Lucene search
K

25 matches found

ATTACKERKB
ATTACKERKB
added 2 days ago3 views

CVE-2026-58579

RAGFlow before 0.26.3 stores an agent pipeline DSL node name without sanitization: the agent update endpoint normalizes the submitted DSL via normalizedsl, which only performs JSON serialization validation and preserves the node name verbatim. The dataflow-result web UI then renders that name int...

5.4CVSS5.9AI score0.00182EPSS
Exploits0References6
NVD
NVD
added 2026/06/21 2:16 p.m.12 views

CVE-2026-56393

Craft CMS 4.x = 4.0.0-RC1, = 5.0.0-RC1, 5.9.0-beta.1 contain multiple stored cross-site scripting vulnerabilities where settings names and field option labels are rendered without sanitization e.g., via the checkbox.twig template, which used label|raw . An authenticated administrator with...

4.8CVSS0.00183EPSS
Exploits0References4
OSV
OSV
added 2026/06/05 8:42 a.m.6 views

BIT-APPSMITH-2026-7299 CVE-2026-7299

Appsmith’s SQL query editor’s autocomplete functionality fails to sanitize database object names before rendering them in innerHTML, allowing an authenticated Developer to inject persistent XSS by a malicious table or column names triggering arbitrary code execution in the sessions of other...

6.3CVSS6.3AI score0.00341EPSS
Exploits2References7
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.14 views

PT-2026-45788

Name of the Vulnerable Software and Affected Versions Appsmith versions prior to 2.1 Description The SQL query editor's autocomplete functionality fails to sanitize database object names before rendering them using innerHTML. This allows an authenticated Developer with access to a shared PostgreS...

6.3CVSS5.9AI score0.00341EPSS
Exploits2References12
Snyk
Snyk
added 2026/05/29 1:18 p.m.7 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the project selector component when rendering selection menus for associating projects with system entities due to improper sanitization of project names returned via AJAX before injecting them into the DOM a...

6.1CVSS5.5AI score0.00133EPSS
Exploits0References2
NVD
NVD
added 2026/05/27 8:16 p.m.18 views

CVE-2026-42197

RELATE is a web-based courseware package. Versions prior to commit 555f0efb1c5bd7531c07cd73724d7e566a81f620 have a stored cross-site scripting vulnerability that allows any enrolled student to execute arbitrary JavaScript in an administrator's browser session, potentially leading to full admin...

8.7CVSS0.0031EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/15 9:1 p.m.38 views

CVE-2026-44566 Open WebUI: Arbitrary File Upload and Path Traversal

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.1.124, when attaching files to a promp, the name of the file is derived from the original HTTP upload request and is not validated or sanitized. This allows for users to upload files with...

7.3CVSS0.00336EPSS
Exploits1References1
NVD
NVD
added 2026/05/14 7:16 p.m.38 views

CVE-2026-44522

Note Mark is an open-source note-taking application. From 0.13.0 to before 0.19.4, the Note Mark application allows authenticated users to upload assets to notes via POST /api/notes/noteID/assets, where the asset filename is provided through the X-Name HTTP request header. This value is stored...

8.6CVSS0.00495EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/14 6:44 p.m.8 views

CVE-2026-44522 Note Mark: Arbitrary File Write via Path Traversal in Asset Names Leading to Remote Code Execution

Note Mark is an open-source note-taking application. From 0.13.0 to before 0.19.4, the Note Mark application allows authenticated users to upload assets to notes via POST /api/notes/noteID/assets, where the asset filename is provided through the X-Name HTTP request header. This value is stored...

8.6CVSS6AI score0.00495EPSS
Exploits0References1
CVE
CVE
added 2026/04/29 1:31 p.m.40 views

CVE-2026-42520

Jenkins Credentials Binding Plugin 719.v80e905ef14eb_ and earlier is vulnerable due to failure to sanitize file names for file and zip file credentials, enabling a job’s credentials to write files to arbitrary locations on the node filesystem and potentially enabling remote code execution if a lo...

