Lucene search
K

6262 matches found

Nuclei
Nuclei
added 8 hours ago54 views

Zarafa WebApp <=2.0.1.47791 - Cross-Site Scripting

Zarafa WebApp 2.0.1.47791 and earlier contains an unauthenticated reflected cross-site scripting vulnerability. An attacker can execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. id: CVE-2019-7219 info: name: Zarafa WebApp =2.0.1.47791 -...

6.1CVSS6.6AI score0.05173EPSS
Exploits0References5
Nuclei
Nuclei
added 8 hours ago22 views

Dash Framework - Cross-site Scripting

Dash framework versions before 2.15.0 are vulnerable to Cross-site Scripting XSS via href attribute in anchor tags. This template tests for javascript:alert payload injection. id: CVE-2024-21485 info: name: Dash Framework - Cross-site Scripting author: Lee Changhyuneeche severity: medium...

6.5CVSS6.5AI score0.01475EPSS
Exploits1References1
NVD
NVD
added yesterday3 views

CVE-2026-57396

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Flintop Free Gifts for WooCommerce free-gifts-for-woocommerce allows Stored XSS.This issue affects Free Gifts for WooCommerce: from n/a through = 13.1.0...

7.1CVSS0.00251EPSS
Exploits0References1
CVE
CVE
added yesterday5 views

CVE-2026-57402

CVE-2026-57402 concerns the WordPress plugin Flexible Refund and Return Order for WooCommerce (versions

6.5CVSS6.1AI score0.00224EPSS
Exploits0References1
Nuclei
Nuclei
added yesterday217 views

Gitea 1.22.0 - Cross-Site Scripting

Gitea 1.22.0 is vulnerable to a Stored Cross-Site Scripting XSS vulnerability. This vulnerability allows an attacker to inject malicious scripts that get stored on the server and executed in the context of another user's session. id: CVE-2024-6886 info: name: Gitea 1.22.0 - Cross-Site Scripting...

10CVSS7AI score0.40321EPSS
Exploits3References2
CVE
CVE
added 4 days ago10 views

CVE-2026-13710

The Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPress is affected by a Stored Cross-Site Scripting vulnerability in the Image Box widget’s sg_body_description parameter, affecting versions up to 3.2.6. The issue stems from insufficient input sanitization and...

6.4CVSS6.2AI score0.00206EPSS
Exploits0References8
CVE
CVE
added 6 days ago10 views

CVE-2026-8315

The CVE-2026-8315 entry concerns a Stored XSS in Mediküm Web (Webbeyaz Web Design). Affected component: input handling during web page generation with improper neutralization of input as the root cause. Impact is Stored XSS (confidentiality/integrity impact low; availability none; user interactio...

5.4CVSS5.9AI score0.00133EPSS
Exploits0References1
CVE
CVE
added 6 days ago11 views

CVE-2026-6742

The data shows CVE-2026-6742 affects the WordPress Advanced iFrame plugin: all versions up to 2026.1 are vulnerable to Stored Cross-Site Scripting via the Gutenberg Block 'additional' attribute due to insufficient input sanitization and output escaping. This allows authenticated users with contri...

6.4CVSS6.1AI score0.00156EPSS
Exploits0References2
CVE
CVE
added 2026/07/07 2:32 p.m.14 views

CVE-2026-12948

The CVE-2026-12948 vulnerability affects the web management interfaces of Digi PortServer TS, Digi One SP, Digi One SP IA, and Digi One IA. It is a stored XSS (CWE-79) that permits a remote, authenticated administrator to inject script into certain system configuration fields; the script can exec...

4.8CVSS5.8AI score0.00269EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/07/06 1:23 p.m.4 views

WordPress tagDiv Composer plugin <= 5.4.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Bonds in WordPress Plugin tagDiv Composer versions = 5.4.5...

7.1CVSS6.1AI score0.00251EPSS
Exploits0Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/03 8:58 a.m.11 views

CVE-2026-4322

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Raera - Ankara Web Design and Digital Advertising Agency Destekz allows Reflected XSS. This issue affects Destekz: through 02062026. NOTE: The vendor was contacted and it was learned that the produ...

6.1CVSS5.9AI score0.00149EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.16 views

PT-2026-55500

Name of the Vulnerable Software and Affected Versions JSON API User versions prior to 4.1.1 Description The JSON API User plugin for WordPress contains a Stored Cross-Site Scripting issue. This occurs because the post comment function fails to properly sanitize input, allowing the comment content...

6.4CVSS6.1AI score0.00228EPSS
Exploits0References10
CVE
CVE
added 2026/07/02 11:14 a.m.14 views

CVE-2025-69155

CVE-2025-69155 affects the Fitness Zone WordPress Theme up to version 5.7. It is described as an unauthenticated Cross Site Scripting (XSS) vulnerability in the theme, with CVSS v3.1 base score 7.1 (HIGH). Attack vector: NETWORK; Attack complexity: LOW; Privileges required: NONE; User interaction...

7.1CVSS5.8AI score0.0018EPSS
Exploits0References1
CVE
CVE
added 2026/07/02 5:35 a.m.17 views

CVE-2026-13704

Summary: CVE-2026-13704 affects the GiveWP – Donation Plugin and Fundraising Platform for WordPress. The vulnerability is a Stored Cross‑Site Scripting issue exploitable via the parameter sequoia[introduction][image] and exists in all versions up to and including 4.16.1 due to insufficient input ...

6.4CVSS5.9AI score0.00235EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/07/01 2:58 p.m.35 views

CVE-2026-58030 SyntaxHighlight stored XSS via unsanitized 'linelinks' attribute

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation SyntaxHighlightGeSHi. This vulnerability is associated with program files includes/SyntaxHighlight.Php. This issue affects SyntaxHighlightGeSHi: from before 1.46.0,...

5.3CVSS0.0027EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/30 8:22 p.m.7 views

EUVD-2025-210382

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a...

6.4CVSS5.5AI score0.00257EPSS
Exploits0References1
CVE
CVE
added 2026/06/29 10:0 a.m.19 views

CVE-2026-13557

The CVE-2026-13557 affects itsourcecode Online Hotel Management System 1.0. An attacker can manipulate the Name argument in the POST handler at /admin/mod_room/controller.php?action=add, triggering cross-site scripting. The vulnerability is exploitable remotely, and public exploit code appears to...

5.3CVSS4.2AI score0.00443EPSS
Exploits0References6
NVD
NVD
added 2026/06/27 6:16 a.m.8 views

CVE-2026-13245

The MaxButtons – Create buttons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'view' parameter in all versions up to, and including, 9.8.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS0.00211EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/27 1:27 a.m.9 views

CVE-2026-11356

The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'menutitle' and 'menumagnifiercolor' Settings in all versions up to, and including, 5.5.15 due to insufficient input sanitization and output escaping. This makes it possible for...

4.4CVSS5.9AI score0.00251EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/27 12:0 a.m.12 views

PT-2026-53051

Name of the Vulnerable Software and Affected Versions Dokan: AI Powered WooCommerce Multivendor Marketplace Solution versions prior to 5.0.5 Description Stored Cross-Site Scripting occurs due to insufficient input sanitization and output escaping. Authenticated attackers with custom-level access ...

6.4CVSS5.8AI score0.0022EPSS
Exploits0References14
Rows per page
Query Builder