Lucene search
K

130 matches found

RedhatCVE
RedhatCVE
added 2026/02/12 1:4 a.m.9 views

CVE-2025-70297

A stored cross-site scripting XSS vulnerability in the recipe asset upload and media serving component in Mealie 3.3.1 allows remote authenticated users to inject arbitrary web script or HTML via an uploaded SVG file that is served as image/svg+xml and rendered by a victim s browser...

6.1CVSS5.4AI score0.00183EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/02/03 12:30 p.m.9 views

Moodle vulnerable to Cross-site Scripting

A flaw was found in Moodle. A remote attacker could exploit a reflected Cross-Site Scripting XSS vulnerability in the policy tool return URL. This vulnerability arises from insufficient sanitization of URL parameters, allowing attackers to inject malicious scripts through specially crafted links...

6.1CVSS5.8AI score0.00333EPSS
Exploits0References6Affected Software1
CNNVD
CNNVD
added 2026/02/03 12:0 a.m.6 views

WordPress plugin Seriously Simple Podcasting 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. The WordPre...

6.5CVSS5.8AI score0.00161EPSS
Exploits0References1
OSV
OSV
added 2026/02/02 10:54 p.m.7 views

CVE-2026-25144 Talishar has a Stored XSS which can lead to data exfiltration & user impersonation

Talishar is a fan-made Flesh and Blood project. A Stored XSS exists in the chat in-game system. The playerID parameter in SubmitChat.php and is saved without sanitization and executed whenever a user view the current page game. This vulnerability is fixed by 09dd00e5452e3cd998eb1406a88e5b0fa868e6...

5.3CVSS5.3AI score0.00251EPSS
Exploits0References4
Packet Storm
Packet Storm
added 2026/02/02 12:0 a.m.140 views

📄 WP Flash Player 1.3 Cross Site Scripting

Multiple cross site scripting vulnerabilities exist in WP Flash Player WordPress Plugin version 1.3. This issue is older research added to the archive. WP Flash Player 1.3 - Multiple Cross-site Scripting Advisory ID: RO-15-011 Severity: High Vendor: WordPress Product: WP Flash Player Version: 1.3...

5AI score
Exploits0
CNNVD
CNNVD
added 2026/01/28 12:0 a.m.7 views

Podcast Generator security vulnerabilities

Podcast Generator is an open-source set of free podcast publishing scripts written in PHP language. Version 3.2.9 of Podcast Generator has a security vulnerability, which stems from a storage-type XSS vulnerability in the function for creating new live projects. This vulnerability could allow for...

4.8CVSS6AI score0.00176EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/25 12:0 a.m.7 views

PT-2026-4650

SeaCMS 11.1 contains a stored cross-site scripting vulnerability in the checkuser parameter of the admin settings page. Attackers can inject malicious JavaScript payloads that will execute in users' browsers when the page is loaded...

6.4CVSS5.1AI score0.00244EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/01/19 8:32 a.m.3 views

CVE-2026-1146

A vulnerability has been found in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. Affected by this issue is some unknown functionality of the file /php/apiregisterpatient.php. Such manipulation of the argument firstName/lastName leads to cross site scripting. The...

5.4CVSS3.6AI score0.00176EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/01/16 7:9 p.m.3 views

CVE-2021-47839

Marky 0.0.1 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts into markdown files. Attackers can upload crafted markdown files with embedded JavaScript payloads that execute when the file is opened, potentially enabling remote code executio...

7.2CVSS5.6AI score0.00423EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/15 12:0 a.m.4 views

PT-2026-3057

Tagstoo 2.0.1 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious payloads through files or custom tags. Attackers can execute arbitrary JavaScript code to spawn system processes, access files, and perform remote code execution on the victim's computer...

7.2CVSS7.4AI score0.00366EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/12/29 8:32 p.m.5 views

CVE-2025-15204 SohuTV CacheCloud QuartzManageController.java doQuartzList cross site scripting

A vulnerability was determined in SohuTV CacheCloud up to 3.2.0. Affected is the function doQuartzList of the file src/main/java/com/sohu/cache/web/controller/QuartzManageController.java. Executing manipulation can lead to cross site scripting. It is possible to launch the attack remotely. The...

4.8CVSS5.4AI score0.00207EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/12/29 12:0 a.m.5 views

PT-2025-53798

Name of the Vulnerable Software and Affected Versions Hiroaki Miyashita Custom Field Template versions through 2.7.5 Description The software contains a flaw due to improper neutralization of input during web page generation, leading to a Stored Cross-site Scripting issue. This allows for the...

6.5CVSS6.4AI score0.0017EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/12/25 8:18 p.m.23 views

CVE-2025-8769

Telenium Online Web Application is vulnerable due to a Perl script that is called to load the login page. Due to improper input validation, an attacker can inject arbitrary Perl code through a crafted HTTP request, leading to remote code execution on the server...

9.8CVSS8.1AI score0.00895EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/18 12:0 a.m.3 views

PT-2025-52318

Name of the Vulnerable Software and Affected Versions TinyWebGallery version 2.5 Description TinyWebGallery version 2.5 has a stored cross-site scripting issue. Authenticated attackers can inject malicious scripts through the folder name parameter. Attackers can modify album folder names with...

5.4CVSS6.1AI score0.00201EPSS
Exploits1References7
EUVD
EUVD
added 2025/12/16 9:31 a.m.3 views

EUVD-2025-203567

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Gal Dubinski Stars Testimonials stars-testimonials-with-slider-and-masonry-grid allows Stored XSS.This issue affects Stars Testimonials: from n/a through = 3.3.4...

6.5CVSS5.5AI score0.00156EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/12/16 6:56 a.m.18 views

CVE-2025-13355

The URL Shortify WordPress plugin before 1.11.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS6.1AI score0.00145EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/16 12:0 a.m.4 views

WBCE CMS 安全漏洞

WBCE CMS is a PHP and MySQL based open source content management system CMS from WBCE CMS Open Source. A security vulnerability exists in WBCE CMS version 1.6.1, which stems from a cross-site scripting vulnerability that could allow an attacker to upload malicious HTML files and capture user...

7.1CVSS6AI score0.00226EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/12/15 2:35 p.m.4 views

CVE-2025-67341

jshERP versions 3.5 and earlier are affected by a stored XSS vulnerability. This vulnerability allows attackers to upload PDF files containing XSS payloads. Additionally, these PDF files can be accessed via static URLs, making them accessible to all users...

4.6CVSS6.3AI score0.00145EPSS
Exploits1References1
CVE
CVE
added 2025/12/10 6:0 a.m.23 views

CVE-2025-13072

The HandL UTM Grabber / Tracker WordPress plugin (versions prior to 2.8.1) is affected by CVE-2025-13072 due to improper sanitization/escaping of a parameter before it is reflected back on the page, enabling a Reflected XSS that could target high-privilege users such as admins. The issue is confi...

7.1CVSS5.7AI score0.00145EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/07 6:5 a.m.11 views

CVE-2025-13896

The Social Feed Gallery Portfolio plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter of the igp-wp shortcode in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS5.1AI score0.00201EPSS
Exploits0References1
Rows per page
Query Builder