Lucene search
+L

136 matches found

Snyk
Snyk
added 2026/03/03 9:0 p.m.10 views

Template Injection

Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Template Injection via the craft.app.fs.write function in Twig templates. An attacker can execute arbitrary system commands and disclose sensitive information by injecting malicious payloads...

9.4CVSS5.9AI score0.01067EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/03 8:30 p.m.12 views

Template Injection

Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Template Injection via the create function. An attacker can execute arbitrary code on the server by supplying a crafted payload that instantiates dangerous classes, such as...

7.5CVSS6.2AI score0.00556EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/03/03 12:0 a.m.11 views

PT-2026-22997

Name of the Vulnerable Software and Affected Versions Craft CMS versions prior to 5.8.22 Craft CMS versions prior to 4.16.18 Description Craft is a content management system. A malicious payload can be crafted using the Twig map filter in text fields that accept Twig input within the Settings...

8.6CVSS6.6AI score0.00514EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/02/25 1:32 p.m.25 views

CVE-2026-3185 feiyuchuixue sz-boot-parent API Endpoint sys-message authorization

A vulnerability was found in feiyuchuixue sz-boot-parent up to 1.3.2-beta. Affected is an unknown function of the file /api/admin/sys-message/ of the component API Endpoint. The manipulation of the argument messageId results in authorization bypass. The attack can be launched remotely. The exploi...

6.9CVSS0.0044EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2026/02/25 1:32 p.m.5 views

CVE-2026-3185 feiyuchuixue sz-boot-parent API Endpoint sys-message authorization

A vulnerability was found in feiyuchuixue sz-boot-parent up to 1.3.2-beta. Affected is an unknown function of the file /api/admin/sys-message/ of the component API Endpoint. The manipulation of the argument messageId results in authorization bypass. The attack can be launched remotely. The exploi...

6.9CVSS5.1AI score0.0044EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2026/02/03 3:18 a.m.8 views

CVE-2025-67477

A flaw was found in MediaWiki. An Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS, vulnerability exists in the ApiSandboxLayout.Js program file. This flaw could potentially allow an attacker with high privileges to inject malicious scripts into...

4.8CVSS5.4AI score0.00216EPSS
Exploits0References4
Snyk
Snyk
added 2026/02/03 1:16 a.m.3 views

Cross-site Scripting (XSS)

Overview mediawiki/core is a Free software wiki application developed by the Wikimedia Foundation and others. Note: This package is not maintained on Packagist anymore, but newer releases exist. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Special:ApiSandbo...

6.1CVSS5.5AI score0.00216EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/03 1:4 a.m.1 views

CVE-2025-61655 Stored XSS through system messages in VisualEditor

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation VisualEditor. This vulnerability is associated with program files includes/ApiVisualEditorEdit.Php, modules/ve-mw/init/targets/ve.Init.Mw.DesktopArticleTarget.Js,...

5.3AI score0.00144EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/03 1:4 a.m.29 views

CVE-2025-61655 Stored XSS through system messages in VisualEditor

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation VisualEditor. This vulnerability is associated with program files includes/ApiVisualEditorEdit.Php, modules/ve-mw/init/targets/ve.Init.Mw.DesktopArticleTarget.Js,...

0.00144EPSS
Exploits0References1
CVE
CVE
added 2026/02/03 1:4 a.m.27 views

CVE-2025-61655

CVE-2025-61655 is a stored XSS vulnerability in Wikimedia Foundation VisualEditor. Public details identify vulnerable components as includes/ApiVisualEditorEdit.Php, modules/ve-mw/init/targets/ve.Init.Mw.DesktopArticleTarget.Js, and modules/ve-mw/ui/dialogs/ve.Ui.MWSaveDialog.Js, affecting Visual...

6.1CVSS5.2AI score0.00144EPSS
Exploits0References1Affected Software1
Debian CVE
Debian CVE
added 2026/02/03 1:4 a.m.8 views

CVE-2025-61655

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation VisualEditor. This vulnerability is associated with program files includes/ApiVisualEditorEdit.Php, modules/ve-mw/init/targets/ve.Init.Mw.DesktopArticleTarget.Js,...

6.1CVSS5.2AI score0.00144EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/02/03 12:19 a.m.4 views

CVE-2025-61648 Stored XSS through system messages in CheckUser

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files modules/ext.CheckUser.TempAccounts/components/ShowIPButton.Vue,...

5.3AI score0.00144EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/03 12:19 a.m.29 views

CVE-2025-61648 Stored XSS through system messages in CheckUser

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files modules/ext.CheckUser.TempAccounts/components/ShowIPButton.Vue,...

0.00144EPSS
Exploits0References1
CVE
CVE
added 2026/02/03 12:19 a.m.15 views

CVE-2025-61648

CVE-2025-61648 is a Cross-Site Scripting (XSS) vulnerability in Wikimedia Foundation CheckUser. Affected components are the front-end scripts ShowIPButton.Vue and the back-end Admin/Block logic in SpecialBlock.Js. The issue arises from improper neutralization of input during web page generation. ...

6.1CVSS5.3AI score0.00144EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/02/02 11:54 p.m.36 views

CVE-2025-61637 Stored XSS through system messages in MW Core

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Action/mediawiki.Action.Edit.Preview.Js, resources/src/mediawiki.Page.Preview.Js...

0.00219EPSS
Exploits0References1
CVE
CVE
added 2026/02/02 11:54 p.m.22 views

CVE-2025-61637

CVE-2025-61637 is a MediaWiki XSS vulnerability caused by improper input neutralization during Web Page Generation in the Edit Preview and Page Preview scripts. Red Hat describes a remote attacker with high privileges who can inject malicious scripts, enabling information disclosure or session hi...

4.8CVSS5.2AI score0.00219EPSS
Exploits0References1Affected Software1
Snyk
Snyk
added 2026/02/02 11:54 p.m.2 views

Cross-site Scripting (XSS)

Overview mediawiki/core is a Free software wiki application developed by the Wikimedia Foundation and others. Note: This package is not maintained on Packagist anymore, but newer releases exist. Affected versions of this package are vulnerable to Cross-site Scripting XSS via improper input...

6.1CVSS5.6AI score0.00219EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/02 11:54 p.m.1 views

CVE-2025-61637 Stored XSS through system messages in MW Core

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Action/mediawiki.Action.Edit.Preview.Js, resources/src/mediawiki.Page.Preview.Js...

5.3AI score0.00219EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/02/02 11:54 p.m.10 views

CVE-2025-61637

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Action/mediawiki.Action.Edit.Preview.Js, resources/src/mediawiki.Page.Preview.Js...

4.8CVSS5.2AI score0.00219EPSS
Exploits0
Snyk
Snyk
added 2026/02/02 11:42 p.m.4 views

Cross-site Scripting (XSS)

Overview mediawiki/core is a Free software wiki application developed by the Wikimedia Foundation and others. Note: This package is not maintained on Packagist anymore, but newer releases exist. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the...

5.4CVSS5.6AI score0.00218EPSS
Exploits0References2
Rows per page
Query Builder