Lucene search
K

515 matches found

CNNVD
CNNVD
added 2026/04/01 12:0 a.m.7 views

CI4MS 跨站脚本漏洞

CI4MS is an open-source blog page management tool developed by Ci4MS. Versions of CI4MS prior to 0.31.0.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from the failure to properly clean up user-controlled inputs in the system settings – company information section...

9CVSS5.6AI score0.00274EPSS
Exploits1References2
OSV
OSV
added 2026/03/30 4:19 p.m.3 views

GHSA-66M2-V9V9-95C3 ci4-cms-erp/ci4ms: System Settings (Mail Settings) Full Platform Compromise & Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS

Summary Vulnerability: Stored DOM XSS via System Settings – Mail Settings Same-Page Attribute Breakout & Persistent Payload Injection - Stored Cross-Site Scripting via Unsanitized Mail Settings Configuration Fields Description The application fails to properly sanitize user-controlled input withi...

9.1CVSS6AI score0.00358EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/03/30 4:19 p.m.7 views

ci4-cms-erp/ci4ms: System Settings (Mail Settings) Full Platform Compromise & Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS

Summary Vulnerability: Stored DOM XSS via System Settings – Mail Settings Same-Page Attribute Breakout & Persistent Payload Injection - Stored Cross-Site Scripting via Unsanitized Mail Settings Configuration Fields Description The application fails to properly sanitize user-controlled input withi...

7.2CVSS6AI score0.00358EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2026/03/29 1:17 p.m.4 views

CVE-2026-5044

A security vulnerability has been detected in Belkin F9K1122 1.00.33. This affects the function formSetSystemSettings of the file /goform/formSetSystemSettings of the component Setting Handler. Such manipulation of the argument webpage leads to stack-based buffer overflow. The attack can be...

9CVSS0.00663EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/03/26 3:11 p.m.4 views

CVE-2026-32880

ChurchCRM is an open-source church management system. Versions prior to 7.0.2 allow an admin user to edit JSON type system settings to store a JavaScript payload that can execute when any admin views the system settings. The JSON input is left unescaped/unsanitized in SystemSettings.php, leading ...

6.4CVSS5.8AI score0.0032EPSS
Exploits1References1
NVD
NVD
added 2026/03/20 2:16 a.m.5 views

CVE-2026-32880

ChurchCRM is an open-source church management system. Versions prior to 7.0.2 allow an admin user to edit JSON type system settings to store a JavaScript payload that can execute when any admin views the system settings. The JSON input is left unescaped/unsanitized in SystemSettings.php, leading ...

6.4CVSS0.0032EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/03/20 1:4 a.m.24 views

CVE-2026-32880 ChurchCRM is vulnerable to Stored XSS through JSON handling in SystemSettings.php

ChurchCRM is an open-source church management system. Versions prior to 7.0.2 allow an admin user to edit JSON type system settings to store a JavaScript payload that can execute when any admin views the system settings. The JSON input is left unescaped/unsanitized in SystemSettings.php, leading ...

6.4CVSS0.0032EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/20 1:4 a.m.2 views

CVE-2026-32880

ChurchCRM is an open-source church management system. Versions prior to 7.0.2 allow an admin user to edit JSON type system settings to store a JavaScript payload that can execute when any admin views the system settings. The JSON input is left unescaped/unsanitized in SystemSettings.php, leading ...

6.4CVSS5.8AI score0.0032EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/20 1:4 a.m.3 views

CVE-2026-32880 ChurchCRM is vulnerable to Stored XSS through JSON handling in SystemSettings.php

ChurchCRM is an open-source church management system. Versions prior to 7.0.2 allow an admin user to edit JSON type system settings to store a JavaScript payload that can execute when any admin views the system settings. The JSON input is left unescaped/unsanitized in SystemSettings.php, leading ...

