Lucene search
K

2052 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 10:52 a.m.8 views

CVE-2022-42746

CandidATS version 3.0.0 on 'indexFile' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks...

6.1CVSS6.1AI score0.01117EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:51 a.m.8 views

CVE-2022-42747

CandidATS version 3.0.0 on 'sortBy' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks...

6.1CVSS6.1AI score0.01071EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:45 a.m.8 views

CVE-2022-0771

The SiteSuperCharger WordPress plugin before 5.2.0 does not validate, sanitise and escape various user inputs before using them in SQL statements via AJAX actions available to both unauthenticated and authenticated users, leading to Unauthenticated SQL Injections...

9.8CVSS7.2AI score0.01602EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:40 a.m.8 views

CVE-2022-35227

A vulnerability in SAP NW EP WPC - versions 7.30, 7.31, 7.40, 7.50, which does not sufficiently validate user-controlled input, allows a remote attacker to conduct a Cross-Site XSS scripting attack. A successful exploit could allow the attacker to execute arbitrary script code which could lead to...

6.1CVSS6.8AI score0.00675EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:18 a.m.9 views

CVE-2019-18219

Sitemagic CMS 4.4.1 is affected by a Cross-Site-Scripting XSS vulnerability, as it fails to validate user input. The affected components index.php, upgrade.php allow for JavaScript injection within both GET or POST requests, via a crafted URL or via the UpgradeMode POST parameter...

6.1CVSS6.8AI score0.00856EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:21 a.m.9 views

CVE-2021-27418

GE UR firmware versions prior to version 8.1x supports web interface with read-only access. The device fails to properly validate user input, making it possible to perform cross-site scripting attacks, which may be used to send a malicious script. Also, UR Firmware web server does not perform HTM...

6.1CVSS6.2AI score0.00585EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:18 a.m.21 views

CVE-2025-23032

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting XSS vulnerability was identified in the adicionarescala.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts int...

6.4CVSS5.4AI score0.00273EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:17 a.m.20 views

CVE-2025-23038

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting XSS vulnerability was identified in the remuneracao.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into th...

6.4CVSS5.4AI score0.00273EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:17 a.m.10 views

CVE-2025-23030

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting XSS vulnerability was identified in the cadastrofuncionario.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious...

6.4CVSS6AI score0.00295EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:17 a.m.12 views

CVE-2025-23035

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting XSS vulnerability was identified in the adicionartipoquadrohorario.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious...

6.4CVSS5.4AI score0.00273EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:17 a.m.14 views

CVE-2025-23031

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting XSS vulnerability was identified in the adicionaralergia.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in...

6.4CVSS5.4AI score0.00273EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:16 a.m.7 views

CVE-2025-40980

A Stored Cross Site Scripting vulnerability has been found in UltimatePOS by UltimateFosters. This vulnerability is due to the lack of proper validation of user inputs via ‘/products//edit’, affecting to ‘name’ parameter via POST. The vulnerability could allow a remote attacker to send a speciall...

5.1CVSS5.8AI score0.0049EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:7 a.m.12 views

CVE-2020-7809

ALSong 3.46 and earlier version contain a Document Object Model DOM based cross-site scripting vulnerability caused by improper validation of user input. A remote attacker could exploit this vulnerability by tricking the victim to open ALSong Albumsab file...

6.1CVSS6.3AI score0.00631EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:7 a.m.17 views

CVE-2020-24902

Quixplorer =2.4.1 is vulnerable to reflected cross-site scripting XSS caused by improper validation of user supplied input. A remote attacker could exploit this vulnerability using a specially crafted URL to execute a script in a victim's Web browser within the security context of the hosting Web...

6.1CVSS6.1AI score0.02852EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:13 a.m.13 views

CVE-2024-2259

This vulnerability exists in InstaRISPACS software due to insufficient validation of user supplied input for the loginTo parameter in user login module of the web interface of the application. A remote attacker could exploit this vulnerability by sending a specially crafted input to the vulnerabl...

6.4CVSS6.1AI score0.00499EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/12/31 10:5 p.m.53 views

serverless MCP Server vulnerable to Command Injection in list-projects tool

Summary A command injection vulnerability exists in the Serverless Framework's built-in MCP server package @serverless/mcp. This vulnerability only affects users of the experimental MCP server feature serverless mcp, which represents less than 0.1% of Serverless Framework users. The core Serverle...

7.5CVSS9.4AI score0.01944EPSS
Exploits2References6Affected Software1
CNVD
CNVD
added 2025/11/25 12:0 a.m.7 views

WordPress HT Mega plugin cross-site scripting vulnerability

WordPress HT Mega plugin is an Elementor page builder plugin designed for WordPress websites. The WordPress HT Mega plugin suffers from a cross-site scripting vulnerability that stems from insufficient validation of user-supplied HTML tag name input, which can be exploited by an attacker to execu...

6.4CVSS5.9AI score0.00186EPSS
Exploits0References1
Hacker One
Hacker One
added 2025/11/22 5:56 a.m.11 views

U.S. Dept Of Defense: Cross-Site Scripting via URL on ████████

A Cross-Site Scripting XSS vulnerability was discovered on a specific system through the GET method. The vulnerability allowed the injection of malicious scripts that could be executed. The provided payload demonstrated the vulnerability. The system host and affected products and versions were no...

6.2AI score
Exploits0
NVD
NVD
added 2025/11/06 9:15 p.m.5 views

CVE-2025-12489

evernote-mcp-server openBrowser Command Injection Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of evernote-mcp-server. An attacker must first obtain the ability to execute low-privileged code on the target system in...

7.8CVSS0.01386EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-6867

Malware in sbrugna...

6.1CVSS6.3AI score0.00801EPSS
Exploits0References2
Rows per page
Query Builder