CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

246 matches found

Snyk•added 2026/01/16 9:2 p.m.•1 views

Cross-site Scripting (XSS)

Overview svelte is a package for building web applications. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the bind:value of server-side rendered elements when user-supplied content is not properly escaped. An attacker can execute arbitrary scripts in the context...

6.1CVSS5.6AI score

Exploits0References2

Github Security Blog•added 2026/01/16 9:2 p.m.•11 views

svelte is vulnerable to XSS with textarea bind:value

Summary A server-side rendered with two-way bound value does not have its value correctly escaped in the rendered HTML. Details In SSR, does not have its value escaped when it is rendered into the HTML as .... PoC Put this in a server-side-rendered Svelte component: let value = test'"alert'BIM';;...

6.7AI score

Exploits0References3Affected Software1

EUVD•added 2026/01/16 9:2 p.m.•3 views

EUVD-2026-2911

svelte is vulnerable to XSS with textarea bind:value...

5.9AI score

Exploits0References3

OSV•added 2026/01/16 9:2 p.m.•1 views

GHSA-GW32-9RMW-QWWW svelte is vulnerable to XSS with textarea bind:value

8.4CVSS5.8AI score

Exploits0References3

RedhatCVE•added 2026/01/09 9:56 a.m.•6 views

CVE-2020-12635

XSS exists in the WebForms Pro M2 extension before 2.9.17 for Magento 2 via the textarea field...

6.1CVSS6.1AI score0.00724EPSS

Exploits1References1

RedhatCVE•added 2025/12/25 9:17 p.m.•2 views

CVE-2025-68917

ONLYOFFICE Docs before 9.2.1 allows XSS in the textarea of the comment editing form. This is related to DocumentServer...

6.4CVSS6.3AI score0.00151EPSS

Exploits0References1

OSV•added 2025/12/24 9:16 p.m.•3 views

CVE-2025-68917

ONLYOFFICE Docs before 9.2.1 allows XSS in the textarea of the comment editing form. This is related to DocumentServer...

6.4CVSS6.2AI score

Exploits0References1

Vulnrichment•added 2025/12/24 8:19 p.m.•4 views

CVE-2025-68917

ONLYOFFICE Docs before 9.2.1 allows XSS in the textarea of the comment editing form. This is related to DocumentServer...

6.4CVSS5.9AI score0.00151EPSS

Exploits0References1

CNNVD•added 2025/12/24 12:0 a.m.•3 views

ONLYOFFICE Docs 跨站脚本漏洞

ONLYOFFICE Docs is an online office software from ONLYOFFICE, Inc. A cross-site scripting vulnerability exists in ONLYOFFICE Docs versions prior to 9.2.1, which stems from cross-site scripting in the textarea of the comment edit form...

6.4CVSS6AI score0.00151EPSS

Exploits0References2

Positive Technologies•added 2025/11/13 12:0 a.m.•3 views

PT-2025-53379

Name of the Vulnerable Software and Affected Versions ONLYOFFICE Docs versions prior to 9.2.1 Description The software contains a flaw that allows for Cross-Site Scripting XSS within the textarea of the comment editing form. This issue is related to the DocumentServer component. Recommendations...

6.4CVSS5.8AI score0.00151EPSS

Exploits0References6

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2020-4936

Malware in sbrugna...

6.1CVSS6.3AI score0.00724EPSS

Exploits1References3

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2010-2311

Malware in sbrugna...

4.3CVSS6.1AI score0.01289EPSS

Exploits1References10