6.4CVSS5.8AI score0.0032EPSS
Exploits1References1
OSV
OSV
added 2026/03/20 1:4 a.m.2 views

CVE-2026-32880 ChurchCRM is vulnerable to Stored XSS through JSON handling in SystemSettings.php

ChurchCRM is an open-source church management system. Versions prior to 7.0.2 allow an admin user to edit JSON type system settings to store a JavaScript payload that can execute when any admin views the system settings. The JSON input is left unescaped/unsanitized in SystemSettings.php, leading ...

6.4CVSS5.8AI score0.0032EPSS
Exploits1References3
CVE
CVE
added 2026/03/20 1:4 a.m.12 views

CVE-2026-32880

ChurchCRM prior to 7.0.2 is vulnerable to Stored XSS via JSON handling in SystemSettings.php, where unsanitized JSON input for system settings can store a JavaScript payload that executes when an admin views settings. Root cause: unescaped JSON input in SystemSettings.php. Impact: cross-site scri...

6.4CVSS5.8AI score0.0032EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/20 12:0 a.m.6 views

PT-2026-26506

ChurchCRM is an open-source church management system. Versions prior to 7.0.2 allow an admin user to edit JSON type system settings to store a JavaScript payload that can execute when any admin views the system settings. The JSON input is left unescaped/unsanitized in SystemSettings.php, leading ...

6.4CVSS5.8AI score0.0032EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.9 views

ChurchCRM 安全漏洞

ChurchCRM is an open-source CRM system developed for churches. Versions of ChurchCRM prior to 7.0.2 contained security vulnerabilities. These vulnerabilities stemmed from improper cleaning of JSON inputs in the SystemSettings.php file, which could lead to cross-site scripting attacks...

6.4CVSS5.6AI score0.0032EPSS
Exploits1References1
NVD
NVD
added 2026/03/04 1:15 p.m.6 views

CVE-2026-21422

Dell PowerScale OneFS, versions 9.10.0.0 through 9.13.1.0, contains an external control of system or configuration setting vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to protection mechanism bypass...

6.7CVSS0.00107EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/04 12:57 p.m.4 views

CVE-2026-21422

Dell PowerScale OneFS, versions 9.10.0.0 through 9.13.1.0, contains an external control of system or configuration setting vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to protection mechanism bypass...

6.7CVSS5.1AI score0.00107EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/04 12:57 p.m.3 views

CVE-2026-21422

Dell PowerScale OneFS, versions 9.10.0.0 through 9.10.1.5 and versions 9.11.0.0 through 9.12.0.1, contains an external control of system or configuration setting vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to protection mechani...

3.4CVSS5.9AI score0.00107EPSS
Exploits0References1
CVE
CVE
added 2026/03/02 6:42 p.m.23 views

CVE-2026-0011

CVE-2026-0011 is described across multiple sources as a logic error in enableSystemPackageLPw() within Settings.java that can prevent location access from functioning, enabling local privilege elevation without requiring additional execution privileges and without user interaction. This vulnerabi...

8.4CVSS6.1AI score0.00112EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/02/28 8:25 p.m.6 views

MAL-2026-1091 Malicious code in myproject-bola (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f85bf2df7a8a311b7140ca4086746ecf3c26b219843b96c1f9f8c22f505e7edc Starting the module initiates an infostealer with a Telegram bot and RAT-like functionality and hardcoded credentials. The code automatically adds itself to...

6AI score
Exploits0References1
OSV
OSV
added 2026/02/28 8:22 p.m.7 views

MAL-2026-1090 Malicious code in isb (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 93750cbddba7897fde1d31836971e11082ad2076012c7caf708980de45827840 Starting the module initiates an infostealer with a Telegram bot and RAT-like functionality and hardcoded credentials. The code automatically adds itself to...

6AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/08 1:21 a.m.7 views

CVE-2026-25803

3DP-MANAGER is an inbound generator for 3x-ui. In version 2.0.1 and prior, the application automatically creates an administrative account with known default credentials admin/admin upon the first initialization. Attackers with network access to the application's login interface can gain full...

9.8CVSS5.4AI score0.00364EPSS
Exploits0References1
Rows per page
Query Builder