Lucene search
K

95 matches found

ATTACKERKB
ATTACKERKB
added 2026/01/27 11:58 p.m.5 views

CVE-2026-24838

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to versions 9.13.10 and 10.2.0, module title supports richtext which could include scripts that would execute in certain scenarios. Versions 9.13.10 and 10.2.0 contain a fix for the iss...

9.1CVSS5.9AI score0.00188EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/01/27 11:58 p.m.27 views

CVE-2026-24838 DotNetNuke.Core Vulnerable to Stored XSS via Module Title

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to versions 9.13.10 and 10.2.0, module title supports richtext which could include scripts that would execute in certain scenarios. Versions 9.13.10 and 10.2.0 contain a fix for the iss...

9.1CVSS0.00188EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/27 11:51 p.m.3 views

CVE-2026-24836

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Starting in version 9.0.0 and prior to versions 9.13.10 and 10.2.0, extensions could write richtext in log notes which can include scripts that would run in the PersonaBar when displayed...

7.6CVSS5.9AI score0.00226EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/01/27 11:49 p.m.6 views

EUVD-2026-4862

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to versions 9.13.10 and 10.2.0, a module could install with richtext in its description field which could contain scripts that will run for user in the Persona Bar. Versions 9.13.10 and...

7.6CVSS5.9AI score0.00174EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/27 11:49 p.m.4 views

CVE-2026-24833

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to versions 9.13.10 and 10.2.0, a module could install with richtext in its description field which could contain scripts that will run for user in the Persona Bar. Versions 9.13.10 and...

7.6CVSS5.9AI score0.00174EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/27 12:0 a.m.7 views

PT-2026-5043

Name of the Vulnerable Software and Affected Versions DNN formerly DotNetNuke versions prior to 9.13.10 DNN formerly DotNetNuke versions prior to 10.2.0 Description DNN formerly DotNetNuke is an open-source web content management platform. Prior to versions 9.13.10 and 10.2.0, the module title...

9.1CVSS5.9AI score0.00188EPSS
Exploits0References16
Positive Technologies
Positive Technologies
added 2026/01/27 12:0 a.m.11 views

PT-2026-5040

Name of the Vulnerable Software and Affected Versions DNN formerly DotNetNuke versions prior to 9.13.10 DNN formerly DotNetNuke versions prior to 10.2.0 Description DNN formerly DotNetNuke is an open-source web content management platform. Prior to versions 9.13.10 and 10.2.0, a module could be...

7.6CVSS5.3AI score0.00174EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/01/09 9:16 a.m.5 views

CVE-2025-40834

A vulnerability has been identified in Mendix RichText All versions = V4.0.0 V4.6.1. Affected widget does not properly neutralize the input. This could allow an attacker to execute cross-site scripting attacks...

6.8CVSS6.4AI score0.00206EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2025/12/01 6:30 p.m.6 views

com.jgeppert.struts2.bootstrap:struts2-bootstrap-plugin (=6.0.0), com.jgeppert.struts2.bootstrap:struts2-bootstrap-showcase (=6.0.0) +53 more potentially affected by CVE-2025-64775 via org.apache.struts:struts2-core (>=7.0.0 <=7.0.3)

org.apache.struts:struts2-core MAVEN version =7.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.3 and more Source cves: CVE-2025-64775 Source advisory: OSV:GHSA-XX7V-HQXH-CJR9...

7.5CVSS7.3AI score0.01456EPSS
Exploits0
NVD
NVD
added 2025/11/17 12:15 p.m.7 views

CVE-2025-40834

A vulnerability has been identified in Mendix RichText All versions = V4.0.0 V4.6.1. Affected widget does not properly neutralize the input. This could allow an attacker to execute cross-site scripting attacks...

6.8CVSS0.00206EPSS
Exploits0References1
CVE
CVE
added 2025/11/17 11:39 a.m.15 views

CVE-2025-40834

CVE-2025-40834 affects the Mendix RichText widget. All versions from 4.0.0 up to 4.6.0 are vulnerable because the widget does not properly neutralize user input, enabling cross-site scripting (XSS). The issue is rooted in insufficient input filtering/escaping within the RichText component. Impact...

6.8CVSS6.1AI score0.00206EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/17 11:39 a.m.5 views

CVE-2025-40834

A vulnerability has been identified in Mendix RichText All versions = V4.0.0 V4.6.1. Affected widget does not properly neutralize the input. This could allow an attacker to execute cross-site scripting attacks...

6.8CVSS6.1AI score0.00206EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/17 11:39 a.m.7 views

CVE-2025-40834

A vulnerability has been identified in Mendix RichText All versions = V4.0.0 V4.6.1. Affected widget does not properly neutralize the input. This could allow an attacker to execute cross-site scripting attacks...

6.8CVSS0.00206EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/17 11:39 a.m.5 views

EUVD-2025-197785

A vulnerability has been identified in Mendix RichText All versions = V4.0.0 V4.6.1. Affected widget does not properly neutralize the input. This could allow an attacker to execute cross-site scripting attacks...

6.8CVSS6AI score0.00206EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/11/17 12:0 a.m.6 views

Siemens Mendix RichText 跨站脚本漏洞

The Mendix Rich Text component is a powerful rich text editor. Create richly formatted text with HTML output. A cross-site scripting vulnerability exists in the Siemens Mendix RichText component, version V4.0.0 through versions prior to V4.6.1, which can be exploited to implant cross-site scripti...

6.8CVSS5.9AI score0.00206EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/11/17 12:0 a.m.8 views

PT-2025-47141

Name of the Vulnerable Software and Affected Versions Mendix RichText versions 4.0.0 through 4.6.0 Description The Mendix RichText widget does not properly neutralize input, which could allow an attacker to execute cross-site scripting attacks. Recommendations Update to version 4.6.1 or later...

6.8CVSS6.2AI score0.00206EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/17 6:5 p.m.6 views

EUVD-2025-34901

ibexa/fieldtype-richtext has an XSS vulnerability via acronym custom tag in Rich Text...

5.9AI score
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-29621

Malware in sbrugna...

8.9CVSS8.7AI score0.0083EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-29366

Malicious code in bioql PyPI...

6.6AI score
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-29397

Malicious code in bioql PyPI...

6.6AI score
Exploits0References4
Rows per page
Query Builder