Lucene search
K

36802 matches found

CVE
CVE
added 2 hours ago4 views

CVE-2026-49867

DataEase (open source data visualization tool) contains an authenticated stored XSS in template static resources prior to version 2.10.23. The flaw occurs when authenticated users submit TemplateManageRequest.staticResource via POST /de2api/templateManage/save or via DataVisualizationServer.decom...

6.3CVSS6.1AI score0.00032EPSS
Exploits0References3
CVE
CVE
added 4 hours ago11 views

CVE-2026-62378

RustFS Console is affected in versions 0.1.7–0.1.10. The vulnerability lies in the components/object/preview-modal.tsx and components/object/pdf-viewer.tsx extension-based PDF preview path, which can render HTML content uploaded as .pdf, enabling a stored XSS in the management console. This can l...

9CVSS6AI score
Exploits0References3
NVD
NVD
added 9 hours ago3 views

CVE-2026-56398

Open WebUI before 0.9.5 contains a stored cross-site scripting vulnerability in the OAuth authentication flow where the picture claim URL MIME type is inferred from file extension rather than Content-Type header, allowing SVG files to bypass the profile image validator and be stored as data URIs...

8.5CVSS
Exploits0References2
Nuclei
Nuclei
added 17 hours ago7 views

WPBot <= 8.4.9 - Cross-Site Scripting

WPBot = 8.4.9 is vulnerable to stored cross-site scripting via the conversation parameter in the qcldwbchatbotconversationsave AJAX action. The AJAX nonce qcsecretbotnonceval123qc is publicly emitted on every frontend page via wplocalizescript under the ajaxnonce key, making it freely obtainable ...

7.2CVSS6.1AI score0.00524EPSS
Exploits0References2
Nuclei
Nuclei
added 17 hours ago83 views

Duplicate Page WordPress - Stored Cross-Site Scripting

Duplicate Page WordPress plugin = 4.4.2 contains a stored cross-site scripting caused by unsanitized Duplicate Post Suffix settings in output, letting high privilege users execute malicious scripts, exploit requires high privilege user role. id: CVE-2021-24681 info: name: Duplicate Page WordPress...

4.8CVSS6.1AI score0.0087EPSS
Exploits2References3
Nuclei
Nuclei
added 17 hours ago137 views

Limit Login Attempts - Stored Cross-Site Scripting

Limit Login Attempts WordPress plugin 4.0.72 contains a stored cross-site scripting caused by unsanitized and unescaped settings, letting malicious administrators inject Javascript code, exploit requires administrator privileges. id: CVE-2022-1029 info: name: Limit Login Attempts - Stored...

4.8CVSS6AI score0.00848EPSS
Exploits2References1
Nuclei
Nuclei
added 17 hours ago22 views

The Events Calendar < 6.4.0.1 - Cross-site Scripting

The Events Calendar WordPress plugin 6.4.0.1 contains a stored XSS caused by improper sanitization of user-submitted content when rendering views via AJAX, letting attackers execute scripts in the context of the affected site. Exploitation requires user interaction. id: CVE-2024-4180 info: name:...

9.1CVSS6.2AI score0.01834EPSS
Exploits2References3
Nuclei
Nuclei
added 17 hours ago126 views

LiteSpeed Cache <= 5.7 - Unauthenticated Stored XSS

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Stored XSS.This issue affects LiteSpeed Cache- from n/a through 5.7. id: CVE-2023-40000 info: name: LiteSpeed Cache = 5.7 - Unauthenticated Stored XSS...

8.3CVSS6.8AI score0.54872EPSS
Exploits5References3
Nuclei
Nuclei
added 17 hours ago81 views

ChurchCRM 4.5.3 - Cross-Site Scripting

A stored Cross-site scripting XSS vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web script or HTML via the NoteEditor.php. id: CVE-2023-26843 info: name: ChurchCRM 4.5.3 - Cross-Site Scripting author: Harsh severity: medium description: | A stored Cross-site scripti...

