Lucene search
K

563 matches found

Vulnrichment
Vulnrichment
added 2026/03/30 12:0 a.m.4 views

CVE-2026-30082

Multiple stored cross-site scripting XSS vulnerabilities in the Edit feature of the Software Package List page of IngEstate Server v11.14.0 allow attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the About application, What's news, or Release note parameters...

6AI score0.00189EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/30 12:0 a.m.3 views

CVE-2026-30082

Multiple stored cross-site scripting XSS vulnerabilities in the Edit feature of the Software Package List page of IngEstate Server v11.14.0 allow attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the About application, What's news, or Release note parameters...

6.1CVSS6AI score0.00189EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/30 12:0 a.m.10 views

PT-2026-29029

Multiple stored cross-site scripting XSS vulnerabilities in the Edit feature of the Software Package List page of IngEstate Server v11.14.0 allow attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the About application, What's news, or Release note parameters...

6.1CVSS6AI score0.00189EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/03/26 3:9 p.m.4 views

CVE-2026-33683

WWBN AVideo is an open source video platform. In versions up to and including 26.0, a sanitization order-of-operations flaw in the user profile "about" field allows any registered user to inject arbitrary JavaScript that executes when other users visit their channel page. The xssesc function...

5.4CVSS5.9AI score0.00176EPSS
Exploits1References1
OSV
OSV
added 2026/03/25 7:52 p.m.3 views

GHSA-GHX5-7JJG-Q2J7 AVideo vulnerable to Stored XSS via html_entity_decode() Reversing xss_esc() Sanitization in Channel About Field

Summary A sanitization order-of-operations flaw in the user profile "about" field allows any registered user to inject arbitrary JavaScript that executes when other users visit their channel page. The xssesc function entity-encodes input before stripspecifictags can match dangerous HTML tags, and...

5.4CVSS6AI score0.00176EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/03/25 7:52 p.m.6 views

AVideo vulnerable to Stored XSS via html_entity_decode() Reversing xss_esc() Sanitization in Channel About Field

Summary A sanitization order-of-operations flaw in the user profile "about" field allows any registered user to inject arbitrary JavaScript that executes when other users visit their channel page. The xssesc function entity-encodes input before stripspecifictags can match dangerous HTML tags, and...

5.4CVSS6AI score0.00176EPSS
Exploits1References4Affected Software1
Snyk
Snyk
added 2026/03/25 7:52 p.m.3 views

Cross-site Scripting (XSS)

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Cross-site Scripting XSS via the about field. An attacker can execute arbitrary JavaScript in the browsers of users who visit a maliciously crafted channel page by...

5.4CVSS5.8AI score0.00176EPSS
Exploits1References2
NVD
NVD
added 2026/03/23 7:16 p.m.4 views

CVE-2026-33683

WWBN AVideo is an open source video platform. In versions up to and including 26.0, a sanitization order-of-operations flaw in the user profile "about" field allows any registered user to inject arbitrary JavaScript that executes when other users visit their channel page. The xssesc function...

5.4CVSS0.00176EPSS
Exploits1References2
CVE
CVE
added 2026/03/23 6:41 p.m.10 views

CVE-2026-33683

WWBN AVideo (open source video platform) versions up to and including 26.0 are affected by a sanitization order-of-operations flaw in the user profile “about” field. The vulnerability enables any registered user to inject arbitrary JavaScript that runs when other users visit the attacker’s channe...

5.4CVSS5.9AI score0.00176EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/23 6:41 p.m.2 views

CVE-2026-33683

WWBN AVideo is an open source video platform. In versions up to and including 26.0, a sanitization order-of-operations flaw in the user profile "about" field allows any registered user to inject arbitrary JavaScript that executes when other users visit their channel page. The xssesc function...