7.5CVSS6.5AI score0.00411EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/26 3:7 p.m.4 views

CVE-2026-31823

Sylius is an Open Source eCommerce Framework on Symfony. An authenticated stored cross-site scripting XSS vulnerability exists in multiple places across the shop frontend and admin panel due to unsanitized entity names being rendered as raw HTML. Shop breadcrumbs shared/breadcrumbs.html.twig: The...

4.8CVSS5.8AI score0.00142EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/03/11 12:13 a.m.5 views

Sylius Vulnerable to Authenticated Stored XSS

Impact An authenticated stored cross-site scripting XSS vulnerability exists in multiple places across the shop frontend and admin panel due to unsanitized entity names being rendered as raw HTML. Shop breadcrumbs shared/breadcrumbs.html.twig: The breadcrumbs macro uses the Twig |raw filter on...

4.8CVSS5.9AI score0.00142EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/10 5:40 a.m.4 views

CVE-2026-22257

Salvo is a Rust web backend framework. Prior to version 0.88.1, the function listhtml generates a file view of a folder without sanitizing the files or folders names, this may potentially lead to XSS in cases where a website allow the access to public files using this feature and anyone can uploa...

8.8CVSS6.3AI score0.003EPSS
Exploits1References1
OSV
OSV
added 2026/01/08 6:22 p.m.5 views

CVE-2026-22257 Salvo is vulnerable to stored XSS in the list_html function by uploading files with malicious names

Salvo is a Rust web backend framework. Prior to version 0.88.1, the function listhtml generates a file view of a folder without sanitizing the files or folders names, this may potentially lead to XSS in cases where a website allow the access to public files using this feature and anyone can uploa...

8.8CVSS6.2AI score0.003EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/12/24 10:29 p.m.4 views

CVE-2025-66209

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in the Database Backup functionality allows users with application/service management permissions to execute...

9.9CVSS8.8AI score0.0376EPSS
Exploits1References1
OSV
OSV
added 2025/11/25 6:12 p.m.3 views

GO-2025-4158 LF Edge eKuiper is vulnerable to Arbitrary File Read/Write via unsanitized names and zip extraction in github.com/lf-edge/ekuiper

LF Edge eKuiper is vulnerable to Arbitrary File Read/Write via unsanitized names and zip extraction in github.com/lf-edge/ekuiper...

6.9AI score
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 9:1 a.m.6 views

CVE-2024-6792

The WP ULike WordPress plugin before 4.7.2.1 does not properly sanitize user display names when rendering on a public page...

3.5CVSS6.8AI score0.00355EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:38 a.m.6 views

CVE-2024-32468

Deno is a runtime for JavaScript and TypeScript written in rust. Several cross-site scripting vulnerabilities existed in the denodoc crate which lead to Self-XSS with deno doc --html. 1. XSS in generated searchindex.js, denodoc outputs a JavaScript file for searching. However, the generated file...

5.4CVSS5.5AI score0.00325EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/09/25 12:0 a.m.5 views

Concrete CMS 跨站脚本漏洞

Concrete CMS is a team-oriented open source content management system from Concrete CMS Open Source. A cross-site scripting vulnerability exists in Concrete CMS versions 9.0.0 through 9.3.3 and prior to 8.5.19. The vulnerability stems from the calendar event names not being cleaned up during...

5.4CVSS5.7AI score0.00459EPSS
Exploits0References6
OSV
OSV
added 2022/07/26 10:15 p.m.2 views

CVE-2022-27105

InMailX Outlook Plugin 3.22.0101 is vulnerable to Cross Site Scripting XSS. InMailX Connection names are not sanitzed in the Outlook tab, which allows a local user or network administrator to execute HTML / Javascript in the Outlook of users...

5.4CVSS6.1AI score0.00611EPSS
Exploits0References3
Rows per page
Query Builder