Lucene search
K

8 matches found

Vulnrichment
Vulnrichment
added 2026/05/08 2:50 p.m.10 views

CVE-2026-41576 Ajax30/BraveCMS-2.0: Stored HTML Injection in Contact Email via nl2br() and Unescaped Blade Template

Brave CMS is an open-source CMS. Prior to commit 6c56603, the contact form is publicly accessible no authentication required. User-supplied message text is passed through PHP's nl2br function, which converts newlines to tags but does not escape HTML. The resulting string is then passed to a Blade...

7.1CVSS5.9AI score0.00271EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/08 2:50 p.m.34 views

CVE-2026-41576 Ajax30/BraveCMS-2.0: Stored HTML Injection in Contact Email via nl2br() and Unescaped Blade Template

Brave CMS is an open-source CMS. Prior to commit 6c56603, the contact form is publicly accessible no authentication required. User-supplied message text is passed through PHP's nl2br function, which converts newlines to tags but does not escape HTML. The resulting string is then passed to a Blade...

7.1CVSS0.00271EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.11 views

PT-2026-39140

Name of the Vulnerable Software and Affected Versions Brave CMS versions prior to commit 6c56603 Description The contact form is publicly accessible without authentication. User-supplied message text is processed by the nl2br function, which converts newlines to tags but fails to escape HTML. Thi...

7.1CVSS5.9AI score0.00271EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/01 12:0 a.m.33 views

CVE-2026-37503

Cross-Site Scripting XSS in V2Board thru 1.7.4. The customhtml field in theme configuration is rendered using Blade unescaped output in public/theme/v2board/dashboard.blade.php. An admin can inject arbitrary JavaScript via the saveThemeConfig API. All site visitors execute the payload, enabling...

6.9CVSS0.00191EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/02/26 4:15 a.m.6 views

CVE-2026-27639

Mercator is an open source web application designed to enable mapping of information systems. A stored Cross-Site Scripting XSS vulnerability exists in Mercator prior to version 2026.02.22 due to the use of unescaped Blade directives !! !! in display templates. An authenticated user with the User...

8.5CVSS5.6AI score0.00279EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/25 3:44 a.m.5 views

EUVD-2026-8613

Mercator is an open source web application designed to enable mapping of information systems. A stored Cross-Site Scripting XSS vulnerability exists in Mercator prior to version 2026.02.22 due to the use of unescaped Blade directives !! !! in display templates. An authenticated user with the User...

8.5CVSS5.6AI score0.00279EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/02/25 3:44 a.m.24 views

CVE-2026-27639 Mercator vulnerable to stored XSS via unescaped Blade directives in display templates

Mercator is an open source web application designed to enable mapping of information systems. A stored Cross-Site Scripting XSS vulnerability exists in Mercator prior to version 2026.02.22 due to the use of unescaped Blade directives !! !! in display templates. An authenticated user with the User...

8.5CVSS0.00279EPSS
Exploits0References4
CVE
CVE
added 2026/02/25 3:44 a.m.10 views

CVE-2026-27639

CVE-2026-27639 concerns Mercator, an open‑source web app for mapping information systems. A stored XSS exists in versions prior to 2026.02.22 due to unescaped Blade directives ({!! !!}) in display templates. An authenticated user with the User role can inject JavaScript into fields like “contact ...

8.5CVSS5.6AI score0.00279EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder