Lucene search
K

176 matches found

Snyk
Snyk
added 2025/09/23 6:44 p.m.4 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Prompt module when commands return raw HTML. An attacker can execute arbitrary scripts in the context of a user's browser by submitting malicious input that is processed through certain commands. Details...

9CVSS5.7AI score0.0051EPSS
Exploits0References2
Snyk
Snyk
added 2025/09/22 9:51 p.m.4 views

Cross-site Scripting (XSS)

Overview DotNetNuke.Core is a references provider to the DotNetNuke.dll to develop extensions for the DNN Platform. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Biography field. An attacker can execute arbitrary JavaScript code in the context of the website...

6.3CVSS5.3AI score0.00166EPSS
Exploits0References2
Snyk
Snyk
added 2025/07/23 9:44 p.m.1 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the markdown field in the info tab page. An attacker can execute arbitrary JavaScript code in the context of a user's browser by injecting malicious content. Details Cross-site scripting or XSS is a code...

5.1CVSS5.4AI score0.00303EPSS
Exploits0References2
NVD
NVD
added 2025/07/10 8:15 p.m.5 views

CVE-2025-45662

A cross-site scripting XSS vulnerability in the component /master/login.php of mpgram-web commit 94baadb allows attackers to execute arbitrary Javascript in the context of a user's browser via a crafted payload...

6.1CVSS0.00231EPSS
Exploits0References3
CVE
CVE
added 2025/07/10 12:0 a.m.28 views

CVE-2025-45662

CVE-2025-45662 affects mpgram-web (commit 94baadb) with a vulnerability in /master/login.php enabling cross-site scripting (XSS). An attacker can inject arbitrary Javascript in the victim’s browser. Documented impact: JavaScript execution in user context; CVSSv3.1 base score 6.1 (Medium) with net...

6.1CVSS5.8AI score0.00231EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2025/07/02 5:2 a.m.12 views

CVE-2025-52462

Cross-site scripting vulnerability exists in Active! mail 6 BuildInfo: 6.30.01004145 to 6.60.06008562. If this vulnerability is exploited, an arbitrary script may be executed on the logged-in user's web browser when the user is accessing a specially crafted URL...

6.1CVSS0.00193EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/06/30 9:16 a.m.3 views

CVE-2025-41439

A reflected cross-site scripting vulnerability via a specific parameter exists in SLNX Help Documentation of RICOH Streamline NX. If this vulnerability is exploited, an arbitrary script may be executed in the web browser of the user who accessed the product...

6.1CVSS6.5AI score0.0019EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/06/17 12:0 a.m.8 views

CVE-2025-45879

A cross-site scripting XSS vulnerability in the e-mail manager function of Miliaris Amigdala v2.2.6 allows attackers to execute arbitrary HTML in the context of a user's browser via a crafted payload...

0.00231EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/06/17 12:0 a.m.8 views

CVE-2025-45879

A cross-site scripting XSS vulnerability in the e-mail manager function of Miliaris Amigdala v2.2.6 allows attackers to execute arbitrary HTML in the context of a user's browser via a crafted payload...

5.9AI score0.00231EPSS
Exploits0References2
NVD
NVD
added 2025/06/16 8:15 a.m.11 views

CVE-2025-4987

A stored Cross-site Scripting XSS vulnerability affecting Opportunity Management in Project Portfolio Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session...

8.7CVSS0.0035EPSS
Exploits0References1
Veracode
Veracode
added 2025/06/05 3:10 a.m.5 views

Cross-site Scripting (XSS)

github.com/forceu/gokapi is vulnerable to stored cross-site scripting XSS. The vulnerability is due to insufficient sanitization and validation of filenames with embedded JavaScript, allows an attacker to execute malicious JavaScript code in the context of other users’ browsers...

5.4CVSS6AI score0.0014EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2025/05/30 3:15 p.m.8 views

CVE-2025-4992

A stored Cross-site Scripting XSS vulnerability affecting Service Items Management in Service Process Engineer from Release 3DEXPERIENCE R2024x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session...

8.7CVSS0.00266EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/30 6:36 a.m.14 views

CVE-2025-41406

Cross-site scripting vulnerability exists in wivia 5 all versions. If exploited, when a user connects to the affected device with a specific operation, an arbitrary script may be executed on the web browser of the moderator user...

5.4CVSS0.00198EPSS
Exploits0References2
Veracode
Veracode
added 2025/05/27 4:51 a.m.10 views

Cross-Site Scripting (XSS)

dotnetnuke.core is vulnerable to cross-site scripting XSS. The vulnerability is due to uploaded SVG files containing scripts that, when rendered inline. It allows an attacker to execute malicious scripts in the context of the user’s browser...

6.1CVSS6.1AI score0.00244EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2025/05/23 4:15 p.m.11 views

CVE-2024-51099

A reflected cross-site scripting XSS vulnerability in the component mcgs/download-medical-cards.php of PHPGURUKUL Medical Card Generation System using PHP and MySQL v1.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the searchda...

6.1CVSS0.00274EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:29 a.m.9 views

CVE-2024-44778

A reflected cross-site scripting XSS vulnerability in the parent parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload...

9.6CVSS6AI score0.00691EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:38 a.m.12 views

CVE-2024-27083

Flask-AppBuilder is an application development framework, built on top of Flask. A Cross-Site Scripting XSS vulnerability has been discovered on the OAuth login page. An attacker could trick a user to follow a specially crafted URL to the OAuth login page. This URL could inject and execute...

6.1CVSS5.8AI score0.00567EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:15 a.m.8 views

CVE-2024-30419

Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12, Ver.3.0.x series versions prior to Ver.3.0.32, Ver.2.11.x series versions prior to Ver.2.11.61, Ver.2.10.x series versions prior to Ver.2.10.53, and Ver.2.9 and earlier versions. If this...

5.4CVSS6.7AI score0.00249EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:40 a.m.4 views

CVE-2024-23782

Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier versions. If this...

5.4CVSS6.7AI score0.00298EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:32 a.m.10 views

CVE-2024-40111

A persistent stored cross-site scripting XSS vulnerability has been identified in Automad 2.0.0-alpha.4. This vulnerability enables an attacker to inject malicious JavaScript code into the template body. The injected code is stored within the flat file CMS and is executed in the browser of any us...

4.8CVSS5.4AI score0.00769EPSS
Exploits2References1
Rows per page
Query Builder