5.4CVSS5.9AI score0.00176EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/03/23 6:41 p.m.22 views

CVE-2026-33683 AVideo vulnerable to Stored XSS via html_entity_decode() Reversing xss_esc() Sanitization in Channel About Field

WWBN AVideo is an open source video platform. In versions up to and including 26.0, a sanitization order-of-operations flaw in the user profile "about" field allows any registered user to inject arbitrary JavaScript that executes when other users visit their channel page. The xssesc function...

5.4CVSS0.00176EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/03/23 6:41 p.m.2 views

CVE-2026-33683 AVideo vulnerable to Stored XSS via html_entity_decode() Reversing xss_esc() Sanitization in Channel About Field

WWBN AVideo is an open source video platform. In versions up to and including 26.0, a sanitization order-of-operations flaw in the user profile "about" field allows any registered user to inject arbitrary JavaScript that executes when other users visit their channel page. The xssesc function...

5.4CVSS5.9AI score0.00176EPSS
Exploits1References2
OSV
OSV
added 2026/03/23 6:41 p.m.6 views

CVE-2026-33683 AVideo vulnerable to Stored XSS via html_entity_decode() Reversing xss_esc() Sanitization in Channel About Field

WWBN AVideo is an open source video platform. In versions up to and including 26.0, a sanitization order-of-operations flaw in the user profile "about" field allows any registered user to inject arbitrary JavaScript that executes when other users visit their channel page. The xssesc function...

5.4CVSS5.9AI score0.00176EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/03/23 12:0 a.m.6 views

PT-2026-27186

Name of the Vulnerable Software and Affected Versions AVideo versions up to and including 26.0 Description A flaw exists in the order of operations during sanitization of the user profile "about" field. This allows any registered user to inject arbitrary JavaScript that executes when other users...

5.4CVSS5.9AI score0.00176EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/03/23 12:0 a.m.8 views

WWBN AVideo 跨站脚本漏洞

WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to 26.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from a flaw in the order of cleaning operations for the about field in user profiles, which...

5.4CVSS5.9AI score0.00176EPSS
Exploits1References2
Kaspersky
Kaspersky
added 2026/03/12 12:0 a.m.4 views

KLA90937 OSI vulnerability in Microsoft Browser

An information disclosure vulnerability was found in Microsoft Browser. Malicious users can exploit this vulnerability to obtain sensitive information. Original advisories CVE-2026-26133 Exploitation Related products Microsoft-Edge CVE list CVE-2026-26133 high Solution Install necessary updates...

7.1CVSS5.8AI score0.00433EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/03/11 12:0 a.m.8 views

Oracle Linux 8 / 9 : Unbreakable Enterprise kernel (ELSA-2026-50145)

The remote Oracle Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-50145 advisory. - macvlan: fix error recovery in macvlancommonnewlink Eric Dumazet Orabug: 39057366 CVE-2026-23209 - netfilter: nftables: fix inverted genmask che...

9.8CVSS7.1AI score0.0071EPSS
Exploits7References148
Cvelist
Cvelist
added 2026/02/08 4:2 p.m.32 views

CVE-2026-2162 itsourcecode News Portal Project aboutus.php sql injection

A vulnerability was determined in itsourcecode News Portal Project 1.0. This affects an unknown part of the file /admin/aboutus.php. This manipulation of the argument pagetitle causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized...

5.8CVSS0.00318EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/02/08 12:0 a.m.6 views

News Portal Project SQL注入漏洞

News Portal Project is an open-source news portal project developed by Anuj Kumar as a personal project. Version 1.0 of News Portal Project has a SQL injection vulnerability, which arises from incorrect handling of the parameter pagetitle in the file admin/aboutus.php, potentially leading to SQL...

7.2CVSS5.8AI score0.00318EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2026/01/17 6:29 p.m.7 views

CVE-2025-15032

Missing about:blank indicator in custom-sized new windows in Dia before 1.9.0 on macOS could allow an attacker to spoof a trusted domain in the window title and mislead users about the current site...

7.4CVSS6.7AI score0.00237EPSS
Exploits0References1
Rows per page
Query Builder