Lucene search
K

211 matches found

OSV
OSV
added 2026/02/25 7:29 p.m.2 views

GHSA-8WPV-6X3F-3RM5 Rucio WebUI has a Stored Cross-site Scripting (XSS) vulnerability its Identity Name

Summary A stored Cross-site Scripting XSS vulnerability was identified in the Identity Name of the WebUI where attacker-controlled input is persisted by the backend and later rendered in the WebUI without proper output encoding. This allows arbitrary JavaScript execution in the context of the Web...

6.1CVSS6AI score0.00287EPSS
Exploits1References7
Cvelist
Cvelist
added 2026/02/20 3:46 p.m.28 views

CVE-2025-60183 WordPress Silencesoft RSS Reader Plugin <= 0.6 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in silence Silencesoft RSS Reader external-rss-reader allows Stored XSS.This issue affects Silencesoft RSS Reader: from n/a through = 0.6...

5.9CVSS0.00226EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/20 1:22 a.m.6 views

CVE-2026-25596

InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting XSS vulnerability exists in InvoicePlane 1.7.0 via the Product Unit Name fields. An authenticated administrator can inject malicious JavaScript that executes when any...

4.8CVSS5.6AI score0.0021EPSS
Exploits2References1
NVD
NVD
added 2026/02/19 6:24 p.m.12 views

CVE-2026-23606

GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Advanced Content Filtering rule creation workflow. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pv1$txtRuleName parameter to...

5.4CVSS0.00173EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.8 views

PT-2026-20897

Name of the Vulnerable Software and Affected Versions GFI MailEssentials AI versions prior to 22.4 Description GFI MailEssentials AI versions before 22.4 are affected by a stored cross-site scripting issue. An authenticated user can inject HTML or JavaScript code into the...

5.4CVSS5.1AI score0.00173EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/02/15 1:58 p.m.4 views

CVE-2019-25369

OPNsense 19.1 contains a stored cross-site scripting vulnerability in the systemadvancedsysctl.php endpoint that allows attackers to inject persistent malicious scripts via the tunable parameter. Attackers can submit POST requests with script payloads that are stored and executed in the context o...

6.4CVSS5.1AI score0.00199EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2026/02/14 6:42 a.m.31 views

CVE-2026-1903

CVE-2026-1903 concerns the WordPress plugin Ravelry Designs Widget (versions up to 1.0.0). The vulnerability is a stored XSS via the shortcode attribute sb_ravelry_designs layout. Exploitation requires authenticated access at contributor level or higher, and would cause arbitrary scripts to run w...

6.4CVSS5.8AI score0.00245EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/02/09 7:25 p.m.23 views

CVE-2026-25491 Craft has a Stored XSS in Entry Types Name

Craft is a platform for creating digital experiences. From 5.0.0-RC1 to 5.8.21, Craft has a stored XSS via Entry Type names. The name is not sanitized when displayed in the Entry Types list. This vulnerability is fixed in 5.8.22...

4.8CVSS0.0031EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/02/05 8:25 a.m.31 views

CVE-2026-1319 Robin Image Optimizer <= 2.0.2 - Authenticated (Author+) Stored Cross-Site Scripting via Image Alternative Text Field

The Robin Image Optimizer – Unlimited Image Optimization & WebP Converter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Alternative Text' field of a Media Library image in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output...

6.4CVSS0.00205EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/04 12:0 a.m.8 views

PT-2026-6081

Name of the Vulnerable Software and Affected Versions Cisco Prime Infrastructure affected versions not specified Description A flaw exists in the web-based management interface that could allow an authenticated, remote attacker to perform a stored cross-site scripting XSS attack against users. Th...

4.8CVSS5.5AI score0.00175EPSS
Exploits0References6
CVE
CVE
added 2026/02/03 10:22 p.m.18 views

CVE-2026-1755

The CVE concerns the WordPress plugin Menu Icons by ThemeIsle (versions up to and including 0.13.20). It describes a Stored Cross-Site Scripting vulnerability via the _wp_attachment_image_alt post meta caused by insufficient input sanitization and output escaping. Exploitation requires authentica...

6.4CVSS5.6AI score0.00181EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/02/02 7:57 p.m.4 views

WordPress Brizy - Page Builder plugin <= 2.4.41 - Authenticated(Contributor+) Stored Cross-Site Scripting vulnerability

WordPress Brizy - Page Builder plugin = 2.4.41 - AuthenticatedContributor+ Stored Cross-Site Scripting vulnerability discovered by stealthcopter in WordPress Plugin Brizy versions = 2.4.41...

7.1CVSS5.2AI score0.00267EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/24 9:15 a.m.15 views

CVE-2025-14745

The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wp-rss-aggregator' shortcode in all versions up to, and including, 5.0.10 due to insufficient input sanitization and output escaping on...

6.4CVSS5.8AI score0.00232EPSS
Exploits0References1
CVE
CVE
added 2026/01/22 4:52 p.m.9 views

CVE-2025-68866

CVE-2025-68866 affects the WordPress plugin Dinatur (versions up to and including 1.18). The issue is an Stored XSS caused by improper neutralization of input during web page generation, exposing site visitors to injected scripts. The vulnerability is rated with a CVSSv3.1 base score of 7.1 (High...

7.1CVSS5.4AI score0.00222EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/13 9:25 p.m.7 views

CVE-2025-68658 Open Source Point of Sale (opensourcepos) Stored XSS in Configuration (Information) – Company Name field

Open Source Point of Sale opensourcepos is a web based point of sale application written in PHP using CodeIgniter framework. opensourcepos 3.4.0 and 3.4.1 has a stored XSS vulnerability exists in the Configuration Information functionality. An authenticated user with the permission “Configuration...

4.3CVSS5.5AI score0.0018EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/01/07 9:21 a.m.45 views

CVE-2025-14057 Multi-column Tag Map <= 17.0.39 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'mctm_css_conditional' Parameter

The Multi-column Tag Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 17.0.39 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

4.4CVSS0.003EPSS
Exploits0References4
CVE
CVE
added 2026/01/07 9:20 a.m.21 views

CVE-2025-14113

The CVE CVE-2025-14113 affects Viitor Button Shortcodes for WordPress (plugin Viitor Button Shortcodes). It is a Stored Cross-Site Scripting (XSS) vulnerability via the link shortcode attribute that affects all versions up to and including 3.0.0, caused by insufficient input sanitization and outp...

6.4CVSS4.7AI score0.00187EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/07 9:19 a.m.5 views

CVE-2024-2470

The Simple Ajax Chat WordPress plugin before 20240412 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.4CVSS5.3AI score0.00333EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2026/01/07 12:0 a.m.6 views

PT-2026-1635

Name of the Vulnerable Software and Affected Versions My Album Gallery plugin for WordPress versions prior to 1.0.5 Description The My Album Gallery plugin for WordPress is susceptible to Stored Cross-Site Scripting through the style css shortcode attribute. Insufficient input sanitization and...

6.4CVSS5.3AI score0.00187EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/12/31 1:24 p.m.4 views

CVE-2025-62140 WordPress Locatoraid Store Locator plugin <= 3.9.65 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Plainware Locatoraid Store Locator allows Stored XSS.This issue affects Locatoraid Store Locator: from n/a through 3.9.65...

5.9CVSS5.6AI score0.00186EPSS
Exploits0References1
Rows per page
Query Builder