Lucene search
K

835 matches found

CVE
CVE
added 4 hours ago6 views

CVE-2026-12135

The CVE-2026-12135 entry concerns the FV Flowplayer Video Player plugin for WordPress. Affected versions are all releases up to 7.5.51.7212, where a Stored Cross-Site Scripting vulnerability exists in the video_player shortcode align attribute due to insufficient input sanitization and output esc...

6.4CVSS5.9AI score
Exploits0References6
Patchstack
Patchstack
added yesterday3 views

WordPress FV Flowplayer Video Player plugin <= 7.5.51.7212 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin FV Flowplayer Video Player versions = 7.5.51.7212...

6.4CVSS5.8AI score
Exploits0References1Affected Software1
Nuclei
Nuclei
added yesterday178 views

WordPress HTML5 Video Player - SQL Injection

WordPress HTML5 Video Player plugin is vulnerable to SQL injection. An unauthenticated attacker can exploit this vulnerability to perform SQL injection attacks. id: CVE-2024-1061 info: name: WordPress HTML5 Video Player - SQL Injection author: xxcdd severity: critical description: | WordPress HTM...

9.8CVSS7.3AI score0.11125EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday123 views

WordPress HTML5 Video Player < 2.5.27 - SQL Injection

The HTML5 Video Player WordPress plugin before 2.5.27 does not sanitize and escape a parameter from a REST route before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks id: CVE-2024-5522 info: name: WordPress HTML5 Video Player 2.5.27 - SQL Injection...

6.5CVSS5.8AI score0.02639EPSS
Exploits6References2
NVD
NVD
added 2026/06/15 9:17 p.m.9 views

CVE-2026-49773

Subscriber Cross Site Scripting XSS in FV Flowplayer Video Player 7.5.51.7212 versions...

6.5CVSS0.00166EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 8:19 p.m.7 views

EUVD-2026-36894

Subscriber Cross Site Scripting XSS in FV Flowplayer Video Player 7.5.51.7212 versions...

6.5CVSS5.1AI score0.00166EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.14 views

PT-2026-49344

Name of the Vulnerable Software and Affected Versions FV Flowplayer Video Player versions prior to 7.5.51.7212 Description Cross Site Scripting XSS is possible for users with the Subscriber role. This issue allows an attacker to inject malicious scripts into web pages viewed by other users...

6.5CVSS5.1AI score0.00166EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/06/09 12:22 p.m.8 views

WordPress FV Flowplayer Video Player plugin <= 7.5.49.7212 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by ? in WordPress Plugin FV Flowplayer Video Player versions = 7.5.49.7212...

7.2CVSS5.4AI score0.00241EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/06/05 7:16 p.m.11 views

CVE-2026-46496

HAX CMS helps manage microsite universe with PHP or NodeJs backends. A stored cross-site scripting XSS vulnerability exists in versions prior to 26.0.0 due to improper sanitization of the component. The component allows javascript: URIs in the source attribute, which are executed when the page is...

9.3CVSS0.0023EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/05 6:46 p.m.11 views

EUVD-2026-34892

HAX CMS helps manage microsite universe with PHP or NodeJs backends. A stored cross-site scripting XSS vulnerability exists in versions prior to 26.0.0 due to improper sanitization of the component. The component allows javascript: URIs in the source attribute, which are executed when the page is...

9.3CVSS5.5AI score0.0023EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/05 6:46 p.m.37 views

CVE-2026-46496 HAX CMS: Stored XSS via '<video-player>' component allows arbitrary JavaScript execution and token theft

HAX CMS helps manage microsite universe with PHP or NodeJs backends. A stored cross-site scripting XSS vulnerability exists in versions prior to 26.0.0 due to improper sanitization of the component. The component allows javascript: URIs in the source attribute, which are executed when the page is...

9.3CVSS0.0023EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/05 6:46 p.m.6 views

CVE-2026-46496 HAX CMS: Stored XSS via '<video-player>' component allows arbitrary JavaScript execution and token theft

HAX CMS helps manage microsite universe with PHP or NodeJs backends. A stored cross-site scripting XSS vulnerability exists in versions prior to 26.0.0 due to improper sanitization of the component. The component allows javascript: URIs in the source attribute, which are executed when the page is...

9.3CVSS5.5AI score0.0023EPSS
Exploits0References1
CVE
CVE
added 2026/06/05 6:46 p.m.21 views

CVE-2026-46496

HAX CMS is affected by a stored XSS in the component. Versions prior to 26.0.0 fail to sanitize input in the source/source-data attributes, allowing javascript: URIs that execute attacker-controlled JavaScript in victims’ browsers. This can lead to token exposure (e.g., JWTs) and other sensitive...

9.3CVSS5.5AI score0.0023EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.8 views

HAXCMS 安全漏洞

HAXCMS is an open-source content management system developed by HAX The Web. Versions of HAXCMS prior to 26.0.0 contained security vulnerabilities. These vulnerabilities stemmed from improper cleaning of the video-player component, which could allow attackers to execute arbitrary JavaScript in th...

9.3CVSS5.8AI score0.0023EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/06/04 12:54 p.m.7 views

WordPress FV Flowplayer Video Player plugin < 7.5.51.7212 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Jakub Herman in WordPress Plugin FV Flowplayer Video Player versions 7.5.51.7212...

6.5CVSS5.5AI score0.00166EPSS
Exploits0Affected Software1
Snyk
Snyk
added 2026/05/19 2:46 p.m.10 views

Cross-site Scripting (XSS)

Overview @haxtheweb/video-player is an Automated conversion of video-player/ Affected versions of this package are vulnerable to Cross-site Scripting XSS via improper sanitization of elements that allow javascript: URIs in the src attribute. An attacker can execute arbitrary JavaScript in the...

9.3CVSS5.8AI score0.0023EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/19 2:44 p.m.13 views

HAX CMS: Stored XSS via '<video-player>' component allows arbitrary JavaScript execution and token theft

Summary A stored cross-site scripting XSS vulnerability exists in HAX CMS due to improper sanitization of the component. The component allows javascript: URIs in the source attribute, which are executed when the page is viewed. This enables attackers to execute arbitrary JavaScript in the context...

9.3CVSS6AI score0.0023EPSS
Exploits0References3Affected Software2
Snyk
Snyk
added 2026/05/19 2:44 p.m.7 views

Cross-site Scripting (XSS)

Overview @haxtheweb/video-player is an Automated conversion of video-player/ Affected versions of this package are vulnerable to Cross-site Scripting XSS via the video-player component's source and source-data attributes. An attacker can execute arbitrary JavaScript in the victim's browser and...

9.3CVSS5.7AI score0.0023EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/19 2:44 p.m.7 views

Cross-site Scripting (XSS)

Overview @haxtheweb/haxcms-nodejs is a HAXcms nodejs backend Affected versions of this package are vulnerable to Cross-site Scripting XSS via the video-player component's source and source-data attributes. An attacker can execute arbitrary JavaScript in the victim's browser and access sensitive...

9.3CVSS5.7AI score0.0023EPSS
Exploits0References2
OSV
OSV
added 2026/05/19 2:44 p.m.4 views

GHSA-2M6P-HM3W-6JM3 HAX CMS: Stored XSS via '<video-player>' component allows arbitrary JavaScript execution and token theft

Summary A stored cross-site scripting XSS vulnerability exists in HAX CMS due to improper sanitization of the component. The component allows javascript: URIs in the source attribute, which are executed when the page is viewed. This enables attackers to execute arbitrary JavaScript in the context...

5.1CVSS6AI score0.0023EPSS
Exploits0References3
Rows per page
Query Builder