Lucene search
+L

175015 matches found

Nuclei
Nuclei
added 10 hours ago32 views

JustRows WordPress - Cross-Site Scripting

JustRows free WordPress plugin v0.2 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to craft a...

7.1CVSS8AI score0.00552EPSS
Exploits1References1
Nuclei
Nuclei
added 10 hours ago43 views

Site Reviews < 7.2.5 - Unauthenticated Stored XSS

Site Reviews WordPress plugin before 7.2.5 contains a stored cross-site scripting caused by improper sanitization and escaping of review fields, letting unauthenticated users execute malicious scripts, exploit requires no authentication. id: CVE-2025-1232 info: name: Site Reviews 7.2.5 -...

8.8CVSS8.1AI score0.01856EPSS
Exploits1References3
Nuclei
Nuclei
added 10 hours ago74 views

BIBLIOsoft BIBLIOpac 2008 - Cross-Site Scripting

BIBLIOsoft BIBLIOpac 2008 contains a cross-site scripting vulnerability via the db or action parameter to bin/wxis.exe/bibliopac/, which allows a remote attacker to inject arbitrary web script or HTML. id: CVE-2018-16139 info: name: BIBLIOsoft BIBLIOpac 2008 - Cross-Site Scripting author:...

6.1CVSS6AI score0.02285EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2 days ago5 views

Fedora 44 : roundcubemail (2026-517daa8d64)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-517daa8d64 advisory. Release 1.7.2 - Add HEAD request handler to the static.php - Fix so the oauthpasswordclaim claim is retrieved via token or userinfo request 9631 - F...

10CVSS6.2AI score0.00276EPSS
Exploits0References7
CVE
CVE
added 4 days ago13 views

CVE-2026-44760

The CVE-2026-44760 entry concerns a Cross-Site Scripting (XSS) in SAP NetWeaver Application Server ABAP-based applications that use the Business Server Pages framework. The vulnerability arises from unsanitized input being reflected in the HTTP response, enabling an attacker to inject and execute...

4.7CVSS6.3AI score0.00142EPSS
Exploits0References2
OSV
OSV
added 5 days ago5 views

CVE-2026-58500 MCP Appium: Unescaped Locator Data XSS in MCP-UI Resource (createLocatorGeneratorUI)

MCP Appium is an MCP server that provides AI assistants with tools to automate mobile app testing on Android and iOS. In versions prior to 1.85.10, the createLocatorGeneratorUI function interpolates attacker-controlled element attributes — text, content-desc, resource-id, and locator selector...

8.2CVSS6.2AI score0.00276EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 5 days ago7 views

CVE-2026-58228 Scheme validation bypass in Phoenix.LiveView.Utils leads to XSS via <.link>

Cross-site scripting vulnerability in phoenixframework phoenixliveview allows an attacker to bypass URL scheme validation and execute JavaScript in a victim's browser session. The Phoenix.LiveView.Utils.validdestination!/2 and Phoenix.LiveView.Utils.validlivenavigationdestination!/2 functions in...

5CVSS6.2AI score0.00382EPSS
Exploits0References4
EUVD
EUVD
added 5 days ago8 views

EUVD-2024-24347

GeoNode: Stored XSS to full account takeover...

6.1CVSS6.4AI score0.00376EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/10 4:37 p.m.30 views

CVE-2026-57167 PeerTube: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

PeerTube is an ActivityPub-federated video streaming platform. Prior to 8.2.2, server-side-rendered video watch pages embed a schema.org JSON-LD block by JSON.stringify-ing video metadata without escaping less-than, greater-than, or slash characters, allowing a value containing the byte sequence...

5.1CVSS0.00269EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/08 9:32 p.m.38 views

CVE-2026-55877 Symfony UX: XSS in symfony/ux-icons via unsanitized SVG content in local files and Iconify on-demand responses

Symfony UX is a JavaScript ecosystem for Symfony. From 2.17.0 before 2.36.1 and from 3.0.0 before 3.2.0, the uxicon Twig function is marked issafe='html' and Icon::toHtml inlines SVG source verbatim, allowing unsanitized local SVG files or Iconify on-demand JSON body responses containing nested...

6.1CVSS0.00194EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/08 9:32 p.m.7 views

CVE-2026-55877

Symfony UX is a JavaScript ecosystem for Symfony. From 2.17.0 before 2.36.1 and from 3.0.0 before 3.2.0, the uxicon Twig function is marked issafe='html' and Icon::toHtml inlines SVG source verbatim, allowing unsanitized local SVG files or Iconify on-demand JSON body responses containing nested...

6.1CVSS5.6AI score0.00194EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/07/08 4:14 p.m.4 views

CVE-2026-59923 Mistune: XSS via percent-encoded javascript URI bypass in safe_url()

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, HTMLRenderer.safeurl does not block percent-encoded javascript URIs, allowing attacker-supplied Markdown links or images to bypass URL protections and execute script in rendered HTML. This issue is fixed in version...

6.1CVSS6.2AI score0.00199EPSS
Exploits1References5
Patchstack
Patchstack
added 2026/07/08 9:2 a.m.5 views

WordPress Loops & Logic plugin <= 4.2.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by ParkHyunWoo in WordPress Plugin Loops & Logic versions = 4.2.3...

6.5CVSS6.1AI score0.00168EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/07/07 7:16 p.m.17 views

CVE-2026-48949

Lack of validation leads to an XSS vulnerability in the MFA management views...

8.4CVSS0.00147EPSS
Exploits0References1
NVD
NVD
added 2026/07/07 7:16 p.m.9 views

CVE-2026-48950

Lack of escaping leads to an XSS vulnerability in the file management view of comtemplates...

8.4CVSS0.00147EPSS
Exploits0References1
OSV
OSV
added 2026/07/07 7:16 p.m.8 views

CVE-2026-48949

Lack of validation leads to an XSS vulnerability in the MFA management views...

6.1CVSS6AI score
Exploits0References1
OSV
OSV
added 2026/07/07 7:16 p.m.4 views

CVE-2026-48952

Lack of escaping leads to an XSS vulnerability in the update list view of cominstaller...

6.1CVSS6AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/07/07 5:33 p.m.11 views

CVE-2026-48952 Joomla! Core - [20260706] - XSS in com_installer

Lack of escaping leads to an XSS vulnerability in the update list view of cominstaller...

8.4CVSS5.9AI score0.00147EPSS
Exploits0References1
CVE
CVE
added 2026/07/07 5:31 p.m.13 views

CVE-2026-48950

CVE-2026-48950 affects Joomla! Core via the file management view in com_templates. The root cause is lack of escaping, enabling an XSS vulnerability. Multiple sources (NVD, CVE lists, and Joomla security advisory) confirm an XSS in the core component with the vulnerable entry labeled for core/com...

8.4CVSS5.9AI score0.00147EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/07/07 5:31 p.m.37 views

CVE-2026-48950 Joomla! Core - [20260704] - XSS in com_templates

Lack of escaping leads to an XSS vulnerability in the file management view of comtemplates...

8.4CVSS0.00147EPSS
Exploits0References1
Rows per page
Query Builder