Lucene search
K

318 matches found

NVD
NVD
added 2026/04/09 1:16 a.m.3 views

CVE-2026-5826

A flaw has been found in code-projects Simple IT Discussion Forum 1.0. This issue affects some unknown processing of the file /edit-category.php. Executing a manipulation of the argument Category can lead to cross site scripting. The attack can be launched remotely. The exploit has been published...

5.3CVSS0.00357EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.10 views

PT-2026-31475

A vulnerability was detected in openstatusHQ openstatus up to 1b678e71a85961ae319cbb214a8eae634059330c. This impacts an unknown function of the file apps/dashboard/src/app/dashboard/onboarding/client.tsx of the component Onboarding Endpoint. The manipulation of the argument callbackURL results in...

5.3CVSS4.4AI score0.00282EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/04/05 1:0 p.m.3 views

CVE-2026-5568 Akaunting Invoice/Billing cross site scripting

A vulnerability has been found in Akaunting up to 3.1.21. This issue affects some unknown processing of the component Invoice/Billing. The manipulation of the argument notes leads to cross site scripting. The attack is possible to be carried out remotely. The exploit has been disclosed to the...

5.1CVSS4.1AI score0.00253EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/04/03 10:58 a.m.3 views

CVE-2026-5325

A vulnerability was determined in SourceCodester Simple Customer Relationship Management System 1.0. This issue affects some unknown processing of the file /create-ticket.php of the component Create Ticket. This manipulation of the argument Description causes cross site scripting. Remote...

5.1CVSS4.7AI score0.00191EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/03 12:0 a.m.12 views

PT-2026-30043

Name of the Vulnerable Software and Affected Versions Casdoor version 2.356.0 Description A security flaw exists in the dangerouslySetInnerHTML function of Casdoor 2.356.0. Manipulation of the formCss/formCssMobile/formSideHtml argument can lead to cross-site scripting XSS. This attack can be...

5.4CVSS5.5AI score0.00188EPSS
Exploits0References9
NVD
NVD
added 2026/03/27 8:16 p.m.3 views

CVE-2026-4973

A vulnerability was detected in SourceCodester Online Quiz System up to 1.0. Affected by this vulnerability is an unknown functionality of the file endpoint/add-question.php. Performing a manipulation of the argument quizquestion results in cross site scripting. It is possible to initiate the...

5.1CVSS0.00239EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/03/23 7:20 p.m.2 views

CVE-2026-4596 projectworlds Lawyer Management System lawyers.php cross site scripting

A vulnerability was identified in projectworlds Lawyer Management System 1.0. This issue affects some unknown processing of the file /lawyers.php. The manipulation of the argument firstName leads to cross site scripting. The attack may be initiated remotely. The exploit is publicly available and...

5.1CVSS4.1AI score0.00189EPSS
Exploits1References4
EUVD
EUVD
added 2026/03/16 3:30 p.m.4 views

EUVD-2026-12243

A vulnerability was determined in UEditor up to 1.4.3.2. This issue affects some unknown processing of the file php/controller.php?action=uploadimage of the component JSONP Callback Handler. This manipulation of the argument callback causes cross site scripting. The attack can be initiated...

5.1CVSS4.1AI score0.00244EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/03/15 7:2 p.m.36 views

CVE-2026-4186 UEditor JSONP Callback controller.php cross site scripting

A vulnerability was determined in UEditor up to 1.4.3.2. This issue affects some unknown processing of the file php/controller.php?action=uploadimage of the component JSONP Callback Handler. This manipulation of the argument callback causes cross site scripting. The attack can be initiated...

5.1CVSS0.00244EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/02/24 2:2 a.m.5 views

CVE-2026-3054 Alinto SOGo cross site scripting

A vulnerability was identified in Alinto SOGo 5.12.3/5.12.4. This impacts an unknown function. The manipulation of the argument hint leads to cross site scripting. The attack can be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this...

