT-2025-40904

Name of the Vulnerable Software and Affected Versions DokuWiki version 2025-05-14a Description A Cross Site Scripting issue exists in DokuWiki. A remote attacker may be able to execute arbitrary code through the q parameter. The vulnerable component is 'Librarian' 56.1. Recommendations Update to ...

6.5CVSS5.8AI score0.01272EPSS
Exploits0References12
Cvelist
Cvelist
added 2025/10/06 12:0 a.m.8 views

CVE-2025-61224

Cross Site Scripting vulnerability in DokuWiki 2025-05-14a 'Librarian'56.1 allows a remote attacker to execute arbitrary code via the q parameter...

6.5CVSS0.01272EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/10/06 12:0 a.m.3 views

DokuWiki 安全漏洞

DokuWiki is an easy-to-use and versatile open source Wiki software from DokuWiki Open Source. A security vulnerability exists in DokuWiki version 2025-05-14a, which stems from an unvalidated q parameter that could lead to a cross-site scripting attack...

6.5CVSS5.8AI score0.01272EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2025/10/06 12:0 a.m.2 views

CVE-2025-61224

Cross Site Scripting vulnerability in DokuWiki 2025-05-14a 'Librarian'56.1 allows a remote attacker to execute arbitrary code via the q parameter...

6.5CVSS5.9AI score0.01272EPSS
Exploits0
CVE
CVE
added 2025/10/06 12:0 a.m.27 views

CVE-2025-61224

CVE-2025-61224 affects DokuWiki (Librarian component) with a reflected XSS in the q parameter in versions up to 2025-05-14a. The underlying issue is an unvalidated q parameter that allows a remote attacker to induce arbitrary code execution in the context of the victim’s browser or app, as descri...

6.5CVSS6.8AI score0.01272EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-28878

Malicious code in bioql PyPI...

8.8CVSS6.6AI score0.00306EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2025-22806

Malicious code in bioql PyPI...

7.2CVSS6.5AI score0.00565EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/09/12 12:0 a.m.6 views

PT-2025-37357

Name of the Vulnerable Software and Affected Versions: cdevroe unmark versions up to 1.9.3 Description: A flaw has been found in cdevroe unmark. This issue affects unknown code within the application/views/layouts/topbar/searchform.php file. Manipulation of the q parameter can lead to cross-site...

6.1CVSS4AI score0.00385EPSS
Exploits1References9
Vulnrichment
Vulnrichment
added 2025/09/10 11:45 a.m.1 views

CVE-2025-40725 Reflected Cross-Site Scripting (XSS) in Azon Dominator

Reflected Cross-Site Scripting XSS vulnerability in Azon Dominator. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL using the “q” parameter in /search via GET. This vulnerability can be exploited to steal sensitive user data...

5.1CVSS5.6AI score0.00306EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/10 11:45 a.m.16 views

CVE-2025-40725 Reflected Cross-Site Scripting (XSS) in Azon Dominator

Reflected Cross-Site Scripting XSS vulnerability in Azon Dominator. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL using the “q” parameter in /search via GET. This vulnerability can be exploited to steal sensitive user data...

5.1CVSS0.00306EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/09/09 12:0 a.m.7 views

PT-2025-37012

Name of the Vulnerable Software and Affected Versions: Azon Dominator affected versions not specified Description: A reflected Cross-Site Scripting XSS vulnerability exists in Azon Dominator. An attacker can execute JavaScript code in a victim’s browser by sending a malicious URL containing...

5.1CVSS5.6AI score0.00306EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/09/08 11:25 a.m.11 views

CVE-2025-40642 Reflected Cross-Site Scripting (XSS) in WebWork

Reflected Cross-Site Scripting XSS vulnerability in WebWork, which allows remote attackers to execute arbitrary code through the 'q' and 'engine' request parameters in /search...

5.1CVSS0.0048EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/09/08 12:0 a.m.6 views

Codester WebWork - PHP Search Engine Script 跨站脚本漏洞

Codester WebWork - PHP Search Engine Script is an open source search engine script from Codester. A cross-site scripting vulnerability exists in Codester WebWork - PHP Search Engine Script, which stems from the fact that incorrect manipulation of the parameters q and engine can lead to reflective...

5.1CVSS6AI score0.0048EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/08/30 6:21 p.m.6 views

CVE-2025-50985

diskover-web v2.3.0 Community Edition is vulnerable to multiple reflected cross-site scripting XSS flaws in its web interface. Unsanitized GET parameters including maxage, maxindex, index, path, q query, and doctype are directly echoed into the HTML response, allowing attackers to inject and...

5.6CVSS6.6AI score0.00224EPSS
Exploits1References1
NVD
NVD
added 2025/08/30 1:15 p.m.5 views

CVE-2025-9689

A vulnerability was detected in SourceCodester Advanced School Management System 1.0. The impacted element is an unknown function of the file /index.php/stock/itemselect. The manipulation of the argument q results in sql injection. It is possible to launch the attack remotely. The exploit is now...

8.8CVSS0.00306EPSS
Exploits1References5
Rows per page
Query Builder