Lucene search
K

18 matches found

EUVD
EUVD
added 2026/06/11 12:32 a.m.11 views

EUVD-2026-36141

Yoast Duplicate Post through 4.6 inserts an unescaped post title and permalink into the Classic Editor scheduled republish notice. Attackers can schedule a republish copy with a crafted title to execute script when an administrator views the resulting notice...

5.4CVSS5.6AI score0.00141EPSS
Exploits0References3
NVD
NVD
added 2026/06/10 10:17 p.m.8 views

CVE-2026-53740

Yoast Duplicate Post through 4.6 inserts an unescaped post title and permalink into the Classic Editor scheduled republish notice. Attackers can schedule a republish copy with a crafted title to execute script when an administrator views the resulting notice...

5.4CVSS0.00141EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/10 8:39 p.m.10 views

CVE-2026-53740 Yoast Duplicate Post through 4.6 Stored Cross-Site Scripting via Scheduled Republish Notice

Yoast Duplicate Post through 4.6 inserts an unescaped post title and permalink into the Classic Editor scheduled republish notice. Attackers can schedule a republish copy with a crafted title to execute script when an administrator views the resulting notice...

5.4CVSS5.6AI score0.00141EPSS
Exploits0References2
CVE
CVE
added 2026/06/10 8:39 p.m.26 views

CVE-2026-53740

The CVE-2026-53740 entry describes a stored cross-site scripting flaw in Yoast Duplicate Post (through 4.6) where an unescaped post title and permalink is injected into the Classic Editor scheduled republish notice. Attackers can craft a title to cause script execution when an administrator views...

5.4CVSS5.6AI score0.00141EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.14 views

PT-2026-48554

Yoast Duplicate Post through 4.6 inserts an unescaped post title and permalink into the Classic Editor scheduled republish notice. Attackers can schedule a republish copy with a crafted title to execute script when an administrator views the resulting notice...

5.4CVSS5.6AI score0.00141EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/26 3:0 p.m.3 views

CVE-2026-33295

WWBN AVideo is an open source video platform. Prior to version 26.0, WWBN/AVideo contains a stored cross-site scripting vulnerability in the CDN plugin's download buttons component. The cleantitle field of a video record is interpolated directly into a JavaScript string literal without any...

8.2CVSS5.7AI score0.00216EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/03/22 5:0 p.m.27 views

CVE-2026-33295 AVideo Vulnerable to Stored XSS via Unescaped Video Title in CDN downloadButtons.php

WWBN AVideo is an open source video platform. Prior to version 26.0, WWBN/AVideo contains a stored cross-site scripting vulnerability in the CDN plugin's download buttons component. The cleantitle field of a video record is interpolated directly into a JavaScript string literal without any...

8.2CVSS0.00216EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/03/22 5:0 p.m.2 views

CVE-2026-33295 AVideo Vulnerable to Stored XSS via Unescaped Video Title in CDN downloadButtons.php

WWBN AVideo is an open source video platform. Prior to version 26.0, WWBN/AVideo contains a stored cross-site scripting vulnerability in the CDN plugin's download buttons component. The cleantitle field of a video record is interpolated directly into a JavaScript string literal without any...

8.2CVSS5.7AI score0.00216EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-27427

Malicious code in bioql PyPI...

10CVSS6.5AI score0.00684EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/09/11 7:25 p.m.6 views

CVE-2025-55730

XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Starting in version 1.0 and prior to version 1.26.5, missing escaping of the title in the confluence paste code macro allows remote code execution for any user who can edit any page. The...

10CVSS8.7AI score0.00684EPSS
Exploits0References1
CVE
CVE
added 2025/09/09 6:53 p.m.21 views

CVE-2025-55730

CVE-2025-55730 concerns XWiki Remote Macros. Versions 1.0 through 1.26.5 are affected due to missing escaping of the title in the Confluence paste code macro, which enables remote code execution for any user who can edit a page. The issue stems from the unescaped use of the classes parameter in X...

10CVSS8.1AI score0.00684EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/09/09 12:0 a.m.4 views

xwiki-pro-macros 安全漏洞

xwiki-pro-macros is an open source tool from XWiki SAS. It can enhance the functionality of XWiki. A security vulnerability exists in xwiki-pro-macros versions prior to 1.26.5, which stems from a lack of escaping of the title parameter and could lead to remote code execution...

10CVSS7.6AI score0.00684EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/07/08 12:0 a.m.4 views

PT-2024-28433 · Unknown · Rails Admin

Name of the Vulnerable Software and Affected Versions: RailsAdmin versions prior to 3.1.3 RailsAdmin version 2.2.1 and earlier Description: The issue is caused by an improperly-escaped HTML title attribute in the list view of RailsAdmin, leading to a Cross-site Scripting XSS vulnerability. The...

6.8CVSS6AI score0.00579EPSS
Exploits0References19
SUSE CVE
SUSE CVE
added 2024/05/15 2:29 a.m.5 views

SUSE CVE-2024-29894

Cacti provides an operational monitoring and fault management framework. Versions of Cacti prior to 1.2.27 contain a residual cross-site scripting vulnerability caused by an incomplete fix for CVE-2023-50250. raisemessagejavascript from lib/functions.php now uses purify.js to fix CVE-2023-50250...

4.7CVSS6.5AI score0.00897EPSS
Exploits1References5
OSV
OSV
added 2022/07/26 12:1 a.m.3 views

GHSA-WFVX-FX73-3RFJ markdown-it-toc Cross-site Scripting due to title of generated toc and contents of header not being escaped

This affects all versions of package markdown-it-toc. The title of the generated toc and the contents of the header are not escaped...

6.1CVSS6.7AI score0.00514EPSS
Exploits1References2
NVD
NVD
added 2021/10/18 2:15 p.m.14 views

CVE-2021-24516

The PlanSo Forms WordPress plugin through 2.6.3 does not escape the title of its Form before outputting it in attributes, allowing high privilege users such as admin to set XSS payload in it, even when the unfilteredhtml is disallowed, leading to an Authenticated Stored Cross-Site Scripting issue...

4.8CVSS0.00618EPSS
Exploits2References1
OSV
OSV
added 2021/08/16 11:15 a.m.5 views

CVE-2021-24526

The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder WordPress plugin before 1.13.60 does not escape its Form Title before outputting it in an attribute when editing a form in the admin dashboard, leading to an authenticated Stored Cross-Site Scripting issue...

5.4CVSS5.8AI score0.01091EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2018/03/15 5:29 p.m.6 views

CVE-2018-8729

Multiple cross-site scripting XSS vulnerabilities in the Activity Log plugin before 2.4.1 for WordPress allow remote attackers to inject arbitrary JavaScript or HTML via a title that is not escaped...

6.1CVSS5.5AI score0.0563EPSS
Exploits7References7
Rows per page
Query Builder