Lucene search
K

744 matches found

Positive Technologies
Positive Technologies
added 2026/01/26 12:0 a.m.4 views

PT-2026-4798

Name of the Vulnerable Software and Affected Versions Hiawatha version 11.7 Description A double free issue exists in the XSLT show index function of the Hiawatha webserver. This allows an unauthenticated attacker to corrupt data, potentially leading to arbitrary code execution. The issue involve...

6.5CVSS6.2AI score0.00344EPSS
Exploits0References4
Fedora
Fedora
added 2026/01/22 1:15 a.m.5 views

[SECURITY] Fedora 42 Update: mingw-libxslt-1.1.43-4.fc42

This C library allows to transform XML files into other XML files or HTML, text, ... using the standard XSLT stylesheet transformation mechanism. To use it you need to have a version of libxml2 =3D 2.6.27 installed. The xsltproc command is a command line interface to the XSLT engine...

5.5CVSS6.4AI score0.00258EPSS
Exploits0
Veracode
Veracode
added 2026/01/20 12:37 p.m.7 views

Cross-site Scripting (XSS)

october/system is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper input sanitization in backend configuration stylesheet fields, which allows an attacker with backend customization privileges to inject malicious HTML or JavaScript and execute arbitrary scripts across...

6.1CVSS5.8AI score0.00183EPSS
Exploits0References2Affected Software2
ATTACKERKB
ATTACKERKB
added 2026/01/20 8:2 a.m.2 views

CVE-2025-41768

An high privileged remote attacker can inject arbitrary content into the custom CSS field on the affected devices due to improper neutralization of input during web page generation 'Cross-site Scripting'...

5.5CVSS5.8AI score0.00207EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.3 views

MiracleLinux 7 : firefox-91.11.0-2.0.1.el7.AXS7 (AXSA:2022-3440:15)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2022-3440:15 advisory. Mozilla: CSP sandbox header without allow-scripts can be bypassed via retargeted javascript: URI CVE-2022-34468 Mozilla: Use-after-free in nsSHistor...

9.8CVSS8.5AI score0.23941EPSS
Exploits1References9
Snyk
Snyk
added 2026/01/19 7:47 p.m.3 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the inlineRemoteCSS function during the HTML email analysis process. An attacker can cause the server to make arbitrary HTTP requests to external resources by supplying crafted HTML emails containing...

7.5CVSS5.8AI score0.00396EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/01/14 12:0 a.m.3 views

MiracleLinux 3 : libxslt-1.1.17-4.3.0.1.AXS3 (AXSA:2012-927:01)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2012-927:01 advisory. This C library allows to transform XML files into other XML files or HTML, text, ... using the standard XSLT stylesheet transformation mechanism. To...

6.8CVSS8.9AI score0.02455EPSS
Exploits1References6
NVD
NVD
added 2026/01/10 4:16 a.m.4 views

CVE-2025-61676

October is a Content Management System CMS and web platform. Prior to versions 3.7.13 and 4.0.12, a cross-site scripting XSS vulnerabilities was identified in October CMS backend configuration forms. A user with the Customize Backend Styles permission could inject malicious HTML/JS into the...

6.1CVSS0.00183EPSS
Exploits0References1
CVE
CVE
added 2026/01/10 3:14 a.m.10 views

CVE-2025-61674

CVE-2025-61674 concerns October CMS. An XSS vulnerability exists in backend configuration forms where a user with Global Editor Settings can inject HTML/JS into the Markup Styles stylesheet input. A crafted input can escape the context, enabling arbitrary script execution on backend pages for al...

6.1CVSS5.5AI score0.00183EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/01/10 3:14 a.m.4 views

CVE-2025-61674 October CMS Vulnerable to Stored XSS via Editor and Branding Styles

October is a Content Management System CMS and web platform. Prior to versions 3.7.13 and 4.0.12, a cross-site scripting XSS vulnerability was identified in October CMS backend configuration forms. A user with the Global Editor Settings permission could inject malicious HTML/JS into the styleshee...

6.1CVSS5.4AI score0.00183EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/10 12:0 a.m.5 views

PT-2026-1832

Name of the Vulnerable Software and Affected Versions October versions prior to 3.7.13 October versions prior to 4.0.12 Description October is a Content Management System CMS and web platform. A cross-site scripting XSS issue exists in October CMS backend configuration forms. A user possessing th...

6.1CVSS5.8AI score0.00183EPSS
Exploits0References4
Snyk
Snyk
added 2026/01/09 8:12 p.m.3 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the stylesheet input in the backend branding and appearance configuration. An attacker can execute arbitrary scripts in the context of backend users by injecting malicious HTML or JavaScript. This is only...

8.4CVSS5.4AI score0.00183EPSS
Exploits0References2
Snyk
Snyk
added 2026/01/09 8:12 p.m.2 views

Cross-site Scripting (XSS)

Overview october/system is a System module for October CMS. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the stylesheet input in the backend branding and appearance configuration. An attacker can execute arbitrary scripts in the context of backend users by...

8.4CVSS5.4AI score0.00183EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/01/09 6:12 p.m.9 views

October CMS Vulnerable to Stored XSS via Editor and Branding Styles

A cross-site scripting XSS vulnerabilities was identified in October CMS backend configuration forms: - Editor Settings Markup Styles A user with the Global Editor Settings permission could inject malicious HTML/JS into the stylesheet input at Settings → Editor Settings → Markup Styles. A special...

6.1CVSS6.2AI score0.00183EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2026/01/09 6:12 p.m.2 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the stylesheet input in the backend configuration forms. An attacker can execute arbitrary scripts in the context of other users by injecting malicious HTML or JavaScript through the editor settings. This ca...

8.4CVSS5.5AI score0.00183EPSS
Exploits0References2
Snyk
Snyk
added 2026/01/09 6:12 p.m.2 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the stylesheet input in the backend configuration forms. An attacker can execute arbitrary scripts in the context of other users by injecting malicious HTML or JavaScript through the editor settings. This ca...

8.4CVSS5.5AI score0.00183EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/01/04 8:47 p.m.167 views

XLST-XML-PAYLOAD-GENERATOR

XLST-XML-PAYLOAD-GENERATOR This project is a...

8.6AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/12/18 9:34 p.m.8 views

CVE-2025-55254

Improper management of Path-relative stylesheet import in HCL BigFix Remote Control Lite Web Portal versions 10.1.0.0326 and lower may allow to execute malicious code in certain web pages...

4.8CVSS7.3AI score0.00166EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/12/18 12:0 a.m.6 views

Mozilla Firefox < 2.0.0.12

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 2.0.0.12. It is, therefore, affected by a vulnerability as referenced in the mfsa2008-10 advisory. - Gecko-based browsers, including Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8, modify the .href...

4.3CVSS8.3AI score0.02037EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2025/12/18 12:0 a.m.10 views

Mozilla Firefox < 2.0.0.12

The version of Firefox installed on the remote Windows host is prior to 2.0.0.12. It is, therefore, affected by a vulnerability as referenced in the mfsa2008-10 advisory. - Gecko-based browsers, including Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8, modify the .href property of...

4.3CVSS8.4AI score0.02037EPSS
Exploits1References3
Rows per page
Query Builder