Lucene search
K

80 matches found

Vulnrichment
Vulnrichment
added 2026/01/16 7:9 p.m.3 views

CVE-2021-47837 Markdownify 1.2.0 - Persistent Cross-Site Scripting

Markdownify 1.2.0 contains a persistent cross-site scripting vulnerability that allows attackers to store malicious payloads within markdown files. Attackers can upload crafted markdown files with embedded scripts that execute when the file is opened, potentially enabling remote code execution...

7.2CVSS7.1AI score0.00409EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/01/16 7:9 p.m.23 views

CVE-2021-47837 Markdownify 1.2.0 - Persistent Cross-Site Scripting

Markdownify 1.2.0 contains a persistent cross-site scripting vulnerability that allows attackers to store malicious payloads within markdown files. Attackers can upload crafted markdown files with embedded scripts that execute when the file is opened, potentially enabling remote code execution...

7.2CVSS0.00409EPSS
Exploits0References4
Snyk
Snyk
added 2025/12/15 4:40 p.m.4 views

Cross-site Scripting (XSS)

Overview getgrav/grav is a Modern, Crazy Fast, Ridiculously Easy and Amazingly Powerful Flat-File CMS. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the page editing. An attacker can execute arbitrary JavaScript in the context of other users by injecting malicio...

5.4CVSS5.2AI score0.00136EPSS
Exploits1References2
Veracode
Veracode
added 2025/12/13 6:52 a.m.6 views

Cross Site Scripting (XSS)

mediawiki/cargo is vulnerable to Cross Site Scripting XSS. The vulnerability is due to insufficient input sanitization during web page generation, which allows an attacker to inject and store malicious scripts that are executed in the context of other users when the affected content is viewed...

6.9CVSS6.2AI score0.00409EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2025/11/04 4:27 a.m.7 views

CVE-2025-12415 MapMap <= 1.1 - Cross-Site Request Forgery to Settings Update and Stored Cross-Site Scripting

The MapMap plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the adminshortcodesubmit, adminconfigurationsubmit, and adminshortcodedelete functions. This makes it possible for...

6.1CVSS0.00127EPSS
Exploits0References4
NVD
NVD
added 2025/10/09 5:15 p.m.5 views

CVE-2025-59978

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to store script tags directly in web pages that, when viewed by another user, enable the attacker to execute commands with the target's...

9.4CVSS0.00559EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/09 4:2 p.m.3 views

EUVD-2025-33389

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to store script tags directly in web pages that, when viewed by another user, enable the attacker to execute commands with the target's...

9.4CVSS6.4AI score0.00559EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/09 3:57 p.m.3 views

EUVD-2025-33392

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Junos Space Security Director allows an attacker to inject malicious scripts into the application, which are then stored and executed in the context of other users' browsers when they access...

9.3CVSS5.9AI score0.00346EPSS
Exploits0References2
CVE
CVE
added 2025/10/07 11:13 p.m.14 views

CVE-2025-61996

CVE-2025-61996 affects OPEXUS FOIAXpress prior to 11.13.3.0. An administrative user can inject JavaScript or other content into the Annual Report Template, with injected content executed in other users’ sessions when they generate an Annual Report. This constitutes a stored XSS exposure that coul...

4.8CVSS6.3AI score0.0022EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-27974

Malicious code in bioql PyPI...

5.3CVSS6.6AI score0.00329EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-54519

Malicious code in bioql PyPI...

8.1CVSS5.4AI score0.00421EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-31715

Malicious code in bioql PyPI...

4.8CVSS5.4AI score0.00344EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-18035

Malicious code in bioql PyPI...

5.4CVSS6.4AI score0.00282EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-18021

Malicious code in bioql PyPI...

5.4CVSS6.4AI score0.00305EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/09/22 12:0 a.m.7 views

CVE-2025-57203

MagicProject AI version 9.1 is affected by a Cross-Site Scripting XSS vulnerability within the chatbot generation feature available to authenticated admin users. The vulnerability resides in the prompt parameter submitted to the /dashboard/user/generator/generate-stream endpoint via a...

0.00221EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/09/06 2:24 a.m.6 views

CVE-2025-8360 LA-Studio Element Kit for Elementor <= 1.5.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets

The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's widgets in all versions up to, and including, 1.5.5.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possibl...

6.4CVSS0.00216EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/07/20 9:59 a.m.8 views

CVE-2025-49486

A stored XSS vulnerability in the Balbooa Gallery plugin 1.0.0-2.4.0 for Joomla allows privileged users to store malicious scripts in gallery items...

8.6CVSS5.9AI score0.00296EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/07/18 3:54 p.m.10 views

CVE-2025-53930

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting XSS vulnerability was identified in the adicionarespecie.php endpoint of the WeGIA application prior to version 3.4.5. This vulnerability allows attackers to inje...

6.4CVSS5.6AI score0.0025EPSS
Exploits1References1
Veracode
Veracode
added 2025/06/19 9:59 a.m.4 views

Cross-Site Scripting (XSS)

ibexa/fieldtype-richtext is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to insufficient input sanitization and escaping in the back office components, allowing malicious scripts to be injected and stored...

6.4AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 9:55 a.m.4 views

CVE-2024-28092

UBEE DDW365 XCNDDW365 8.14.3105 software on hardware 3.13.1 allows a remote attacker within Wi-Fi proximity to conduct stored XSS attacks via RgFirewallEL.asp, RgDdns.asp, RgTime.asp, RgDiagnostics.asp, or RgParentalBasic.asp. The affected fields are SMTP Server Name, SMTP Username, Host Name, Ti...

7.2CVSS6.3AI score0.00534EPSS
Exploits0References1
Rows per page
Query Builder