Lucene search
K

41 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/30 8:54 a.m.7 views

CVE-2026-6954

Cross-Site Scripting XSS vulnerability in Intermark IT's WebControl CMS v3.5. This vulnerability allows an attacker to execute JavaScript code or inject a dynamic iframe into the victim’s browser by sending a malicious URL via the 'urlDestino' parameter in '/portal.do'. This vulnerability can be...

5.1CVSS5.9AI score0.00366EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.10 views

PT-2026-33973

Cross-Site Scripting XSS vulnerability reflected in Semantic MediaWiki. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL using the '/index.php/Speciaal:GefacetteerdZoeken' endpoint parameter. This vulnerability can be exploit...

5.1CVSS5.9AI score0.00285EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/07 5:8 p.m.3 views

CVE-2026-35575

ChurchCRM is an open-source church management system. Prior to 6.5.3, a Stored Cross-Site Scripting Stored XSS vulnerability in the admin panel’s group-creation feature allows any user with group-creation privileges to inject malicious JavaScript that executes automatically when an administrator...

8CVSS5.9AI score0.00243EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/03/27 2:35 p.m.25 views

CVE-2026-5010 Reflected Cross-Site Scripting (XSS) in Sanoma’s Clickedu

A reflected Cross-Site Scripting XSS vulnerability has been discovered in Clickedu. This vulnerability allows an attacker to execute JavaScript code in the victim’s browser by sending them a malicious URL using the endpoint “/user.php/”. This vulnerability can be exploited to steal sensitive user...

5.1CVSS0.00272EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/25 3:31 p.m.8 views

EUVD-2026-15417

A Reflected Cross Site Scripting XSS vulnerability has been found in Support Board v3.7.7. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending the victim a malicious URL using the 'search' parameter in '/supportboard/include/articles.php'. This...

4.8CVSS5.8AI score0.0014EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/10 2:8 p.m.3 views

CVE-2025-40638

A reflected Cross-Site Scripting XSS vulnerability has been found in Eventobot. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending him/her a malicious URL using the 'name' parameter in '/search-results'. This vulnerability can be exploited to steal...

6.1CVSS5.8AI score0.00205EPSS
Exploits0References1
NVD
NVD
added 2026/02/23 11:16 a.m.5 views

CVE-2025-40986

Reflected Cross-Site Scripting XSS vulnerability in PideTuCita. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending him/her a malicious URL using the endpoint 'cookies/indes.php/'. This vulnerability can be exploited to steal confidential user data,...

5.1CVSS0.00419EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/20 1:26 p.m.5 views

CVE-2025-40697

Reflected Cross-Site Scripting XSS vulnerability in '/index.php' in Lewe WebMeasure, which allows remote attackers to execute arbitrary code through the 'page' parameter. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of...

5.1CVSS6.2AI score0.00404EPSS
Exploits0References1
NVD
NVD
added 2026/01/20 12:15 p.m.7 views

CVE-2025-40644

Reflected Cross-Site Scripting XSS vulnerability in Riftzilla's QRGen. This vulnerability allows an attavker to execute JavaScript code in the victim's browser by sending them a malicious URL using the 'id' parameter in '/article.php'. This vulnerability can be exploited to steal sensitive user...

5.1CVSS0.00318EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/18 7:53 p.m.22 views

CVE-2023-53936 Cameleon CMS 2.7.4 Authenticated Persistent Cross-Site Scripting via Post Creation

Cameleon CMS 2.7.4 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts into post titles. Attackers can create posts with embedded SVG scripts that execute when other users mouse over the post title, potentially stealing...

5.1CVSS0.00205EPSS
Exploits1References3
NVD
NVD
added 2025/12/11 10:15 p.m.4 views

CVE-2024-58289

Microweber 2.0.15 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts into user profile fields. Attackers can input script payloads in the first name field that will execute when the profile is viewed by other users, potentially...

5.4CVSS0.00214EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/12/11 12:0 a.m.4 views

PT-2025-50745

Name of the Vulnerable Software and Affected Versions Flatboard version 3.2 Description An authenticated administrator can inject malicious scripts in forum information fields, leading to a stored cross-site scripting issue. Attackers can insert JavaScript payloads that execute when other users...

5.3CVSS5.8AI score0.00315EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/11/19 12:0 a.m.7 views

PT-2025-47458

A reflected cross-site scripting XSS vulnerability exists in the password change functionality of Pixeon WebLaudos 25.1 01. The sle sSenha parameter to the loginAlterarSenha.asp file. An attacker can craft a malicious URL that, when visited by a victim, causes arbitrary JavaScript code to be...

4.6CVSS5.9AI score0.00175EPSS
Exploits1References3
OSV
OSV
added 2025/11/10 9:15 a.m.3 views

CVE-2025-41107

Stored Cross Site Scripting XSS vulnerability in Smart School 7.0 due to lack of proper validation of user input when sending a POST request to '/onlineadmission', wich affects the parameters 'firstname', 'lastname', 'guardianname' and others. This vulnerability could allow a remote user to send ...

5.4CVSS5.9AI score0.00189EPSS
Exploits0References1
CVE
CVE
added 2025/11/10 9:9 a.m.17 views

CVE-2025-41107

The CVE-2025-41107 entry describes a Stored XSS in Smart School 7.0 caused by insufficient validation of user input in a POST to /online_admission, affecting fields such as firstname, lastname, guardian_name, etc. The issue could allow a remote attacker to craft input that is processed by an auth...

5.4CVSS5.3AI score0.00189EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/10/20 9:56 a.m.12 views

CVE-2025-8349 Cross-Site Scripting (XSS) stored in Tawk Live Chat

Cross-site Scripting XSS stored vulnerability in Tawk Live Chat. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by uploading a malicious PDF with JavaScript payload through the chatbot. The PDF is stored by the application and subsequently displayed witho...

5.3CVSS0.00486EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2025/10/20 9:56 a.m.5 views

CVE-2025-8349

Cross-site Scripting XSS stored vulnerability in Tawk Live Chat. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by uploading a malicious PDF with JavaScript payload through the chatbot. The PDF is stored by the application and subsequently displayed witho...

5.3CVSS6AI score0.00486EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/20 9:56 a.m.8 views

CVE-2025-8349 Cross-Site Scripting (XSS) stored in Tawk Live Chat

Cross-site Scripting XSS stored vulnerability in Tawk Live Chat. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by uploading a malicious PDF with JavaScript payload through the chatbot. The PDF is stored by the application and subsequently displayed witho...

5.3CVSS5.9AI score0.00486EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/13 5:29 a.m.25 views

CVE-2025-61319

ReNgine thru 2.2.0 is vulnerable to a Stored Cross-Site Scripting XSS vulnerability in the Vulnerabilities module. When scanning a target with an XSS payload, the unsanitized payload is rendered in the ReNgine web UI, resulting in arbitrary JavaScript execution in the victim's browser. This can b...

6.1CVSS5.2AI score0.00266EPSS
Exploits1References1
NVD
NVD
added 2025/10/08 12:15 a.m.6 views

CVE-2025-61997

OPEXUS FOIAXpress before 11.13.3.0 allows an administrative user to inject JavaScript or other content within the Annual Report Enterprise Banner image upload field. Injected content is executed in the context of other users when they generate an Annual Report. Successful exploitation allows the...

4.8CVSS0.00225EPSS
Exploits0References3
Rows per page
Query Builder