Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2026/02/03 9:19 p.m.5 views

CVE-2026-23476

FacturaScripts is open-source enterprise resource planning and accounting software. Prior to 2025.8, there a reflected XSS bug in FacturaScripts. The problem is in how error messages get displayed. Twig's | raw filter is used, which skips HTML escaping. When triggering a database error like passi...

5.4CVSS5.4AI score0.00255EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/02/02 8:49 p.m.5 views

CVE-2026-23476

FacturaScripts is open-source enterprise resource planning and accounting software. Prior to 2025.8, there a reflected XSS bug in FacturaScripts. The problem is in how error messages get displayed. Twig's | raw filter is used, which skips HTML escaping. When triggering a database error like passi...

5.4CVSS5.4AI score0.00255EPSS
Exploits1References4Affected Software1
RedhatCVE
RedhatCVE
added 2025/02/05 9:18 p.m.6 views

CVE-2022-2514

The time and filter parameters in Fava prior to v1.22 are vulnerable to reflected XSS due to the lack of escaping of error messages which contained the parameters in verbatim...

8CVSS5.8AI score0.00698EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2023/02/15 6:16 a.m.3 views

SUSE CVE-2005-3570

Unspecified cross-site scripting XSS vulnerability in Horde before 2.2.9 allows remote attackers to inject arbitrary web script or HTML via "not properly escaped error messages"...

4.3CVSS5.8AI score0.0171EPSS
Exploits0References4
OSV
OSV
added 2022/07/25 2:15 p.m.6 views

UBUNTU-CVE-2022-2514

The time and filter parameters in Fava prior to v1.22 are vulnerable to reflected XSS due to the lack of escaping of error messages which contained the parameters in verbatim...

8CVSS5.8AI score0.00698EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2019/09/25 12:0 a.m.12 views

PT-2019-11804 · Jenkins · Jenkins Log Parser Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Log Parser Plugin versions 2.0 and earlier Description: The issue is related to a cross-site scripting vulnerability. It occurs because an error message is not properly escaped, allowing exploitation by users who can define log parsin...

5.4CVSS5.1AI score0.00882EPSS
Exploits0References6
Rows per page
Query Builder