Lucene search
K

2578 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 10:46 a.m.35 views

CVE-2022-31798

Nortek Linear eMerge E3-Series 0.32-07p devices are vulnerable to /cardscan.php?CardFormatNo= XSS with session fixation via PHPSESSID when they are chained together. This would allow an attacker to take over an admin account or a user account...

6.1CVSS6.1AI score0.06652EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:6 a.m.8 views

CVE-2019-20804

Gila CMS before 1.11.6 allows CSRF with resultant XSS via the admin/themes URI, leading to compromise of the admin account...

8.8CVSS5.9AI score0.01081EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:0 a.m.24 views

CVE-2020-7107

The Ultimate FAQ plugin before 1.8.30 for WordPress allows XSS via DisplayFAQ to Shortcodes/DisplayFAQs.php...

6.1CVSS5.9AI score0.02195EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:38 a.m.19 views

CVE-2006-1775

Multiple cross-site scripting XSS vulnerabilities in phpBB 2.0.19 allow remote attackers to inject arbitrary web script or HTML via the 1 Site Description field in a adminboard.php, the 2 Group name and 3 Group description fields in b admingroups.php and c groupcp.php, the 4 Theme Name field in d...

4.3CVSS6AI score0.01328EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:20 a.m.9 views

CVE-2021-33666

When SAP Commerce Cloud version 100, hosts a JavaScript storefront, it is vulnerable to MIME sniffing, which, in certain circumstances, could be used to facilitate an XSS attack or malware proliferation...

6.1CVSS6AI score0.00543EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:0 a.m.10 views

CVE-2023-29205

XWiki Commons are technical libraries common to several other top level XWiki projects. The HTML macro does not systematically perform a proper neutralization of script-related html tags. As a result, any user able to use the html macro in XWiki, is able to introduce an XSS attack. This can be...

9.9CVSS5.7AI score0.00588EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:54 a.m.10 views

CVE-2021-41249

GraphQL Playground is a GraphQL IDE for development of graphQL focused applications. All versions of graphql-playground-react older than [email protected] are vulnerable to compromised HTTP schema introspection responses or schema prop values with malicious GraphQL type names,...

7.1CVSS6.5AI score0.01182EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:43 a.m.10 views

CVE-2022-42967

Caret is vulnerable to an XSS attack when the user opens a crafted Markdown file when preview mode is enabled. This directly leads to client-side code execution...

9.6CVSS6AI score0.00821EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:48 a.m.21 views

CVE-2022-27111

JfinalCMS 5.1.0 allows attackers to use the feedback function to send malicious XSS code to the administrator backend and execute it...

5.4CVSS6.4AI score0.00479EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:28 a.m.7 views

CVE-2019-12369

The TypeApp application through 1.9.5.35 for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READEXTERNALSTORAGE permission...

6.1CVSS6AI score0.00968EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:26 a.m.17 views

CVE-2019-12766

An issue was discovered in Joomla! before 3.9.7. The subform fieldtype does not sufficiently filter or validate input of subfields. This leads to XSS attack vectors...

6.1CVSS6AI score0.00922EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:18 a.m.7 views

CVE-2025-1434

The Spreadsheet view is vulnerable to a XSS attack, where a remote unauthorised attacker can read a limited amount of values or DoS the affected spreadsheet. Disclosure of secrets or other system settings is not affected as well as other spreadsheets still work as expected...

6.1CVSS6AI score0.0025EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:15 a.m.5 views

CVE-2019-16763

In Pannellum from 2.5.0 through 2.5.4 URLs were not sanitized for data URIs or vbscript:, allowing for potential XSS attacks. Such an attack would require a user to click on a hot spot to execute and would require an attacker-provided configuration. The most plausible potential attack would be if...

6.1CVSS5.9AI score0.00697EPSS
Exploits0References1
NVD
NVD
added 2025/12/12 8:15 p.m.6 views

CVE-2025-67734

Frappe Learning Management System LMS is a learning system that helps users structure their content. Versions prior to 2.42.0 allowed authenticated attackers to enter JavaScript through the Company Website field of the Job Form, exposing users to an XSS attack. The script could then be executed i...

5.4CVSS0.00138EPSS
Exploits0References2
Veracode
Veracode
added 2025/12/11 8:41 a.m.6 views

URL Validation Bypass

validator.js is vulnerable to a URL Validation Bypass. The vulnerability is due to isURL using :// instead of : to parse protocols, allowing attackers to craft URLs that bypass protocol and domain checks and potentially enable XSS or open-redirect attacks...

6.1CVSS6.4AI score0.00302EPSS
Exploits1References7Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2016-1989

Malware in sbrugna...

6.1CVSS6.3AI score0.00943EPSS
Exploits2References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-4771

Malware in sbrugna...

6.1CVSS6.3AI score0.00459EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2017-8901

Malware in sbrugna...

5.4CVSS5.5AI score0.00531EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2015-9253

Malware in sbrugna...

6.5CVSS6.6AI score0.01096EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-20706

Malware in sbrugna...

6.1CVSS6.3AI score0.01052EPSS
Exploits0References3
Rows per page
Query Builder