Lucene search
K

841 matches found

NVD
NVD
added 2026/03/05 4:15 a.m.12 views

CVE-2026-3034

The OoohBoi Steroids for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the obspaceratlink, obbbadlink, and obteleporterlink URL parameters in all versions up to, and including, 2.1.24. This makes it possible for authenticated attackers, with Contributor-level...

6.4CVSS0.00197EPSS
Exploits0References5
CVE
CVE
added 2026/03/05 3:23 a.m.34 views

CVE-2026-3034

CVE-2026-3034 — OoohBoi Steroids for Elementor (WordPress) supports Stored Cross-Site Scripting via _ob_spacerat_link, _ob_bbad_link, and _ob_teleporter_link parameters in all versions up to 2.1.24. The vulnerability permits authenticated attackers with Contributor-level access or higher to injec...

6.4CVSS6.1AI score0.00197EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/03/05 12:0 a.m.11 views

WordPress plugin OoohBoi Steroids for Elementor 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

6.4CVSS5.7AI score0.00197EPSS
Exploits0References5
OSV
OSV
added 2026/02/19 11:16 p.m.8 views

CVE-2025-13672

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in OpenText™ Web Site Management Server allows Reflected XSS. The vulnerability could allow injecting malicious JavaScript inside URL parameters that was then rendered with the preview of the...

5.4CVSS5.8AI score0.00202EPSS
Exploits1References2
CVE
CVE
added 2026/02/19 10:36 p.m.15 views

CVE-2025-13672

The CVE-2025-13672 entry describes a Reflected XSS in OpenText Web Site Management Server, affecting versions 16.7.0 and 16.7.1 . The issue arises from improper neutralization of input during web page generation, allowing malicious JavaScript to be injected via URL parameters and rendered in the ...

7CVSS5.5AI score0.00202EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/10 3:4 a.m.2 views

CVE-2026-24323 Multiple vulnerabilities in BSP Applications of SAP Document Management System

The BSP applications allow an unauthenticated user to inject malicious script content via user-controlled URL parameters that are not sufficiently sanitized. When a victim accesses a crafted URL, the injected script is executed in the victim�s browser, leading to a low impact on confidentiality a...

6.1CVSS5.5AI score0.00206EPSS
Exploits0References2
CVE
CVE
added 2026/02/10 3:4 a.m.10 views

CVE-2026-24323

CVE-2026-24323 affects BSP applications of SAP Document Management System. An unauthenticated user can inject malicious script via user-controlled URL parameters that are not sufficiently sanitized, causing script execution in the victim’s browser. Impact is described as low for confidentiality a...

6.1CVSS5.5AI score0.00206EPSS
Exploits0References2Affected Software3
CNNVD
CNNVD
added 2026/02/10 12:0 a.m.9 views

SAP E-Recruiting BSP 跨站脚本漏洞

SAP E-Recruiting BSP is a recruitment process management module provided by the German company SAP. SAP E-Recruiting BSP has a cross-site scripting vulnerability. This vulnerability stems from insufficient validation of user-controlled URL parameters, which may lead to unvalidated redirections to...

6.1CVSS5.6AI score0.00211EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2026/02/06 12:55 p.m.172 views

XSS-Scanner

XSS-Scanner This is a Cross Site Scripting Vulnerability scann...

5.3AI score
Exploits0
CNNVD
CNNVD
added 2026/02/06 12:0 a.m.7 views

WordPress plugin Events Listing Widget 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.4CVSS5.8AI score0.00248EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/01/24 12:0 a.m.6 views

WordPress plugin Frontis Blocks: Code-related vulnerabilities

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

7.2CVSS5.9AI score0.00324EPSS
Exploits0References5
NVD
NVD
added 2026/01/20 7:15 a.m.5 views

CVE-2025-66523

URL parameters are directly embedded into JavaScript code or HTML attributes without proper encoding or sanitization. This allows attackers to inject arbitrary scripts when an authenticated user visits a crafted link. This issue affects na1.foxitesign.foxit.com: before 2026‑01‑16...

6.1CVSS0.00157EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/13 12:0 a.m.5 views

SAP NetWeaver Enterprise Portal 跨站脚本漏洞

SAP NetWeaver Enterprise Portal is a web front-end component of SAP NetWeaver from SAP, Germany. A cross-site scripting vulnerability exists in SAP NetWeaver Enterprise Portal, which originates from an unauthenticated attacker being able to inject malicious scripts into URL parameters, which coul...

6.1CVSS5.7AI score0.00172EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 9:52 a.m.8 views

CVE-2020-10246

MISP 2.4.122 has reflected XSS via unsanitized URL parameters. This is related to app/View/Users/statisticsorgs.ctp...

6.1CVSS5.8AI score0.00835EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:54 a.m.9 views

CVE-2021-41120

sylius/paypal-plugin is a paypal plugin for the Sylius development platform. In affected versions the URL to the payment page done after checkout was created with autoincremented payment id /pay-with-paypal/id and therefore it was easy to predict. The problem is that the Credit card form has...

7.5CVSS6.4AI score0.01493EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/24 12:0 a.m.9 views

PT-2025-53337

Name of the Vulnerable Software and Affected Versions Teradek VidiU Pro version 3.0.3 Description The software contains a server-side request forgery issue in the management interface. Attackers can manipulate GET parameters url and xml url to bypass firewalls, perform network enumeration, and...

6.9CVSS6.7AI score0.00301EPSS
Exploits2References5
EUVD
EUVD
added 2025/12/20 6:30 a.m.5 views

EUVD-2025-204623

The Attachments Handler plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL in all versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in page...

6.1CVSS5.2AI score0.00204EPSS
Exploits0References4
EUVD
EUVD
added 2025/12/12 12:30 a.m.5 views

EUVD-2024-55344

xbtitFM 4.1.18 contains a path traversal vulnerability that allows unauthenticated attackers to access sensitive system files by manipulating URL parameters. Attackers can exploit directory traversal techniques to read critical system files like using encoded path traversal characters in HTTP...

8.7CVSS6.4AI score0.01034EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2025/12/09 5:24 p.m.5 views

Shopware Storefront Reflected XSS in Storefront Login Page

Impact By exploiting the XSS vulnerabilities, malicious actors can perform harmful actions in the user's web browser in the session context of the affected user. Some examples of this include, but are not limited to: Obtaining user session tokens. Performing administrative actions when an...

7.1CVSS6.6AI score0.00158EPSS
Exploits0References4Affected Software2
CNNVD
CNNVD
added 2025/12/09 12:0 a.m.4 views

SAP BusinessObjects Business Intelligence Platform 安全漏洞

SAP BusinessObjects Business Intelligence Platform is a complete business analytics platform from SAP. The platform combines market-leading SAP data integration products, data management products, and business intelligence BI products to eliminate system integration challenges and quickly and...

5.4CVSS6.4AI score0.00271EPSS
Exploits0References2
Rows per page
Query Builder