Lucene search
K

6 matches found

Vulnrichment
Vulnrichment
added 2026/04/03 3:47 p.m.3 views

CVE-2026-35218 Budibase: Stored XSS via unsanitized entity names rendered with {@html} in Builder Command Palette

Budibase is an open-source low-code platform. Prior to version 3.32.5, Budibase's Builder Command Palette renders entity names tables, views, queries, automations using Svelte's @html directive without any sanitization. An authenticated user with Builder access can create a table, automation, vie...

8.7CVSS5.8AI score0.0033EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/04/03 3:47 p.m.22 views

CVE-2026-35218 Budibase: Stored XSS via unsanitized entity names rendered with {@html} in Builder Command Palette

Budibase is an open-source low-code platform. Prior to version 3.32.5, Budibase's Builder Command Palette renders entity names tables, views, queries, automations using Svelte's @html directive without any sanitization. An authenticated user with Builder access can create a table, automation, vie...

8.7CVSS0.0033EPSS
Exploits1References4
EUVD
EUVD
added 2026/03/11 12:13 a.m.3 views

EUVD-2026-10918

Sylius Vulnerable to Authenticated Stored XSS...

4.8CVSS5.8AI score0.00142EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/10 9:29 p.m.37 views

CVE-2026-31823 Sylius has Authenticated Stored XSS

Sylius is an Open Source eCommerce Framework on Symfony. An authenticated stored cross-site scripting XSS vulnerability exists in multiple places across the shop frontend and admin panel due to unsanitized entity names being rendered as raw HTML. Shop breadcrumbs shared/breadcrumbs.html.twig: The...

4.8CVSS0.00142EPSS
Exploits0References1
OSV
OSV
added 2026/03/10 9:29 p.m.9 views

CVE-2026-31823 Sylius has Authenticated Stored XSS

Sylius is an Open Source eCommerce Framework on Symfony. An authenticated stored cross-site scripting XSS vulnerability exists in multiple places across the shop frontend and admin panel due to unsanitized entity names being rendered as raw HTML. Shop breadcrumbs shared/breadcrumbs.html.twig: The...

4.8CVSS5.8AI score0.00142EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/10 12:0 a.m.5 views

PT-2026-24477

Name of the Vulnerable Software and Affected Versions Sylius versions 1.9.12 through 2.2.3 Description Sylius, an Open Source eCommerce Framework on Symfony, contains an authenticated stored cross-site scripting XSS issue in multiple areas of the shop frontend and admin panel. This is due to...

4.8CVSS5.8AI score0.00142EPSS
Exploits0References7
Rows per page
Query Builder