Lucene search
K

18 matches found

NVD
NVD
added 2026/03/11 9:16 p.m.6 views

CVE-2026-32124

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, the dynamic code picker AJAX endpoint returns code descriptions codetext that are rendered in the front end e.g. DataTables without HTML escaping. If an administrator or user...

5.4CVSS0.00162EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/03/11 8:50 p.m.26 views

CVE-2026-32124 OpenEMR: Dynamic Code Picker Renders Unescaped Descriptions (Stored XSS)

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, the dynamic code picker AJAX endpoint returns code descriptions codetext that are rendered in the front end e.g. DataTables without HTML escaping. If an administrator or user...

5.4CVSS0.00162EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/03/11 8:50 p.m.2 views

CVE-2026-32124 OpenEMR: Dynamic Code Picker Renders Unescaped Descriptions (Stored XSS)

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, the dynamic code picker AJAX endpoint returns code descriptions codetext that are rendered in the front end e.g. DataTables without HTML escaping. If an administrator or user...

5.4CVSS5.8AI score0.00162EPSS
Exploits1References1
CVE
CVE
added 2026/03/11 8:50 p.m.15 views

CVE-2026-32124

OpenEMR’s dynamic code picker (AJAX) endpoint returns code_text without HTML escaping prior to version 8.0.0.1, allowing stored XSS via a malicious description entered by an admin or a user with code management rights. The vulnerability affects the rendering in front-end components (e.g., DataTab...

5.4CVSS5.8AI score0.00162EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2026/03/11 12:0 a.m.6 views

OpenEMR 跨站脚本漏洞

OpenEMR is a set of open-source medical management systems developed by the OpenEMR community. This system can be used for medical practice management, electronic medical records, prescription writing, and medical billing applications. Versions of OpenEMR prior to 8.0.0.1 contained a cross-site...

5.4CVSS5.8AI score0.00162EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2026/03/04 12:26 a.m.7 views

SUSE CVE-2026-25935

Vikunja is a todo-app to organize your life. Prior to 1.1.0, TaskGlanceTooltip.vue temporarily creates a div and sets the innerHtml to the description. Since there is no escaping on either the server or client side, a malicious user can share a project, create a malicious task, and cause an XSS o...

8.6CVSS5.8AI score0.00227EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/01 12:30 a.m.6 views

EUVD-2026-9110

wpForo Forum 2.4.14 contains a stored cross-site scripting vulnerability that allows administrators to inject persistent JavaScript via forum description fields echoed without output escaping across multiple theme template files. On multisite installations or with a compromised admin account,...

5.5CVSS5.8AI score0.00227EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/02/28 9:47 p.m.4 views

CVE-2026-28561 wpForo Forum 2.4.14 Stored XSS via Unescaped Forum Description in Templates

wpForo Forum 2.4.14 contains a stored cross-site scripting vulnerability that allows administrators to inject persistent JavaScript via forum description fields echoed without output escaping across multiple theme template files. On multisite installations or with a compromised admin account,...

5.5CVSS5.8AI score0.00227EPSS
Exploits0References3
CVE
CVE
added 2026/02/28 9:47 p.m.17 views

CVE-2026-28561

CVE-2026-28561 affects wpForo Forum 2.4.14 and is a stored cross-site scripting vulnerability. The issue arises from forum description fields being echoed without output escaping across multiple theme template files, allowing an attacker with-admin access or in multisite contexts to set a descrip...

5.5CVSS5.8AI score0.00227EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/02/28 9:47 p.m.22 views

CVE-2026-28561 wpForo Forum 2.4.14 Stored XSS via Unescaped Forum Description in Templates

wpForo Forum 2.4.14 contains a stored cross-site scripting vulnerability that allows administrators to inject persistent JavaScript via forum description fields echoed without output escaping across multiple theme template files. On multisite installations or with a compromised admin account,...

5.5CVSS0.00227EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/10/07 12:0 a.m.4 views

PT-2024-32814 · Unknown · Wikidiscover

Name of the Vulnerable Software and Affected Versions: WikiDiscover affected versions not specified Description: The issue concerns WikiDiscover, an extension for displaying wikis on a CreateWiki managed farm. A special page, Special:WikiDiscover, lists all wikis but fails to escape wiki names an...

7.6CVSS6.2AI score0.00311EPSS
Exploits0References9
OSV
OSV
added 2022/06/30 6:15 p.m.4 views

CVE-2022-34778

Jenkins TestNG Results Plugin 554.va4a552116332 and earlier renders the unescaped test descriptions and exception messages provided in test results if certain job-level options are set, resulting in a cross-site scripting XSS vulnerability exploitable by attackers able to configure jobs or contro...

5.4CVSS5.7AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/06/30 6:15 p.m.4 views

CVE-2022-34778

Jenkins TestNG Results Plugin 554.va4a552116332 and earlier renders the unescaped test descriptions and exception messages provided in test results if certain job-level options are set, resulting in a cross-site scripting XSS vulnerability exploitable by attackers able to configure jobs or contro...

5.4CVSS5.8AI score0.00567EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/06/30 12:0 a.m.4 views

PT-2022-22329 · Jenkins · Jenkins Testng Results Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins TestNG Results Plugin versions 554.va4a552116332 and earlier Description: The issue is related to a cross-site scripting XSS vulnerability. It occurs when the Jenkins TestNG Results Plugin renders unescaped test descriptions and...

8CVSS5.2AI score0.00567EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2022/06/17 5:40 a.m.4 views

credentials: Stored XSS vulnerabilities in jenkins plugin

A flaw was found in the Jenkins credentials plugin. The Jenkins credentials plugin does not escape the name and description of Credentials parameters on views displaying parameters. This issue results in a stored Cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure...

5.4CVSS5.7AI score0.7855EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/06/10 5:2 a.m.8 views

credentials: Stored XSS vulnerabilities in jenkins plugin

A flaw was found in the Jenkins credentials plugin. The Jenkins credentials plugin does not escape the name and description of Credentials parameters on views displaying parameters. This issue results in a stored Cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure...

5.4CVSS5.7AI score0.7855EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2022/05/17 12:0 a.m.4 views

PT-2022-20422 · Jenkins · Jenkins Random String Parameter Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Random String Parameter Plugin versions 1.0 and earlier Description: The issue results in a stored cross-site scripting XSS vulnerability. This occurs because the name and description of Random String parameters are not escaped on vie...

5.4CVSS5.1AI score0.00701EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2021/02/24 12:0 a.m.3 views

PT-2021-14665 · Jenkins · Jenkins Artifact Repository Parameter Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Artifact Repository Parameter Plugin versions 1.0.0 and earlier Description: The issue results in a stored cross-site scripting XSS vulnerability because parameter names and descriptions are not escaped. This vulnerability is...

5.4CVSS5.1AI score0.09387EPSS
Exploits0References10
Rows per page
Query Builder