Lucene search
+L

5 matches found

attackerkb
attackerkb
added 6 hours ago3 views

CVE-2026-46686

Emlog is an open source website building system. In 2.6.13 and earlier, the admin backend user search module's keyword parameter from admin/user.php is processed with addslashes but not HTML-escaped before being rendered into the value attribute in admin/views/user.php, allowing reflected...

8.5CVSS6AI score0.0003EPSS
Exploits0References2Affected Software1
ptsecurity
ptsecurity
added 2024/11/21 12:0 a.m.7 views

PT-2024-35155

Name of the Vulnerable Software and Affected Versions authentik versions prior to 2024.8.5 authentik version 2024.8.5 and 2024.10.3 are not affected, but all versions prior to 2024.8.5 are vulnerable. However, the correct interpretation is that versions prior to 2024.8.5 are affected. Corrected...

9.8CVSS5.8AI score0.0106EPSS
Exploits0References11
prion
prion
added 2022/08/18 11:15 p.m.11 views

Design/Logic Flaw

lib/omniauth/failureendpoint.rb in OmniAuth before 1.9.2 and before 2.0 does not escape the messagekey value...

7.5CVSS9.4AI score0.01035EPSS
Exploits0References2Affected Software1
ptsecurity
ptsecurity
added 2021/10/26 12:0 a.m.5 views

PT-2021-23436 · Mybb · Mybb

Name of the Vulnerable Software and Affected Versions: MyBB versions prior to 1.8.28 Description: The issue allows stored XSS because the displayed Template Name value in the Admin CP's theme management is not escaped properly. Recommendations: For versions prior to 1.8.28, update to version 1.8....

5.4CVSS5.2AI score0.00477EPSS
Exploits0References7
hackerone
hackerone
added 2020/09/28 2:21 p.m.19 views

Open-Xchange: XSS - Search - Unescaped contact job

The function responsible for formatting the contact's job company and position doesn't escape its value, which allows to inject arbitrary HTML content. javascript // master/ui/apps/io.ox/contacts/common-extensions.js // develop/ui/apps/io.ox/contacts/listview.js bright: function baton var text =...

0.6AI score
Exploits0
Rows per page
Query Builder