5.4CVSS6.3AI score0.0142EPSS
Exploits1References5
Nuclei
Nuclei
added 17 hours ago64 views

Microweber <1.2.12 - Stored Cross-Site Scripting

Microweber prior to 1.2.12 contains a stored cross-site scripting vulnerability. It allows unrestricted upload of XML files,. id: CVE-2022-0963 info: name: Microweber 1.2.12 - Stored Cross-Site Scripting author: amit-jd severity: medium description: | Microweber prior to 1.2.12 contains a stored...

5.7CVSS6.2AI score0.01877EPSS
Exploits1References5
Nuclei
Nuclei
added 17 hours ago21 views

tagDiv Composer < 4.2 - Stored Cross-Site Scripting

tagDiv Composer plugin versions before 4.2 for WordPress are vulnerable to unauthenticated stored XSS via the /wp-json/tdw/savecss endpoint. An attacker can inject malicious JavaScript code through the compiledcss parameter, which gets stored and executed when the CSS is loaded. id: CVE-2023-3169...

6.1CVSS6.8AI score0.01582EPSS
Exploits2References2
Nuclei
Nuclei
added 17 hours ago54 views

Limit Login Attempts WordPress - Stored Cross-site Scripting

Limit Login Attempts WordPress plugin 4.0.50 contains a stored cross-site scripting caused by not escaping IP addresses controlled via headers like X-Forwarded-For before outputting them in reports, letting unauthenticated attackers execute scripts in admin context. id: CVE-2021-24657 info: name:...

6.1CVSS6.4AI score0.01595EPSS
Exploits2References2
NVD
NVD
added yesterday5 views

CVE-2026-47994

Adobe Commerce is affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerabl...

8.7CVSS
Exploits0References1
CVE
CVE
added yesterday5 views

CVE-2026-47995

Technical details such as affected versions, vulnerable components, exploit methods, or remediation steps are not provided in the supplied documents. Monitor for updates from Adobe/NVD for concrete technical information.

8.1CVSS6.1AI score
Exploits0References1Affected Software1
Cvelist
Cvelist
added yesterday27 views

CVE-2026-47995 Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Commerce is affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerab...

8.1CVSS
Exploits0References1
CVE
CVE
added yesterday6 views

CVE-2026-48263

CVE-2026-48263 : Adobe Experience Manager is affected by a stored Cross-Site Scripting (XSS) vulnerability in vulnerable form fields. The issue allows a low-privileged attacker to inject malicious scripts, which may execute in a victim’s browser when visiting a page containing the vulnerable fiel...

5.4CVSS6.1AI score
Exploits0References1
CVE
CVE
added yesterday5 views

CVE-2026-48355

Adobe Experience Manager is affected by a stored XSS vulnerability (CVE-2026-48355) that allows a low-privileged attacker to inject JavaScript into vulnerable form fields, with victim browsers executing the script when visiting the affected page. The CVSS v3.1 base score is 5.4 (Medium) with netw...

5.4CVSS6.1AI score
Exploits0References1
Cvelist
Cvelist
added yesterday30 views

CVE-2026-45072 Symfony: Stored XSS in WebProfiler CodeExtension::fileExcerpt() — Unescaped Non-PHP File Rendering

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 6.4.24 until 6.4.40, 7.4.12, and 8.0.12, the development profiler fileexcerpt Twig filter escapes PHP files through highlightstring but interpolates lines from non-PHP files directly into...

2CVSS0.00062EPSS
Exploits0References5
Cvelist
Cvelist
added yesterday23 views

CVE-2026-54432

Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2 allows Stored Cross-Site Scripting XSS. The issue occurs because the attachment MIME type is not properly escaped on the attachment-validation warning page...

4.7CVSS
Exploits0References1
CVE
CVE
added yesterday32 views

CVE-2026-54432

Roundcube Webmail affected: versions before 1.6.17 and 1.7.x before 1.7.2 are vulnerable to a Stored XSS flaw. Root cause: the attachment MIME type is not properly escaped on the attachment-validation warning page, enabling script execution within a victim’s session when an email is viewed. Affec...

4.7CVSS6.1AI score
Exploits0References1
Rows per page
Query Builder