Lucene search
K

41 matches found

Cvelist
Cvelist
added yesterday21 views

CVE-2025-36321 Vulnerabilities found in Watson Data Intelligence

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

5.7CVSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.8 views

Google Chrome 安全漏洞

Google Chrome is a web browser developed by the American company Google. Versions of Google Chrome prior to 149.0.7827.53 contained a security vulnerability, which was caused by improper XML implementation. Remote attackers could inject arbitrary scripts or HTML through specially crafted HTML pag...

6.1CVSS5.5AI score0.00159EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/22 4:28 a.m.3 views

CVE-2026-40451

DeepL Chrome browser extension versions from v1.22.0 to v.1.23.0 contain a cross-site scripting vulnerability, which allows an attacker to execute arbitrary script in a user's browser, and inject malicious HTML into web pages viewed by the user...

6.1CVSS6.5AI score0.00168EPSS
Exploits0References2
NVD
NVD
added 2026/04/16 3:16 a.m.3 views

CVE-2026-3885

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'subox' shortcode in all versions up to, and including, 7.4.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS0.0026EPSS
Exploits0References2
CNVD
CNVD
added 2026/04/07 12:0 a.m.7 views

Endian Firewall remark parameter cross-site scripting vulnerability (CNVD-2026-18377)

Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall remark parameter, which stems from improper handling of the remark parameter in /manage/dnsmasq/localdomains/, and can be exploited by an attacker to inject...

6.4CVSS5AI score0.00138EPSS
Exploits0
EUVD
EUVD
added 2026/04/02 12:31 a.m.3 views

EUVD-2025-209184

IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

4.8CVSS5.9AI score0.00241EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/17 12:2 p.m.6 views

CVE-2025-62320 HTML Injection Leading to Data Exfiltration to External Server vulnerability affects HCL Unica Platform

HTML Injection can be carried out in Product when a web application does not properly check or clean user input before showing it on a webpage. Because of this, an attacker may insert unwanted HTML code into the page. When the browser loads the page, it may automatically interact with external...

4.7CVSS5.8AI score0.00158EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/17 12:2 p.m.2 views

CVE-2025-62320

HTML Injection can be carried out in Product when a web application does not properly check or clean user input before showing it on a webpage. Because of this, an attacker may insert unwanted HTML code into the page. When the browser loads the page, it may automatically interact with external...

4.7CVSS5.8AI score0.00158EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/01/08 3:15 p.m.6 views

CVE-2026-22028

Preact, a lightweight web development framework, JSON serialization protection to prevent Virtual DOM elements from being constructed from arbitrary JSON. A regression introduced in Preact 10.26.5 caused this protection to be softened. In applications where values from JSON payloads are assumed t...

9.2CVSS6.1AI score0.00227EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/11/06 12:0 a.m.8 views

PT-2025-45299

Name of the Vulnerable Software and Affected Versions tagDiv Cloud Library versions prior to 3.9.2 Description The tagDiv Cloud Library contains a flaw related to improper input handling during web page generation, leading to a DOM-Based Cross-site Scripting XSS condition. This allows for the...

6.5CVSS6.5AI score0.00166EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2014-2156

Malware in sbrugna...

4.3CVSS6.4AI score0.01822EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.2 views

EUVD-2025-26546

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.0019EPSS
Exploits0References1
OSV
OSV
added 2025/05/22 5:15 p.m.3 views

CVE-2025-33138

IBM Aspera Faspex 5.0.0 through 5.0.12 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

6.1CVSS5.8AI score0.00219EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/05/07 12:0 a.m.2 views

PT-2025-20228 · Unknown · Delucks Seo

Name of the Vulnerable Software and Affected Versions: DELUCKS SEO versions n/a through 2.5.9 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Stored XSS. This enables attackers to inject malicious scrip...

6.5CVSS6.7AI score0.00169EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2025/05/06 12:15 p.m.4 views

CVE-2025-0984

Unrestricted Upload of File with Dangerous Type, Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Netoloji Software E-Flow allows Accessing Functionality Not Properly Constrained by ACLs, Stored XSS, File Content Injection. This issue...

8.2CVSS5.4AI score0.00263EPSS
Exploits0References4
OSV
OSV
added 2024/12/17 9:15 p.m.3 views

CVE-2024-55059

A stored HTML Injection vulnerability was identified in PHPGurukul Online Birth Certificate System v1.0 in /user/certificate-form.php...

6.1CVSS5.8AI score0.00195EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/10/25 8:34 a.m.17 views

CVE-2024-10343 Beek Widget Extention <= 0.9.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Beek Widget Extention plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 0.9.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

6.4CVSS0.00315EPSS
Exploits0References2
CVE
CVE
added 2024/10/17 3:59 p.m.49 views

CVE-2024-9414

CVE-2024-9414 affects LAquis SCADA 4.7.1.511. An improper neutralization of input during web page generation enables cross-site scripting, allowing an attacker to inject arbitrary code into the page and potentially steal cookies, redirect users, or perform unauthorized actions. LCDS/LAquis SCADA ...

7CVSS6.3AI score0.00624EPSS
Exploits0References1
Veracode
Veracode
added 2024/09/20 10:23 a.m.11 views

Improper Input Validation

Contao is vulnerable to Improper Input Validation. The vulnerability is due to insufficient validation and sanitization of user input in the canonical tag, allowing untrusted users to inject insert tags that are then rendered on the web page...

5.3CVSS6.5AI score0.00298EPSS
Exploits0References6Affected Software1
CNNVD
CNNVD
added 2024/03/18 12:0 a.m.3 views

BMC Control-M Security Vulnerability

BMC Control-M is an application from BMC Corporation. Simplifies application and data workflow orchestration locally or as a service. A security vulnerability exists in BMC Control-M branches versions 9.0.20 and 9.0.21, which originates from a vulnerability that allows a logged-in user to...

6.8CVSS6.6AI score0.00491EPSS
Exploits0References4
Rows per page
Query Builder