Lucene search
+L

30 matches found

RedhatCVE
RedhatCVE
added 2026/01/24 3:17 a.m.13 views

CVE-2025-70458

A DOM-based Cross-Site Scripting XSS vulnerability exists in the DomainCheckerApp class within domain/script.js of Sourcecodester Domain Availability Checker v1.0. The vulnerability occurs because the application improperly handles user-supplied data in the createResultElement method by using the...

5.4CVSS5.5AI score0.00195EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/22 11:24 p.m.8 views

CVE-2026-23630

Docmost is open-source collaborative wiki and documentation software. In versions 0.3.0 through 0.23.2, Mermaid code block rendering is vulnerable to stored Cross-Site Scripting XSS. The frontend can render attacker-controlled Mermaid diagrams using mermaid.render, then inject the returned SVG/HT...

6.3CVSS5.8AI score0.00243EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/01/21 10:51 p.m.3 views

CVE-2026-23630

Docmost is open-source collaborative wiki and documentation software. In versions 0.3.0 through 0.23.2, Mermaid code block rendering is vulnerable to stored Cross-Site Scripting XSS. The frontend can render attacker-controlled Mermaid diagrams using mermaid.render, then inject the returned SVG/HT...

6.3CVSS5.8AI score0.00243EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/01/08 8:8 p.m.5 views

GHSA-M7J5-RQ9J-6JJ9 NiceGUI apps are vulnerable to XSS which uses `ui.sub_pages` and render arbitrary user-provided links

Summary An unsafe implementation in the click event listener used by ui.subpages, combined with attacker-controlled link rendering on the page, causes an XSS when the user actively clicks on the link. Details 1. On click, eventually subpagesnavigate event is emitted...

6.1CVSS6.2AI score0.00238EPSS
Exploits1References4
Veracode
Veracode
added 2025/10/27 11:31 a.m.9 views

SQL Injection

net.mingsoft:ms-mcms is vulnerable to SQL Injection. The vulnerability is due to improper sanitization of the contenttitle parameter in the /cms/content/list endpoint, which allows an attacker to inject and execute arbitrary SQL queries through crafted input in the FreeMarker template rendering...

9.8CVSS7.8AI score0.00594EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2025/09/03 12:0 a.m.10 views

CVE-2025-45805

In phpgurukul Doctor Appointment Management System 1.0, an authenticated doctor user can inject arbitrary JavaScript code into their profile name. This payload is subsequently rendered without proper sanitization, when a user visits the website and selects the doctor to book an appointment...

0.00362EPSS
Exploits2References3
OSV
OSV
added 2025/08/19 6:56 p.m.7 views

CVE-2025-55735 flaskBlog Stored XSS Vulnerability

flaskBlog is a blog app built with Flask. In 2.8.0 and earlier, when creating a post, there's no validation of the content of the post stored in the variable "postContent". The vulnerability arises when displaying the content of the post using the | safe filter, that tells the engine to not escap...

5.3CVSS6.3AI score0.00192EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2024/01/17 12:0 a.m.6 views

PT-2024-19405 · Flaskblog · Flaskblog

Name of the Vulnerable Software and Affected Versions: flaskBlog affected versions not specified Description: The issue is related to improper storage and rendering of user comments on the /user/ page, allowing arbitrary javascript code execution. This is due to the use of the |safe tag in the...

6.5CVSS5.5AI score0.00409EPSS
Exploits1References5
Snyk
Snyk
added 2022/04/26 8:39 a.m.2 views

Cross-site Scripting (XSS)

Overview whoogle-search is a Self-hosted, ad-free, privacy-respecting metasearch engine Affected versions of this package are vulnerable to Cross-site Scripting XSS via the query string parameter q. In the case where it does not contain the http string, it is used to build the errormessage that i...

6.1CVSS5.2AI score0.009EPSS
Exploits0References2
Veracode
Veracode
added 2019/04/08 2:31 a.m.10 views

Cross-Site Scripting (XSS)

harp is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser due to unsafe rendering of markdown files...

6.2AI score
Exploits0
Rows per page
Query Builder