Lucene search
K

284 matches found

NVD
NVD
added 2024/02/22 2:15 p.m.12 views

CVE-2024-25875

A cross-site scripting XSS vulnerability in the Header module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Undertitle text field...

6.1CVSS5.5AI score0.00424EPSS
Exploits1References2
Prion
Prion
added 2024/02/22 2:15 p.m.13 views

Cross site scripting

A cross-site scripting XSS vulnerability in the Header module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Undertitle text field...

6.1AI score0.00424EPSS
Exploits1References2
Veracode
Veracode
added 2024/02/22 9:26 a.m.19 views

Cross Site Scripting

Liferay Portal is vulnerable to Cross Site Scripting. The vulnerability is present in the Users Admin module's edit user page. The vulnerability is due to insufficient sanitization of user input in the "Name" text field, allowing remote authenticated users to inject arbitrary web script or HTML v...

9CVSS6.1AI score0.00619EPSS
Exploits0References2Affected Software4
NVD
NVD
added 2024/02/22 6:15 a.m.19 views

CVE-2024-26491

A cross-site scripting XSS vulnerability in the Addon JD Flusity 'Media Gallery with description' module of flusity-CMS v2.33 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Gallery name text field...

6.1CVSS5.6AI score0.00436EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/02/22 12:0 a.m.19 views

CVE-2024-25873

Enhavo v0.13.1 was discovered to contain an HTML injection vulnerability in the Author text field under the Blockquote module. This vulnerability allows attackers to execute arbitrary code via a crafted payload...

8AI score0.00482EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/02/22 12:0 a.m.22 views

CVE-2024-25875

A cross-site scripting XSS vulnerability in the Header module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Undertitle text field...

5.7AI score0.00424EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/02/22 12:0 a.m.20 views

CVE-2024-25873

Enhavo v0.13.1 was discovered to contain an HTML injection vulnerability in the Author text field under the Blockquote module. This vulnerability allows attackers to execute arbitrary code via a crafted payload...

8.2AI score0.00482EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/02/22 12:0 a.m.12 views

CVE-2024-25874

A cross-site scripting XSS vulnerability in the New/Edit Article module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Create Tag text field...

5.2AI score0.00397EPSS
Exploits1References2
CVE
CVE
added 2024/02/22 12:0 a.m.4045 views

CVE-2024-25873

Enhavo v0.13.1 contains an HTML injection vulnerability in the Blockquote module’s Author text field that can execute arbitrary code via a crafted payload. Public sources identify the affected component (Author field in Blockquote) and the impact (arbitrary code execution). No explicit patches ar...

5.4CVSS8.1AI score0.00482EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2024/02/22 12:0 a.m.20 views

CVE-2024-26491

A cross-site scripting XSS vulnerability in the Addon JD Flusity 'Media Gallery with description' module of flusity-CMS v2.33 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Gallery name text field...

5.7AI score0.00436EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/02/22 12:0 a.m.36 views

CVE-2024-25876

A cross-site scripting XSS vulnerability in the Header module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title text field...

5.7AI score0.00443EPSS
Exploits1References2
OSV
OSV
added 2024/02/22 12:0 a.m.7 views

CVE-2024-25876

A cross-site scripting XSS vulnerability in the Header module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title text field...

6.1CVSS5.9AI score0.00443EPSS
Exploits1References4
OSV
OSV
added 2024/02/22 12:0 a.m.13 views

CVE-2024-25875

A cross-site scripting XSS vulnerability in the Header module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Undertitle text field...

6.1CVSS5.9AI score0.00424EPSS
Exploits1References4
OSV
OSV
added 2024/02/05 10:15 p.m.4 views

CVE-2023-6701

The Advanced Custom Fields ACF plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a custom text field in all versions up to, and including, 6.2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-lev...

5.4CVSS5.9AI score0.00523EPSS
Exploits0References3
OSV
OSV
added 2024/01/31 3:18 p.m.22 views

BIT-LIFERAY-2023-33944

Cross-site scripting XSS vulnerability in Layout module in Liferay Portal 7.3.4 through 7.4.3.68, and Liferay DXP 7.3 before update 24, and 7.4 before update 69 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a container type layout fragment's UR...

6.1CVSS5.4AI score0.00533EPSS
Exploits0References1
OSV
OSV
added 2024/01/31 3:16 p.m.16 views

BIT-LIFERAY-2023-42629

Stored cross-site scripting XSS vulnerability in the manage vocabulary page in Liferay Portal 7.4.2 through 7.4.3.87, and Liferay DXP 7.4 before update 88 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a Vocabulary's 'description' text field...

9CVSS5.4AI score0.02239EPSS
Exploits1References2
NVD
NVD
added 2023/10/17 12:15 p.m.15 views

CVE-2023-42628

Stored cross-site scripting XSS vulnerability in the Wiki widget in Liferay Portal 7.1.0 through 7.4.3.87, and Liferay DXP 7.0 fix pack 83 through 102, 7.1 fix pack 28 and earlier, 7.2 fix pack 20 and earlier, 7.3 update 33 and earlier, and 7.4 before update 88 allows remote attackers to inject...

9CVSS7.5AI score0.02239EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2023/10/17 9:28 a.m.17 views

CVE-2023-44310

Stored cross-site scripting XSS vulnerability in Page Tree menu Liferay Portal 7.3.6 through 7.4.3.78, and Liferay DXP 7.3 fix pack 1 through update 23, and 7.4 before update 79 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into page's "Name" text...

9CVSS5.5AI score0.00462EPSS
Exploits0References1
wpexploit
wpexploit
added 2023/10/16 12:0 a.m.163 views

Ninja Forms < 3.6.34 - Admin+ Stored XSS

Description The plugin does not sanitize and escape its label fields, which could allow high privilege users such as admin to perform Stored XSS attacks. Only users with the unfilteredhtml capability can perform this, and such users are already allowed to use JS in posts/comments etc however the...

4.8CVSS5.6AI score0.0062EPSS
Exploits2References1
CNNVD
CNNVD
added 2023/09/26 12:0 a.m.4 views

Apple macOS Security Breach

Apple macOS is a specialized operating system developed by Apple Inc. for Mac computers. A security vulnerability exists in Apple macOS Sonoma version 14, which stems from the possibility that an application could accidentally disclose a user's credentials from a secure text field...

5.5CVSS6.5AI score0.00325EPSS
Exploits0References5
Rows per page
Query Builder