5.3CVSS3.8AI score0.00398EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/02/23 1:31 p.m.8 views

CVE-2026-2939

A vulnerability was found in itsourcecode Student Management System 1.0. The impacted element is an unknown function of the file /addstudent/ of the component Add Student Module. The manipulation results in cross site scripting. It is possible to launch the attack remotely. The exploit has been...

4.8CVSS3.3AI score0.0023EPSS
Exploits1References1
OSV
OSV
added 2026/02/22 8:15 a.m.4 views

CVE-2026-2933

A weakness has been identified in YiFang CMS up to 2.0.5. This affects the function update of the file app/db/admin/DadManage.php of the component Extended Management Module. Executing a manipulation of the argument Name can lead to cross site scripting. The attack may be performed from remote. T...

4.8CVSS3.9AI score0.00198EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/02/22 12:0 a.m.4 views

PT-2026-21420

A security flaw has been discovered in YiFang CMS up to 2.0.5. The impacted element is the function update of the file app/db/admin/D adPosition.php of the component Extended Management Module. Performing a manipulation of the argument name/index results in cross site scripting. The attack is...

4.8CVSS3.3AI score0.00218EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2026/02/10 7:33 a.m.6 views

CVE-2026-2222

A weakness has been identified in code-projects Online Reviewer System 1.0. Affected by this vulnerability is an unknown functionality of the file /system/system/admins/manage/users/btnfunctions.php. Executing a manipulation of the argument firstname can lead to cross site scripting. The attack m...

4.8CVSS3.7AI score0.00205EPSS
Exploits2References1
OSV
OSV
added 2026/02/09 2:16 a.m.5 views

CVE-2026-2200

A weakness has been identified in heyewei JFinalCMS 5.0.0. This affects an unknown function of the file /admin/admin/save of the component API Endpoint. Executing a manipulation can lead to cross site scripting. The attack can be launched remotely. The exploit has been made available to the publi...

4.8CVSS4AI score0.00223EPSS
Exploits1References4
OSV
OSV
added 2026/02/08 4:15 p.m.3 views

CVE-2026-2159

A flaw has been found in SourceCodester Simple Responsive Tourism Website 1.0. Affected is an unknown function of the file /tourism/classes/Master.php?f=register of the component Registration. Executing a manipulation of the argument firstname/lastname/username can lead to cross site scripting. I...

6.1CVSS4.1AI score0.00352EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/01/28 3:16 a.m.16 views

CVE-2026-1444

A vulnerability has been found in iJason-Liu BooksManager up to 298ba736387ca37810466349af13a0fdf828e99c. This affects an unknown part of the file controllers/bookscenter/addbookcheck.php. Such manipulation of the argument mark leads to cross site scripting. The attack can be launched remotely. T...

4.8CVSS4.2AI score0.00206EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/19 8:32 a.m.27 views

CVE-2026-1146 SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System api_register_patient.php cross site scripting

A vulnerability has been found in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. Affected by this issue is some unknown functionality of the file /php/apiregisterpatient.php. Such manipulation of the argument firstName/lastName leads to cross site scripting. The...

5.1CVSS0.00176EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/01/19 3:2 a.m.4 views

CVE-2026-1135

A security flaw has been discovered in itsourcecode Society Management System 1.0. This impacts an unknown function of the file /admin/activity.php. The manipulation of the argument Title results in cross site scripting. The attack may be launched remotely. The exploit has been released to the...

6.1CVSS3.9AI score0.00318EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2026/01/08 10:2 p.m.29 views

CVE-2026-0730 PHPGurukul Staff Leave Management System SVG File adminviews.py UPDATE_STAFF cross site scripting

A flaw has been found in PHPGurukul Staff Leave Management System 1.0. The affected element is the function ADDSTAFF/UPDATESTAFF of the file /staffleave/slms/slms/adminviews.py of the component SVG File Handler. Executing a manipulation of the argument profilepic can lead to cross site scripting...

4.8CVSS0.00238EPSS
Exploits1References5
Rows per page
Query Builder