Lucene search
+L

18 matches found

RedhatCVE
RedhatCVE
added 2025/10/09 12:14 a.m.9 views

CVE-2025-61183

Cross Site Scripting in vaahcms v.2.3.1 allows a remote attacker to execute arbitrary code via upload method in the storeAvatar method of UserBase.php...

6.1CVSS7.2AI score0.00279EPSS
Exploits2References1
OSV
OSV
added 2025/10/08 3:32 p.m.5 views

GHSA-Q769-PHQG-263R VaahCMS is vulnerable to XSS through its Avatar Upload endpoint

Cross-Site Scripting in vaahcms v.2.3.1 allows a remote attacker to execute arbitrary code via upload method in the storeAvatar method of UserBase.php...

6.1CVSS7.3AI score0.00279EPSS
Exploits2References4
Vulnrichment
Vulnrichment
added 2025/10/08 12:0 a.m.1 views

CVE-2025-61183

Cross Site Scripting in vaahcms v.2.3.1 allows a remote attacker to execute arbitrary code via upload method in the storeAvatar method of UserBase.php...

6.9AI score0.00279EPSS
Exploits2References2
Cvelist
Cvelist
added 2025/10/08 12:0 a.m.14 views

CVE-2025-61183

Cross Site Scripting in vaahcms v.2.3.1 allows a remote attacker to execute arbitrary code via upload method in the storeAvatar method of UserBase.php...

0.00279EPSS
Exploits2References2
CVE
CVE
added 2025/10/08 12:0 a.m.17 views

CVE-2025-61183

VaahCMS 2.3.1 is affected by a Stored XSS via the Avatar Upload endpoint in storeAvatar() of UserBase.php. The vulnerability stems from saving the uploaded file to a public path before content/MIME-type validation, allowing an attacker to place a crafted SVG that can execute script when rendered....

6.1CVSS6.9AI score0.00279EPSS
Exploits2References2Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-5723

Malicious code in bioql PyPI...

7.1CVSS6.6AI score0.00342EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/03/05 3:6 p.m.4 views

CVE-2025-23553

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in David Cramer Userbase Access Control userbase-access-control allows Reflected XSS.This issue affects Userbase Access Control: from n/a through = 1.0...

7.1CVSS5.9AI score0.00342EPSS
Exploits0References1
NVD
NVD
added 2025/03/03 2:15 p.m.8 views

CVE-2025-23553

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in David Cramer Userbase Access Control userbase-access-control allows Reflected XSS.This issue affects Userbase Access Control: from n/a through = 1.0...

7.1CVSS0.00342EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/03 1:30 p.m.14 views

CVE-2025-23553 WordPress Userbase Access Control plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in David Cramer Userbase Access Control userbase-access-control allows Reflected XSS.This issue affects Userbase Access Control: from n/a through = 1.0...

7.1CVSS0.00342EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/03 1:30 p.m.4 views

CVE-2025-23553 WordPress Userbase Access Control plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in David Cramer Userbase Access Control allows Reflected XSS. This issue affects Userbase Access Control: from n/a through 1.0...

7.1CVSS7AI score0.00342EPSS
Exploits0References1
CVE
CVE
added 2025/03/03 1:30 p.m.47 views

CVE-2025-23553

CVE-2025-23553 corresponds to a reflected Cross-Site Scripting (XSS) vulnerability in the WordPress plugin WordPress Userbase Access Control (versions

7.1CVSS5.9AI score0.00342EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/03/03 12:0 a.m.3 views

WordPress plugin Userbase Access Control 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

7.1CVSS5.9AI score0.00342EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/01/20 6:9 p.m.5 views

CVE-2025-23214 Cosmos userbase checking vulnerability

Cosmos provides users the ability self-host a home server by acting as a secure gateway to your application, as well as a server manager. By monitoring the error code returned in the login, it is possible to figure out whether a user exist or not in the database. Patched in 0.17.7...

6.9CVSS6.6AI score0.00608EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/01/20 6:9 p.m.19 views

CVE-2025-23214 Cosmos userbase checking vulnerability

Cosmos provides users the ability self-host a home server by acting as a secure gateway to your application, as well as a server manager. By monitoring the error code returned in the login, it is possible to figure out whether a user exist or not in the database. Patched in 0.17.7...

6.9CVSS0.00608EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/01/16 6:41 p.m.5 views

WordPress Userbase Access Control plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara Kinorth in WordPress Plugin Userbase Access Control versions = 1.0...

7.1CVSS6.1AI score0.00342EPSS
Exploits0Affected Software1
Huntr
Huntr
added 2023/01/31 2:55 p.m.13 views

xss bypass the filter

Description hi,@maintainer.The filter you use to clean xss is unsafe.Please choose an xss filter with a large number of users and a high evaluation Video link You can watch my video through this link first. link https://drive.google.com/file/d/1mh9hiDxmybLQGPw-z36qBdsEcEOoPw8/view?usp=sharelink...

0.2AI score
Exploits0
0day.today
0day.today
added 2017/07/04 12:0 a.m.67 views

Xenforo Forum CMS 1.5.13 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications +---------------------------------------------------------+ | Vulnerable Software: Xenforo Forum CMS | | Vendor: http://xenforo.com | | Vulnerability Type: Persistent XSS authenticated | | Date Released: 07/04/2017 | | Released by: MLT |...

7.1AI score
Exploits0
ThreatPost
ThreatPost
added 2014/08/01 9:40 a.m.16 views

Twitter Gains Team From Mitro Password Management Company

Twitter has announced that a cloud-based password management company called Mitro has joined the Twitter team, and all of Mitro’s code is now free and open source. Mitro’s offering a secure password manager that’s meant to help distributed teams share passwords for accounts and services. The...

0.3AI score
Exploits0References3
Rows per page
Query Builder