Lucene search
K

1275 matches found

CNNVD
CNNVD
added 2026/01/08 12:0 a.m.3 views

salvo 跨站脚本漏洞

salvo is a web framework for Salvo open source . A cross-site scripting vulnerability exists in versions prior to salvo 0.88.1 , the vulnerability stems from the listhtml function does not properly clean up the path , which could lead to reflective cross-site scripting attacks...

8.8CVSS5.8AI score0.003EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/01/07 12:0 a.m.4 views

Tarkov Data Manager 跨站脚本漏洞

Tarkov Data Manager is a database management tool from The Hideout open source. A cross-site scripting vulnerability exists in versions of Tarkov Data Manager prior to 02/01/2025, which stems from the presence of reflective cross-site scripting in the toast notification system that could lead to ...

9.3CVSS5.9AI score0.00202EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/01/07 12:0 a.m.5 views

WordPress plugin Stumble! for WordPress 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plug-in. A cross-site scriptin...

6.1CVSS5.9AI score0.00264EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/12/30 12:0 a.m.3 views

NetVision Information ISOinsight 跨站脚本漏洞

NetVision Information ISOinsight is an operations and maintenance management platform from China-based NetVision Information. NetVision Information ISOinsight suffers from a cross-site scripting vulnerability that stems from the presence of reflective cross-site scripting, which could allow an...

6.1CVSS6.5AI score0.00205EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/12/23 12:0 a.m.4 views

TechStore 安全漏洞

TechStore is a subscription software platform from TechStore Inc. in the United Arab Emirates. A security vulnerability exists in TechStore version 1.0, which stems from the id parameter not being encoded or cleaned up, which could lead to a reflective cross-site scripting attack...

6.1CVSS6AI score0.00178EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/12/18 12:0 a.m.3 views

Kentico Xperience 跨站脚本漏洞

Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the administration interface, which can be exploited by an attacker to execute...

5.4CVSS5.9AI score0.00165EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/12/18 12:0 a.m.3 views

Kentico Xperience 跨站脚本漏洞

Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary web script or HTML by injecting a crafted payload...

5.4CVSS5.9AI score0.00165EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/12/18 12:0 a.m.4 views

Kentico Xperience 跨站脚本漏洞

Kentico Xperience is a digital experience platform from Kentico. A cross-site scripting vulnerability exists in the Kentico Xperience rich text editor component that can be exploited by an attacker to execute arbitrary script in a user's browser...

6.1CVSS5.9AI score0.00183EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/12/15 12:0 a.m.3 views

Jorani 跨站脚本漏洞

Jorani is a leave management system by Benjamin BALET, an individual developer in France. It is intended to provide a simple workflow for leave and overtime requests for small organizations. A cross-site scripting vulnerability exists in Jorani version 1.0.3, which stems from the presence of...

5.1CVSS6.4AI score0.003EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/12/15 12:0 a.m.4 views

Inventory Management System 安全漏洞

Inventory Management System is an inventory management system by stemword individual developers. A security vulnerability exists in Inventory Management System version 1, which originates from a reflective cross-site scripting in the /index.php/cuzh4 component that could lead to the execution of...

6.1CVSS6AI score0.00185EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/12/13 12:0 a.m.4 views

WordPress plugin Social Media Auto Publish 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A cross-site scripting vulnerabili...

6.1CVSS5.8AI score0.00205EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/12/13 12:0 a.m.3 views

WordPress plugin WP to LinkedIn Auto Publish 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripti...

6.1CVSS5.9AI score0.00204EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/12/10 12:0 a.m.5 views

WordPress plugin HandL UTM Grabber / Tracker 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plug-in. A security...

7.1CVSS5.9AI score0.00145EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/12/10 12:0 a.m.4 views

XWiki Platform 安全漏洞

XWiki Platform is XWiki's open source suite of Wiki platforms for creating web collaboration applications. A security vulnerability exists in XWiki Platform that stems from vulnerability to reflective cross-site scripting attacks...

6.5CVSS5.9AI score0.00463EPSS
Exploits1References4
OSV
OSV
added 2025/12/09 6:15 p.m.4 views

CVE-2025-34409

MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the Failed parameter of /Mondo/lang/sys/Forms/MAI/AddRecipientsResult.aspx. The Failed value is not properly sanitized when processed via a GET request and is reflected in the response, allowing an...

6.1CVSS6AI score0.00402EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/12/09 12:0 a.m.3 views

MailEnable 跨站脚本漏洞

MailEnable is a commercial email server software designed for Windows operating systems that provides end-to-end email hosting and collaboration solutions. MailEnable suffers from a cross-site scripting vulnerability that originates from the lack of effective filtering and escaping of user-suppli...

6.1CVSS6AI score0.00324EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/12/09 12:0 a.m.3 views

MailEnable 跨站脚本漏洞

MailEnable is a commercial email server software designed for Windows operating systems that provides end-to-end email hosting and collaboration solutions. MailEnable suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied da...

6.1CVSS6AI score0.00324EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/12/09 12:0 a.m.3 views

TalentSoft UNIS 跨站脚本漏洞

TalentSoft UNIS is a talent management system from TalentSoft Turkey. A cross-site scripting vulnerability exists in TalentSoft UNIS versions prior to 42957, which stems from improper input neutralization and could lead to reflective cross-site scripting...

5.4CVSS5.8AI score0.00155EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/09 12:0 a.m.3 views

MailEnable 跨站脚本漏洞

MailEnable is a commercial email server software designed for Windows operating systems that provides end-to-end email hosting and collaboration solutions. MailEnable suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied da...

6.1CVSS6AI score0.00324EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/12/09 12:0 a.m.5 views

NiceGUI 跨站脚本漏洞

NiceGUI is an easy-to-use, Python-based UI framework open-sourced by NiceGUI. A cross-site scripting vulnerability exists in NiceGUI 3.3.1 and earlier versions, which stems from insufficient cleanup and escaping of the ui.addcss, ui.addscss, and ui.addsass functions, and could lead to a reflectiv...

6.1CVSS5.8AI score0.00224EPSS
Exploits1References3
Rows per page
Query Builder