Lucene search
+L

4 matches found

OSV
OSV
added 2026/03/27 11:55 a.m.3 views

CVE-2026-25100 Stored XSS via SVG File Upload in Bludit

Bludit is vulnerable to Stored Cross-Site Scripting XSS in its image upload functionality. An authenticated attacker with content upload privileges such as Author, Editor, or Administrator can upload an SVG file containing a malicious payload, which is executed when a victim visits the URL of the...

4.8CVSS5.9AI score0.01919EPSS
Exploits4References6
CVE
CVE
added 2024/11/26 7:37 a.m.79 views

CVE-2024-33610

CVE-2024-33610 affects Sharp Multifunction Printers. Pre-authentication exposure allows listing of session cookies via both sessionlist.html (no authentication) and related admin page artifacts, enabling potential session hijacking or unauthorized access. The Nuclei template notes a backdoor-like...

9.1CVSS6.8AI score0.45142EPSS
Exploits1References7
Prion
Prion
added 2022/01/21 7:15 p.m.25 views

Default configuration

Fresenius Kabi Agilia SP MC WiFi vD25 and prior has a default configuration page accessible without authentication. An attacker may use this functionality to change the exposed configuration values such as network settings...

5CVSS6.3AI score0.00802EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2018/06/05 2:29 p.m.6 views

CVE-2016-9490

ManageEngine Applications Manager versions 12 and 13 before build 13200 suffer from a Reflected Cross-Site Scripting vulnerability. Applications Manager is prone to a Cross-Site Scripting vulnerability in parameter LIMIT, in URL path /DiagAlertAction.do?REQTYPE=AJAX&LIMIT=1233. The URL is also...

6.1CVSS5.8AI score0.01732EPSS
Exploits0References4
Rows per page
Query Builder