Lucene search
K

44 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 12:30 p.m.6 views

CVE-2023-40068

Cross-site scripting vulnerability in Advanced Custom Fields versions 6.1.0 to 6.1.7 and Advanced Custom Fields Pro versions 6.1.0 to 6.1.7 allows a remote authenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product with the administrative...

5.4CVSS6.7AI score0.0148EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/05 5:44 p.m.2 views

CVE-2025-59158 Coolify has Stored XSS in Project Name

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Coolify versions prior to and including v4.0.0-beta.420.6 are vulnerable to a stored cross-site scripting XSS attack in the project creation workflow. An authenticated user with low privileges e.g....

9.4CVSS5.2AI score0.00474EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/12/31 8:0 p.m.6 views

CVE-2025-69210

FacturaScripts is open-source enterprise resource planning and accounting software. Prior to version 2025.7, a stored cross-site scripting XSS vulnerability exists in the product file upload functionality. Authenticated users can upload crafted XML files containing executable JavaScript. These...

5.1CVSS6.2AI score0.00981EPSS
Exploits2References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-21525

Malware in sbrugna...

5.4CVSS5.6AI score0.0055EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-21699

Malicious code in bioql PyPI...

8.2CVSS6.6AI score0.0035EPSS
Exploits1References1
CVE
CVE
added 2025/08/27 4:48 p.m.23 views

CVE-2025-34157

CVE-2025-34157 concerns Coolify. A stored XSS in the project-creation workflow affects versions prior to 4.0.0-beta.420.6. An authenticated user with low privileges can craft a project name containing JavaScript, which when an administrator deletes the project executes in the admin context, enabl...

9.4CVSS5.3AI score0.00448EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2025/07/16 2:15 p.m.3 views

CVE-2025-53923

Emlog is an open source website building system. A cross-site scripting XSS vulnerability in emlog up to and including pro-2.5.17 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter. Due to lack of sanitization it is possible to inject HTML/JS code into keywor...

8.2CVSS0.0035EPSS
Exploits1References1
Snyk
Snyk
added 2025/06/17 11:42 a.m.1 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the displayablelinksjs function. An attacker can execute arbitrary JavaScript code in the context of another authenticated admin user's browser by creating a blog post with a crafted title and tricking the...

4.8CVSS5.3AI score0.00263EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/05/22 8:59 p.m.3 views

CVE-2021-20717

Cross-site scripting vulnerability in EC-CUBE 4.0.0 to 4.0.5 allows a remote attacker to inject a specially crafted script in the specific input field of the EC web site which is created using EC-CUBE. As a result, it may lead to an arbitrary script execution on the administrator's web browser...

6.1CVSS6.7AI score0.02308EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/02/03 12:0 a.m.4 views

PT-2025-3005 · Nradio · Nradio N8-180 Nros

Name of the Vulnerable Software and Affected Versions: NRadio N8-180 NROS version 1.9.2.n3.c5 Description: An issue was discovered in NRadio devices, where the "/cgi-bin/luci/nradio/basic/radio" endpoint is vulnerable to XSS via the 2.4 GHz and 5 GHz name parameters. This allows an attacker to...

6.1CVSS5.6AI score0.00303EPSS
Exploits0References6
OSV
OSV
added 2024/07/24 3:15 p.m.1 views

CVE-2024-41914

A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting XSS attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary...

9CVSS6AI score0.00543EPSS
Exploits0References1
OSV
OSV
added 2023/12/13 7:15 p.m.6 views

CVE-2023-6790

A DOM-Based cross-site scripting XSS vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to execute a JavaScript payload in the context of an administrator’s browser when they view a specifically crafted link to the PAN-OS web interface...

6.1CVSS5.8AI score0.00659EPSS
Exploits0References1
OSV
OSV
added 2023/08/22 7:16 p.m.4 views

CVE-2023-37425

A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an unauthenticated remote attacker to conduct a stored cross-site scripting XSS attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary...

6.1CVSS6AI score0.0039EPSS
Exploits0References1
OSV
OSV
added 2023/08/22 7:16 p.m.4 views

CVE-2023-37423

Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting XSS attack against an administrative user of the interface. A successful exploit allows an attacker to execute...

5.4CVSS5.8AI score0.00421EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/01/03 12:0 a.m.4 views

PT-2023-14235 · Aruba · Aruba Edgeconnect Enterprise Orchestrator

Name of the Vulnerable Software and Affected Versions: Aruba EdgeConnect Enterprise Orchestrator versions 9.2.1.40179 and below Aruba EdgeConnect Enterprise Orchestrator versions 9.1.4.40436 and below Aruba EdgeConnect Enterprise Orchestrator versions 9.0.7.40110 and below Aruba EdgeConnect...

8.7CVSS5.3AI score0.00507EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2021/10/14 12:0 a.m.7 views

PT-2021-22017 · Apache · Apache Couchdb

Name of the Vulnerable Software and Affected Versions: Apache CouchDB versions prior to 3.1.2 Description: A malicious user with permission to create documents in a database can attach a HTML attachment to a document. If a CouchDB admin opens that attachment in a browser, any JavaScript code...

7.3CVSS5AI score0.02474EPSS
Exploits1References17
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/03/25 8:32 a.m.3 views

MagazinegerZ vulnerable to cross-site scripting

Overview MagazinegerZ provided by CGI Script Market is a CGI script which provides a function to enable email newsletter distribution for a website. MagazinegerZ contains a stored cross-site scripting vulnerability CWE-79 which allows unintentional script execution on the web browser of the...

6.1CVSS6.3AI score0.00756EPSS
Exploits0References4
OSV
OSV
added 2019/11/06 3:15 p.m.3 views

CVE-2019-13080

Quest KACE Systems Management Appliance Server Center 9.1.317 has an XSS vulnerability via an SVG image and HTML file that allows an authenticated user to execute arbitrary JavaScript in an administrator's browser...

5.4CVSS6.3AI score0.00781EPSS
Exploits0References2
OSV
OSV
added 2019/01/09 11:29 p.m.2 views

CVE-2018-0666

Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and earlier, NVR500 Rev.11.00.36 and earlier, RTX810 Rev.11.01.31 and earlier, allow an administrative user to embed arbitrary scripts to the configuration data through a certain form field of the configuration page, which may be...

6.8CVSS5.9AI score0.00652EPSS
Exploits0References4
0day.today
0day.today
added 2015/04/02 12:0 a.m.65 views

Palo Alto Traps Server 3.1.2.1546 - Persistent XSS Vulnerability

Exploit for windows platform in category web applications !/usr/bin/ruby =begin ------------------------------------------------------------------------ Product: Palo Alto Traps Server formerly Cyvera Endpoint Protection Vendor: Palo Alto Networks Vulnerable Versions: 3.1.2.1546 Tested Version:...

4.3CVSS6.6AI score0.04036EPSS
Exploits5
Rows per page
Query Builder