Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

9 matches found

RedhatCVE
RedhatCVEadded 2025/06/14 7:21 p.m.4 views

CVE-2025-49579

Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. All system messages in menu headings using the Menu.mustache template are inserted as raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. This impacts wikis where a group h...

6.5CVSS6.2AI score0.00202EPSS
Exploits1References1
NVD
NVDadded 2025/06/12 7:15 p.m.7 views

CVE-2025-49577

Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. Various preferences messages are inserted into raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. This vulnerability is fixed in 3.3.1...

6.5CVSS0.00156EPSS
Exploits1References3
CVE
CVEadded 2025/06/12 6:50 p.m.41 views

CVE-2025-49578

Citizen is a MediaWiki skin. CVE-2025-49578 describes an XSS where date messages produced by Language::userDate are inserted into raw HTML, enabling stored XSS on wikis where a user has the editinterface right but not the editsitejs right. The issue affects Citizen versions prior to 3.3.1 and is ...

6.5CVSS6.3AI score0.00156EPSS
Exploits1References3Affected Software1
CVE
CVEadded 2025/06/12 6:45 p.m.40 views

CVE-2025-49575

The CVE-2025-49575 issue affects the Citizen skin for MediaWiki. The underlying problem is that multiple system messages are inserted into the CommandPaletteFooter as raw HTML, enabling stored HTML injection by users who can edit those messages. This could allow arbitrary HTML execution in the af...

6.5CVSS6.9AI score0.00156EPSS
Exploits1References3Affected Software1
securityvulns
securityvulnsadded 2003/11/28 12:0 a.m.99 views

RNN's Guestbook 1.2 Multiple Vulnerabilities

RNN's Guestbook 1.2 Multiple Vulnerabilies Discovered by Chris Rahm aka: BrainRawt brainrawt at haxworx.com Vulnerabilities: Remote Command Execution Administrative Access Information Disclosure Reading of Files Arbitrary HTML Insertion/Script Injection Plain Text Administrative Password Remote:...

0.4AI score
Exploits0
NVD
NVDadded 2003/08/07 4:0 a.m.11 views

CVE-2003-0504

Multiple cross-site scripting XSS vulnerabilities in Phpgroupware 0.9.14.003 aka webdistro allow remote attackers to insert arbitrary HTML or web script, as demonstrated with a request to index.php in the addressbook module...

4.3CVSS5.7AI score0.00391EPSS
Exploits0References5
Cvelist
Cvelistadded 2003/06/06 4:0 a.m.14 views

CVE-2003-0375

Cross-site scripting XSS vulnerability in member.php of XMBforum XMB 1.8.x aka Partagium allows remote attackers to insert arbitrary HTML and web script via the "member" parameter...

5.8AI score0.00565EPSS
Exploits0References4
Cvelist
Cvelistadded 2003/03/18 5:0 a.m.16 views

CVE-2002-1464

Cross-site scripting XSS vulnerability in CafeLog b2 Weblog Tool allows remote attackers to insert arbitrary HTML or script via the GPC variable...

5.8AI score0.01209EPSS
Exploits1References4
NVD
NVDadded 2002/08/12 4:0 a.m.8 views

CVE-2002-0739

Cross-site scripting in PostCalendar 3.02 allows remote attackers to insert arbitrary HTML and script, and steal cookies, by modifying a calendar entry in its preview page...

7.5CVSS6.3AI score0.00861EPSS
Exploits1References3
Rows per page
Query Builder