Lucene search
+L

111 matches found

cve
cve
added 3 days ago10 views

CVE-2026-61501

Rejetto HFS versions 3.0.0–3.2.0 expose a stored XSS in the admin log viewer: log entries rendered as HTML without sanitization allow a remote unauthenticated attacker to craft a username, write JavaScript to the error log, and execute code in an administrator’s browser when logs are viewed, pote...

6.1CVSS6.3AI score0.00308EPSS
Exploits0References2
redhatcve
redhatcve
added 2026/06/06 6:43 a.m.16 views

CVE-2026-50592

In Znuny LTS before 6.5.21 and Znuny before 7.3.3, there is reflected XSS in AdminCommunicationLog aka the communication log administration view...

6.4CVSS5.4AI score0.00148EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:38 p.m.12 views

CVE-2026-21730

Verba is affected by a Stored Cross-Site Scripting XSS vulnerability within its login logging mechanism. When an unauthenticated remote attacker attempts to log in using an incorrect username and password combination, the supplied username value is recorded in the application logs. Due to lack of...

6.1CVSS5.5AI score0.00205EPSS
Exploits0References1
cve
cve
added 2026/05/14 1:52 p.m.25 views

CVE-2026-21730

CVE-2026-21730 affects Verba. A stored XSS exists in the login logging path: when an unauthenticated attacker logs in with an incorrect username, the username is recorded without sanitization and can execute in the admin’s browser via the log viewer. Impact aligned to CVSS v4.0 metrics (base scor...

6.1CVSS5.8AI score0.00205EPSS
Exploits0References1Affected Software1
attackerkb
attackerkb
added 2026/05/14 1:52 p.m.7 views

CVE-2026-21730

Verba is affected by a Stored Cross-Site Scripting XSS vulnerability within its login logging mechanism. When an unauthenticated remote attacker attempts to log in using an incorrect username and password combination, the supplied username value is recorded in the application logs. Due to lack of...

5.3CVSS5.8AI score0.00205EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/05/14 1:52 p.m.7 views

CVE-2026-21730 Stored XSS in Verba

Verba is affected by a Stored Cross-Site Scripting XSS vulnerability within its login logging mechanism. When an unauthenticated remote attacker attempts to log in using an incorrect username and password combination, the supplied username value is recorded in the application logs. Due to lack of...

5.3CVSS5.8AI score0.00205EPSS
Exploits0References1
euvd
euvd
added 2026/05/14 1:52 p.m.29 views

EUVD-2026-30284

Verba is affected by a Stored Cross-Site Scripting XSS vulnerability within its login logging mechanism. When an unauthenticated remote attacker attempts to log in using an incorrect username and password combination, the supplied username value is recorded in the application logs. Due to lack of...

5.3CVSS5.8AI score0.00205EPSS
Exploits0References1
osv
osv
added 2026/04/01 9:21 p.m.3 views

CVE-2026-34560 CI4MS: Logs Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application renders user-controlled input unsafely within the logs interface. If any stored XSS payload exists within logged...

9.1CVSS5.9AI score0.0038EPSS
Exploits1References4
redhatcve
redhatcve
added 2026/03/26 3:4 p.m.5 views

CVE-2026-3368

The Injection Guard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via malicious query parameter names in all versions up to and including 1.2.9. This is due to insufficient input sanitization in the sanitizeigdata function which only sanitizes array values but not array keys,...

7.2CVSS6AI score0.00321EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/03/26 3:37 a.m.2 views

CVE-2026-4329

The Blackhole for Bad Bots plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the User-Agent HTTP header in all versions up to and including 3.8. This is due to insufficient input sanitization and output escaping. The plugin uses sanitizetextfield when capturing bot data which...

7.2CVSS6AI score0.00315EPSS
Exploits0References13
euvd
euvd
added 2026/03/21 12:31 a.m.6 views

EUVD-2026-13918

The Injection Guard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via malicious query parameter names in all versions up to and including 1.2.9. This is due to insufficient input sanitization in the sanitizeigdata function which only sanitizes array values but not array keys,...

7.2CVSS6AI score0.00321EPSS
Exploits0References19
nvd
nvd
added 2026/03/21 12:16 a.m.4 views

CVE-2026-3368

The Injection Guard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via malicious query parameter names in all versions up to and including 1.2.9. This is due to insufficient input sanitization in the sanitizeigdata function which only sanitizes array values but not array keys,...

7.2CVSS0.00321EPSS
Exploits0References18
attackerkb
attackerkb
added 2026/03/20 11:25 p.m.5 views

CVE-2026-3368

The Injection Guard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via malicious query parameter names in all versions up to and including 1.2.9. This is due to insufficient input sanitization in the sanitizeigdata function which only sanitizes array values but not array keys,...

7.2CVSS6AI score0.00321EPSS
Exploits0References19
cvelist
cvelist
added 2026/03/20 11:25 p.m.37 views

CVE-2026-3368 Injection Guard <= 1.2.9 - Unauthenticated Stored Cross-Site Scripting via Query Parameter Name

The Injection Guard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via malicious query parameter names in all versions up to and including 1.2.9. This is due to insufficient input sanitization in the sanitizeigdata function which only sanitizes array values but not array keys,...

7.2CVSS0.00321EPSS
Exploits0References18
cve
cve
added 2026/03/20 11:25 p.m.13 views

CVE-2026-3368

The CVE covers the WordPress Injection Guard plugin (

7.2CVSS6AI score0.00321EPSS
Exploits0References18
ptsecurity
ptsecurity
added 2026/03/20 12:0 a.m.11 views

PT-2026-26718

The Injection Guard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via malicious query parameter names in all versions up to and including 1.2.9. This is due to insufficient input sanitization in the sanitize ig data function which only sanitizes array values but not array keys...

7.2CVSS6AI score0.00321EPSS
Exploits0References19
redhatcve
redhatcve
added 2026/02/21 7:29 p.m.9 views

CVE-2026-27503

SVXportal version 2.5 and prior contain a reflected cross-site scripting vulnerability in admin/log.php via the search query parameter. When an authenticated administrator views a crafted URL, the application embeds the unsanitized parameter value directly into an HTML input value attribute,...

6.1CVSS5.3AI score0.00155EPSS
Exploits0References1
osv
osv
added 2026/02/20 5:25 p.m.5 views

CVE-2026-27503

SVXportal version 2.5 and prior contain a reflected cross-site scripting vulnerability in admin/log.php via the search query parameter. When an authenticated administrator views a crafted URL, the application embeds the unsanitized parameter value directly into an HTML input value attribute,...

5.1CVSS5.7AI score0.00155EPSS
Exploits0References2
nvd
nvd
added 2026/02/20 5:25 p.m.7 views

CVE-2026-27503

SVXportal version 2.5 and prior contain a reflected cross-site scripting vulnerability in admin/log.php via the search query parameter. When an authenticated administrator views a crafted URL, the application embeds the unsanitized parameter value directly into an HTML input value attribute,...

6.1CVSS0.00155EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/02/20 4:48 p.m.4 views

CVE-2026-27503

SVXportal version 2.5 and prior contain a reflected cross-site scripting vulnerability in admin/log.php via the search query parameter. When an authenticated administrator views a crafted URL, the application embeds the unsanitized parameter value directly into an HTML input value attribute,...

6.1CVSS5.3AI score0.00155EPSS
Exploits0References3
Rows per page
Query Builder