Lucene search
K

8 matches found

RedhatCVE
RedhatCVE
added 2026/03/26 5:5 p.m.4 views

CVE-2026-25309

Missing Authorization vulnerability in PublishPress PublishPress Authors publishpress-authors allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PublishPress Authors: from n/a through = 4.10.1...

7.5CVSS5.8AI score0.00287EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/19 12:0 a.m.8 views

WordPress plugin PublishPress Authors 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

4.3CVSS5.8AI score0.00185EPSS
Exploits0References1
CVE
CVE
added 2026/02/03 6:9 p.m.16 views

CVE-2026-25490

CVE-2026-25490 describes a stored XSS in Craft Commerce (Craft CMS) affecting versions 4.0.0-RC1–4.10.0 and 5.0.0–5.5.1. The vulnerability stems from improper sanitization of the Address Line 1 field in Inventory Locations, allowing malicious JavaScript to run in an administrator’s browser when t...

6.1CVSS5.5AI score0.00261EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/02/03 6:6 p.m.5 views

CVE-2026-25485 Craft Commerce has Stored XSS in Shipping Categories (Name & Description) Fields Leading to Potential Privilege Escalation

Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored XSS vulnerability in Craft Commerce allows attackers to execute malicious JavaScript in an administrator’s browser. This occurs because the Shipping Categories Name &...

6.2CVSS5.5AI score0.00261EPSS
Exploits1References6
OSV
OSV
added 2025/12/15 12:30 a.m.7 views

GHSA-774Q-R975-VQWP Mayan EDMS is vulnerable to XSS through the /authentication/ file

A vulnerability was detected in Mayan EDMS up to 4.10.1. The affected element is an unknown function of the file /authentication/. The manipulation results in cross site scripting. The attack may be performed from remote. The exploit is now public and may be used. Upgrading to version 4.10.2 is...

5.3CVSS3.9AI score0.00392EPSS
Exploits1References12
Positive Technologies
Positive Technologies
added 2025/09/22 12:0 a.m.9 views

PT-2025-38927

Name of the Vulnerable Software and Affected Versions artbees JupiterX Core versions through 4.10.1 Description The software contains a flaw due to improper neutralization of input during web page generation, which allows for Stored Cross-site Scripting XSS. This means that malicious code can be...

6.5CVSS6.2AI score0.00196EPSS
Exploits0References3
CNVD
CNVD
added 2019/04/28 12:0 a.m.3 views

Cybozu Garoon Cross-Site Scripting Vulnerability (CNVD-2019-12692)

Cybozu Garoon is a portal-type OA office system from Cybozu Japan. The system provides portal, e-mail, bookmarks, scheduling, bulletin board, document management, and other functions. A cross-site scripting vulnerability exists in Cybozu Garoon versions 4.6.0 through 4.10.1, which originates from...

5.4CVSS6.4AI score0.00835EPSS
Exploits0References1
CNVD
CNVD
added 2019/04/28 12:0 a.m.4 views

Cybozu Garoon Privilege Access Control Issue Vulnerability (CNVD-2019-12697)

Cybozu Garoon is a portal-type OA office system from Cybozu Japan. The system provides portal, e-mail, bookmarks, scheduling, bulletin board, document management, and other functions. A vulnerability exists in Cybozu Garoon versions 4.0.0 to 4.10.1 due to privilege permission and access control...

4.3CVSS6.6AI score0.01129EPSS
Exploits0References1
Rows per page
Query Builder