Lucene search
K

10 matches found

EUVD
EUVD
added 2026/03/27 6:22 p.m.6 views

EUVD-2026-16862

Handlebars.js has JavaScript Injection in CLI Precompiler via Unescaped Names and Options...

8.2CVSS5.9AI score0.00291EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/03/24 1:23 p.m.4 views

CVE-2026-33311 @dicebear/core and @dicebear/initials Vulnerable to SVG Injection via Unsanitized Options

DiceBear is an avatar library for designers and developers. Starting in version 5.0.0 and prior to versions 5.4.4, 6.1.4, 7.1.4, 8.0.3, and 9.4.1, SVG attribute values derived from user-supplied options backgroundColor, fontFamily, textColor were not XML-escaped before interpolation into SVG...

4.7CVSS5.8AI score0.00181EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/24 1:23 p.m.20 views

CVE-2026-33311 @dicebear/core and @dicebear/initials Vulnerable to SVG Injection via Unsanitized Options

DiceBear is an avatar library for designers and developers. Starting in version 5.0.0 and prior to versions 5.4.4, 6.1.4, 7.1.4, 8.0.3, and 9.4.1, SVG attribute values derived from user-supplied options backgroundColor, fontFamily, textColor were not XML-escaped before interpolation into SVG...

4.7CVSS0.00181EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/08/14 12:0 a.m.6 views

PT-2025-33125 · WordPress · Structured Content (Json-Ld) #Wpsc

Name of the Vulnerable Software and Affected Versions: Structured Content JSON-LD wpsc WordPress plugin versions prior to 1.7.0 Description: The Structured Content JSON-LD wpsc WordPress plugin does not validate and escape certain block options before displaying them within a page or post,...

5.4CVSS5.8AI score0.00157EPSS
Exploits0References5
OSV
OSV
added 2024/07/11 6:15 a.m.2 views

CVE-2024-4655

The Ultimate Blocks WordPress plugin before 3.1.9 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.4CVSS5.8AI score0.00447EPSS
Exploits1References1
CNNVD
CNNVD
added 2023/02/21 12:0 a.m.5 views

WordPress plugin ShopLentor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

5.4CVSS5.4AI score0.00534EPSS
Exploits2References2
CNNVD
CNNVD
added 2022/11/21 12:0 a.m.5 views

WordPress plugin Popup Maker 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

5.5CVSS5.8AI score0.00622EPSS
Exploits2References2
WPVulnDB
WPVulnDB
added 2022/10/31 12:0 a.m.28 views

Popup Maker < 1.16.11 - Contributor+ Stored Cross Site Scripting

The plugin does not sanitise and escape some of its Popup options, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks, which could be used against admins PoC Create a New popup Insert pop-up name, title, and body text. Add a new trigger with...

5.5CVSS0.9AI score0.00622EPSS
Exploits2Affected Software1
OSV
OSV
added 2022/09/21 4:15 p.m.7 views

CVE-2022-41229

Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.134 and earlier does not escape configuration options of the Execute NetStorm/NetCloud Test build step, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

5.4CVSS5.7AI score0.00469EPSS
Exploits0References1
OSV
OSV
added 2019/11/14 3:15 a.m.4 views

DEBIAN-CVE-2011-1930

In klibc 1.5.20 and 1.5.21, the DHCP options written by ipconfig to /tmp/net-$DEVICE.conf are not properly escaped. This may allow a remote attacker to send a specially crafted DHCP reply which could execute arbitrary code with the privileges of any process which sources DHCP options...

9.8CVSS9.1AI score0.20533EPSS
Exploits0References1
Rows per page
Query Builder