Lucene search
K

1044 matches found

RedhatCVE
RedhatCVE
added 2026/05/11 8:25 p.m.12 views

CVE-2021-47907

Rocket LMS 1.1 contains a persistent cross-site scripting vulnerability in the support ticket module that allows authenticated users to inject malicious script code through the title parameter. Attackers can submit support tickets with embedded HTML/JavaScript payloads that execute in the browser...

6.4CVSS5.7AI score0.00235EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/10 3:31 p.m.10 views

EUVD-2021-34784

Slider by Soliloquy 2.6.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the title parameter. Attackers can add JavaScript payloads in the title field when creating or editing sliders, which executes in the browsers of...

6.4CVSS5.7AI score0.00243EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/10 3:31 p.m.8 views

EUVD-2021-34781

Rocket LMS 1.1 contains a persistent cross-site scripting vulnerability in the support ticket module that allows authenticated users to inject malicious script code through the title parameter. Attackers can submit support tickets with embedded HTML/JavaScript payloads that execute in the browser...

6.4CVSS5.7AI score0.00235EPSS
Exploits0References4
NVD
NVD
added 2026/05/10 1:16 p.m.29 views

CVE-2021-47931

Exponent CMS 2.6 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the Title and Text Block parameters in the text editing endpoint. Attackers can inject iframe payloads with embedded SVG onload events to execute arbitrary...

6.4CVSS0.00213EPSS
Exploits0References3
NVD
NVD
added 2026/05/10 1:16 p.m.9 views

CVE-2021-47907

Rocket LMS 1.1 contains a persistent cross-site scripting vulnerability in the support ticket module that allows authenticated users to inject malicious script code through the title parameter. Attackers can submit support tickets with embedded HTML/JavaScript payloads that execute in the browser...

6.4CVSS0.00235EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/10 12:43 p.m.15 views

CVE-2021-47931 Exponent CMS 2.6 Multiple Vulnerabilities Stored XSS Authentication

Exponent CMS 2.6 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the Title and Text Block parameters in the text editing endpoint. Attackers can inject iframe payloads with embedded SVG onload events to execute arbitrary...

6.4CVSS5.9AI score0.00213EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/10 12:43 p.m.16 views

CVE-2021-47907 Rocket LMS 1.1 Persistent Cross-Site Scripting via Support Tickets

Rocket LMS 1.1 contains a persistent cross-site scripting vulnerability in the support ticket module that allows authenticated users to inject malicious script code through the title parameter. Attackers can submit support tickets with embedded HTML/JavaScript payloads that execute in the browser...

6.4CVSS5.7AI score0.00235EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/10 12:0 a.m.11 views

PT-2026-39498

Slider by Soliloquy 2.6.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the title parameter. Attackers can add JavaScript payloads in the title field when creating or editing sliders, which executes in the browsers of...

6.4CVSS5.7AI score0.00243EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/10 12:0 a.m.17 views

PT-2026-39477

Motopress Hotel Booking Lite 4.2.4 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting payloads in accommodation type fields. Attackers can inject script tags through the title and excerpt parameters when creating...

6.4CVSS5.7AI score0.00191EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/10 12:0 a.m.11 views

PT-2026-39496

Rocket LMS 1.1 contains a persistent cross-site scripting vulnerability in the support ticket module that allows authenticated users to inject malicious script code through the title parameter. Attackers can submit support tickets with embedded HTML/JavaScript payloads that execute in the browser...

6.4CVSS5.7AI score0.00235EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/08 7:38 p.m.12 views

Grav: Stored XSS via page title (data[header][title]) in admin panel

Summary A Stored Cross-Site Scripting XSS vulnerability was identified in the /admin/pages/page endpoint of the Grav application. This vulnerability allows attackers to inject malicious scripts into the dataheadertitle parameter. --- Details Vulnerable Endpoint: GET /admin/pages/page Parameter:...

6.2CVSS5.7AI score0.00256EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/04/20 6:31 p.m.5 views

EUVD-2026-23929

GFI HelpDesk before 4.99.10 contains a stored cross-site scripting vulnerability in the Reports module where the title parameter is passed directly to SWIFTReport::Create without HTML sanitization. Attackers can inject arbitrary JavaScript into the report title field when creating or editing a...

5.4CVSS5.7AI score0.00141EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/13 6:30 p.m.4 views

EUVD-2026-21982

A weakness has been identified in code-projects Simple Content Management System 1.0. This affects an unknown part of the file /web/admin/welcome.php. Executing a manipulation of the argument News Title can lead to cross site scripting. The attack can be executed remotely. The exploit has been ma...

4.8CVSS4.2AI score0.00302EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/04/13 3:0 p.m.33 views

CVE-2026-6184 code-projects Simple Content Management System welcome.php cross site scripting

A weakness has been identified in code-projects Simple Content Management System 1.0. This affects an unknown part of the file /web/admin/welcome.php. Executing a manipulation of the argument News Title can lead to cross site scripting. The attack can be executed remotely. The exploit has been ma...

4.8CVSS0.00302EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/04/10 1:24 a.m.28 views

CVE-2026-1263 Webling <= 3.9.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'title' Parameter

The Webling plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.9.0 due to insufficient input sanitization, insufficient output escaping, and missing capabilities checks in the 'weblingadminsaveform' and 'weblingadminsavememberlist' functions...

6.4CVSS0.00277EPSS
Exploits0References6
CVE
CVE
added 2026/04/10 1:24 a.m.17 views

CVE-2026-1263

CVE-2026-1263 affects the Webling WordPress plugin up to version 3.9.0. The vulnerability is a Stored Cross-Site Scripting in the title parameter via the functions webling_admin_save_form and webling_admin_save_memberlist . It enables authenticated users with Subscriber-level access and above to ...

6.4CVSS6.1AI score0.00277EPSS
Exploits0References6
Snyk
Snyk
added 2026/04/09 6:10 p.m.4 views

Cross-site Scripting (XSS)

Overview limesurvey/limesurvey is a FOSS online survey tool on the web. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Boxtitle and boxurl parameters. An attacker can execute arbitrary scripts in the context of a user's browser by injecting malicious input...

8.5CVSS5.8AI score0.00279EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/04/09 12:0 a.m.3 views

CVE-2025-70797

Cross Site Scripting vulnerability in Limesurvey v.6.15.20+251021 allows a remote attacker to execute arbitrary code via the Boxtitle and boxurl parameters...

6.3AI score0.00279EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/04/07 5:12 a.m.11 views

CVE-2026-31351

An authenticated stored cross-site scripting XSS vulnerability in the creation/editing module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Title parameter...

4.8CVSS6AI score0.00181EPSS
Exploits1References1
OSV
OSV
added 2026/04/06 6:33 p.m.2 views

GHSA-CVJH-88C8-2JJX Feehi CMS has an authenticated stored cross-site scripting (XSS) vulnerability via the creation/editing module

An authenticated stored cross-site scripting XSS vulnerability in the creation/editing module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Title parameter...

4.8CVSS6AI score0.00181EPSS
Exploits1References3
Rows per page
Query Builder