Lucene search
+L

166 matches found

Vulnrichment
Vulnrichment
added 2026/02/03 6:7 p.m.3 views

CVE-2026-25488 Craft Commerce has Stored XSS in Tax Categories (Name & Description) Fields Leading to Potential Privilege Escalation

Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored XSS vulnerability in Craft Commerce allows attackers to execute malicious JavaScript in an administrator’s browser. This occurs because the Tax Categories Name & Descripti...

6.1CVSS5.4AI score0.00261EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/02/03 6:6 p.m.29 views

CVE-2026-25485 Craft Commerce has Stored XSS in Shipping Categories (Name & Description) Fields Leading to Potential Privilege Escalation

Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored XSS vulnerability in Craft Commerce allows attackers to execute malicious JavaScript in an administrator’s browser. This occurs because the Shipping Categories Name &...

6.2CVSS0.00261EPSS
Exploits1References4
OSV
OSV
added 2026/02/02 10:49 p.m.4 views

GHSA-G92V-WPV7-6W22 Craft Commerce has Stored XSS in Shipping Methods Name Field Leading to Potential Privilege Escalation

Summary A stored XSS vulnerability in Craft Commerce allows attackers to execute malicious JavaScript in an administrator’s browser. This occurs because the Shipping Methods Name field in the Store Management section is not properly sanitized before being displayed in the admin panel. --- Proof o...

6.1CVSS5.7AI score0.00253EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/01/15 11:25 p.m.1 views

CVE-2021-47779

Dolibarr ERP-CRM 14.0.2 contains a stored cross-site scripting vulnerability in the ticket creation module that allows low-privilege users to inject malicious scripts. Attackers can craft a specially designed ticket message with embedded JavaScript that triggers when an administrator copies the...

8.4CVSS5.1AI score0.00309EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/05 12:0 a.m.10 views

PT-2026-1307

Name of the Vulnerable Software and Affected Versions UCRM Argentina AFIP invoices Plugin versions 1.2.0 and earlier Description A Cross-Site Scripting XSS issue exists in the UCRM Argentina AFIP invoices Plugin. Successful exploitation could lead to privilege escalation if an Administrator...

9.6CVSS6AI score0.00215EPSS
Exploits0References5
NVD
NVD
added 2025/12/08 7:15 p.m.5 views

CVE-2025-65271

Client-side template injection CSTI in Azuriom CMS admin dashboard allows a low-privilege user to execute arbitrary template code in the context of an administrator's session. This can occur via plugins or dashboard components that render untrusted user input, potentially enabling privilege...

8.8CVSS0.00365EPSS
Exploits2References5
Cvelist
Cvelist
added 2025/12/08 6:12 p.m.27 views

CVE-2025-14261 Lack of entropy allows registered low-privileged users of Litmus to crack valid JWT tokens and gain admin privileges

The Litmus platform uses JWT for authentication and authorization, but the secret being used for signing the JWT is only 6 bytes long at its core, which makes it extremely easy to crack...

7.1CVSS0.00273EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/11/20 12:0 a.m.7 views

PT-2025-47563

Name of the Vulnerable Software and Affected Versions RomM versions prior to 4.4.1 RomM version 4.4.1-beta.2 Description RomM allows users to scan, enrich, browse, and play their game collections. The software contains multiple unrestricted file upload flaws that permit authenticated users to...

7.6CVSS6.2AI score0.00278EPSS
Exploits2References5
EUVD
EUVD
added 2025/11/19 6:44 p.m.8 views

EUVD-2025-198220

Homarr is an open-source dashboard. Prior to version 1.43.3, stored XSS vulnerability exists, allowing the execution of arbitrary JavaScript in a user's browser, with minimal or no user interaction required, due to the rendering of a malicious uploaded SVG file. This could be abused to add an...

8.1CVSS5.7AI score0.00314EPSS
Exploits0References2
OSV
OSV
added 2025/10/31 2:11 p.m.5 views

OESA-2025-2550 grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB OpenTSDB. Security Fixes: Grafana is an open-source platform for monitoring and observability. Starting with the 8.1 branch and prior to versions 8.5.16, 9.2.10, and 9.3.4, Grafana had a stored XSS...

7.3CVSS6.5AI score0.00779EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-27764

Malicious code in bioql PyPI...

9.4CVSS6.2AI score0.00231EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-28607

Malicious code in bioql PyPI...

9.3CVSS6.5AI score0.00246EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-34955

Malicious code in bioql PyPI...

4.8CVSS5.2AI score0.005EPSS
Exploits2References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-31093

Malicious code in bioql PyPI...

8.8CVSS7.6AI score0.00189EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-6924

Malicious code in bioql PyPI...

9CVSS9.2AI score0.00553EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2025/10/03 12:0 a.m.5 views

Fedora: Security Advisory (FEDORA-2025-e41ba62ff1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.1CVSS6.5AI score0.00523EPSS
Exploits0References3
OSV
OSV
added 2025/09/04 3:30 p.m.5 views

GHSA-CGRG-86M5-XM4W Memos Vulnerable to Stored Cross-Site Scripting

Memos 0.22 is vulnerable to Stored Cross site scripting XSS vulnerabilities by the upload attachment and user avatar features. Memos does not verify the content type of the uploaded data and serve it back as is. An authenticated attacker can use this to elevate their privileges when the stored XS...

5.4CVSS5.6AI score0.00236EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/08/27 10:19 a.m.8 views

CVE-2025-30036 Stored XSS permitting session takeover of arbitrary user

Stored XSS vulnerability exists in the "Oddział" Ward module, in the death diagnosis description field, and allows the execution of arbitrary JavaScript code. This can lead to session hijacking of other users and potentially to privilege escalation up to full administrative rights...

8.8CVSS0.00146EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/08/09 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2023-3550

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mediawiki v1.40.0 does not validate namespaces used in XML files. Therefore, if the instance administrator allows XML file uploads, a remote attacker with a...

9CVSS7.2AI score0.01151EPSS
Exploits1References2
Packet Storm
Packet Storm
added 2025/08/04 12:0 a.m.122 views

📄 WordPress Ultimate Member 2.6.6 Privilege Escalation

WordPress Ultimate Member plugin version 2.6.6 proof of concept privilege escalation exploit. !/usr/bin/env python3 Exploit Title: Ultimate Member WordPress Plugin 2.6.6 - Privilege Escalation Exploit Author: Gurjot Singh CVE: CVE-2023-3460 Description : The attached PoC demonstrates how an...

9.8CVSS7.7AI score0.72306EPSS
Exploits12
Rows per page
Query Builder