Lucene search
K

130 matches found

Positive Technologies
Positive Technologies
added 2025/09/22 12:0 a.m.8 views

PT-2025-38876

Name of the Vulnerable Software and Affected Versions NGG Smart Image Search versions through 3.4.3 Description The software contains a flaw related to improper input handling during web page generation, specifically a Stored Cross-site Scripting issue. This allows for the injection of malicious...

6.5CVSS6.4AI score0.00196EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2024-43417

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is a free asset and IT management software package. An unauthenticated user can provide a malicious link to a GLPI technician in order to exploit a reflect...

6.5CVSS4.9AI score0.00353EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/08/31 3:2 p.m.10 views

CVE-2025-9734 O2OA Personal Profile stat cross site scripting

A security flaw has been discovered in O2OA up to 10.0-410. The impacted element is an unknown function of the file /xqueryassembledesigner/jaxrs/stat of the component Personal Profile Page. The manipulation of the argument name/alias/description/applicationName results in cross site scripting. T...

5.1CVSS0.00302EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2025/07/08 9:40 p.m.2 views

CVE-2025-49534

Adobe Experience Manager versions FP11.4 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

5.4CVSS5.8AI score0.0023EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/07/07 12:0 a.m.2 views

Wikimedia Mediawiki - WikiHiero Extension 安全漏洞

Wikimedia Mediawiki - WikiHiero Extension is a Wikimedia Foundation extension for displaying and editing ancient Egyptian hieroglyphics. A security vulnerability exists in Wikimedia Mediawiki - WikiHiero Extension versions prior to 1.43.2, which stems from improper input neutralization and could...

6.1CVSS5.9AI score0.0019EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/07/04 12:0 a.m.5 views

WordPress plugin Email Address Security by WebEmailProtector 跨站脚本漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPre...

6.5CVSS5.6AI score0.00192EPSS
Exploits0References2
OSV
OSV
added 2025/06/10 11:15 p.m.3 views

CVE-2025-46992

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

5.4CVSS5.7AI score0.00305EPSS
Exploits0References1
OSV
OSV
added 2025/06/10 11:15 p.m.3 views

CVE-2025-46967

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

5.4CVSS5.8AI score0.00275EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:13 a.m.5 views

CVE-2024-4160

The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpdm-all-packages' shortcode in all versions up to, and including, 3.2.90 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS6AI score0.00342EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:41 a.m.5 views

CVE-2023-0639

A vulnerability was found in TRENDnet TEW-652BRP 3.04b01 and classified as problematic. This issue affects some unknown processing of the file getset.ccp of the component Web Management Interface. The manipulation of the argument nextPage leads to cross site scripting. The attack may be initiated...

6.1CVSS3.6AI score0.00363EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/05/15 12:0 a.m.11 views

WordPress plugin Photo Gallery, Images, Slider in Rbs Image Gallery 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the WordPre...

4.8CVSS4.8AI score0.00266EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/05/07 12:0 a.m.4 views

WordPress plugin Pays – WooCommerce Payment Gateway 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. WordPress plugin Pays - A cross-site request forger...

7.1CVSS7.1AI score0.00127EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/04/15 12:0 a.m.8 views

RHEL 6 : spacewalk-java (RHSA-2014:1184)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2014:1184 advisory. Red Hat Satellite is a systems management tool for Linux-based infrastructures. It allows for provisioning, monitoring, and remote management of...

4.3CVSS5.3AI score0.01759EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/04/03 12:0 a.m.4 views

WordPress plugin Snow Storm 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

7.1CVSS7AI score0.00276EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/04/01 12:0 a.m.3 views

WordPress plugin AI Search Bar 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

7.1CVSS6.9AI score0.00294EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/03/26 12:0 a.m.4 views

WordPress plugin MicroPayments 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...

7.1CVSS8.1AI score0.00352EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/03/11 9:48 p.m.5 views

WordPress Insert Code plugin <= 2.4 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by Abdi Pranata in WordPress Plugin Insert Code versions = 2.4...

7.1CVSS8.2AI score0.00139EPSS
Exploits0Affected Software1
Vulnrichment
Vulnrichment
added 2025/03/04 12:0 a.m.4 views

CVE-2025-26202

Cross-Site Scripting XSS vulnerability exists in the WPA/WAPI Passphrase field of the Wireless Security settings 2.4GHz & 5GHz bands in DZS Router Web Interface. An authenticated attacker can inject malicious JavaScript into the passphrase field, which is stored and later executed when an...

5.5AI score0.00647EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/02/12 10:36 p.m.5 views

CVE-2025-25189

The ZOO-Project is an open source processing platform. A reflected Cross-Site Scripting vulnerability exists in the ZOO-Project Web Processing Service WPS publish.py CGI script prior to commit 7a5ae1a. The script reflects user input from the jobid parameter in its HTTP response without proper HTM...

6.9CVSS6.1AI score0.00418EPSS
Exploits0References1
OSV
OSV
added 2025/02/11 4:15 p.m.4 views

CVE-2024-13830

Reflected XSS in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a remote unauthenticated attacker to obtain admin privileges. User interaction is required...

6.1CVSS5.8AI score
Exploits0References1
Rows per page
Query Builder