Lucene search
+L

10 matches found

ptsecurity
ptsecurity
added 2026/06/30 12:0 a.m.9 views

PT-2026-54000

Name of the Vulnerable Software and Affected Versions GitHub Enterprise Server versions prior to 3.21 Description A stored cross-site scripting issue exists where an authenticated attacker can execute arbitrary JavaScript in another user's browser. This occurs by injecting a crafted payload into...

6.3CVSS5.9AI score0.00184EPSS
Exploits0References12
github
github
added 2026/06/12 7:6 p.m.13 views

TYPO3 CMS has Cross-Site Scripting in Indexed Search

Problem Editors with access to create or modify page content were able to include HTML markup in page titles that were stored in the search index without sanitization. When displayed in frontend search results via the Indexed Search plugin, these titles were rendered without proper output encodin...

5.1CVSS5.2AI score0.00269EPSS
Exploits0References7Affected Software2
cvelist
cvelist
added 2026/06/09 10:51 a.m.39 views

CVE-2026-47348 TYPO3 CMS - Cross-Site Scripting in Indexed Search

Editors with access to create or modify page content were able to include HTML markup in page titles that were stored in the search index without sanitization. When displayed in frontend search results via the Indexed Search plugin, these titles were rendered without proper output encoding,...

5.1CVSS0.00269EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2026/06/09 10:51 a.m.7 views

CVE-2026-47348 TYPO3 CMS - Cross-Site Scripting in Indexed Search

Editors with access to create or modify page content were able to include HTML markup in page titles that were stored in the search index without sanitization. When displayed in frontend search results via the Indexed Search plugin, these titles were rendered without proper output encoding,...

5.1CVSS5.5AI score0.00269EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/03/19 12:0 a.m.8 views

PT-2026-26360

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2026.3.0-latest.1 Discourse versions prior to 2026.2.1 Discourse versions prior to 2026.1.2 Description Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, t...

6.1CVSS5.8AI score0.00347EPSS
Exploits0References8
vulnrichment
vulnrichment
added 2025/09/12 6:0 a.m.3 views

CVE-2025-3650 jQuery Colorbox <= 4.6.3 - Contributor+ Stored XSS

The jQuery Colorbox WordPress plugin through 4.6.3 uses the colorbox library, which does not sanitize title attributes on links before using them, allowing users with at least the contributor role to conduct XSS attacks against administrators...

5.8AI score0.00168EPSS
Exploits0References1
cvelist
cvelist
added 2025/09/12 6:0 a.m.10 views

CVE-2025-3650 jQuery Colorbox <= 4.6.3 - Contributor+ Stored XSS

The jQuery Colorbox WordPress plugin through 4.6.3 uses the colorbox library, which does not sanitize title attributes on links before using them, allowing users with at least the contributor role to conduct XSS attacks against administrators...

0.00168EPSS
Exploits0References1
pypa
pypa
added 2025/06/17 11:15 a.m.4 views

PYSEC-2025-236

Mezzanine CMS, in versions prior to 6.1.1, contains a Stored Cross-Site Scripting XSS vulnerability in the admin interface. The vulnerability exists in the "displayablelinksjs" function, which fails to properly sanitize blog post titles before including them in JSON responses served via...

4.8CVSS5.9AI score0.00263EPSS
Exploits1References4Affected Software1
osv
osv
added 2025/06/17 11:15 a.m.5 views

PYSEC-2025-236

Mezzanine CMS, in versions prior to 6.1.1, contains a Stored Cross-Site Scripting XSS vulnerability in the admin interface. The vulnerability exists in the "displayablelinksjs" function, which fails to properly sanitize blog post titles before including them in JSON responses served via...

4.8CVSS5.9AI score0.00263EPSS
Exploits1References4
osv
osv
added 2021/08/23 12:15 p.m.5 views

CVE-2021-24529

The Grid Gallery – Photo Image Grid Gallery WordPress plugin before 1.2.5 does not properly sanitize the title field for image galleries when adding them via the admin dashboard, resulting in an authenticated Stored Cross-Site Scripting vulnerability...

5.4CVSS6.1AI score0.0062EPSS
Exploits2References1
Rows per page
Query Builder