Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Snyk
Snykadded 2026/05/11 7:34 p.m.3 views

Cross-site Scripting (XSS)

Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the font family preference update process. An attacker can execute arbitrary HTML or JavaScript in the context of another user's session by injecting malicious...

7.9CVSS5.8AI score0.00056EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2026/04/29 12:0 a.m.1 views

PT-2026-35951

Name of the Vulnerable Software and Affected Versions Helpy version 2.8.0 Description A stored cross-site scripting issue exists in the knowledge base Doc rendering logic. An authenticated attacker with admin or agent editor privileges can persist arbitrary HTML or JavaScript in the body field of...

5.4CVSS5.8AI score0.00031EPSS
Exploits1References6
OSV
OSVadded 2026/02/03 7:16 p.m.1 views

CVE-2026-24426

Shenzhen Tenda AC7 firmware version V03.03.03.01cn and prior contain an improper output encoding vulnerability in the web management interface. User-supplied input is reflected in HTTP responses without adequate escaping, allowing injection of arbitrary HTML or JavaScript in a victim’s browser...

6.1CVSS5.9AI score0.00039EPSS
Exploits0References2
NVD
NVDadded 2023/10/05 2:15 p.m.9 views

CVE-2023-44390

HtmlSanitizer is a .NET library for cleaning HTML fragments and documents from constructs that can lead to XSS attacks. The vulnerability occurs in configurations where foreign content is allowed, i.e. either svg or math are in the list of allowed elements. In the case an application sanitizes us...

6.1CVSS6AI score0.00161EPSS
Exploits0References2
RedHat Linux
RedHat Linuxadded 2021/05/18 2:50 p.m.4 views

python-lxml: mXSS due to the use of improper parser

A Cross-site Scripting XSS vulnerability was found in the python-lxml's clean module. The module's parser did not properly imitate browsers, causing different behaviors between the sanitizer and the user's page. This flaw allows a remote attacker to run arbitrary HTML/JS code. The highest threat...

6.1CVSS7.4AI score0.01246EPSS
Exploits1References4
NVD
NVDadded 2018/02/16 6:29 p.m.17 views

CVE-2017-18090

Various resources in Atlassian Fisheye before version 4.5.1 the fixed version for 4.5.x and before version 4.6.0 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the name of a commit author...

6.1CVSS6AI score0.00225EPSS
Exploits0References2
Packet Storm
Packet Stormadded 2006/04/01 12:0 a.m.27 views

EV0104.txt

New eVuln Advisory: Skull-Splitter's PHP Guestbook XSS Vulnerability http://evuln.com/vulns/104/summary.html --------------------Summary---------------- eVuln ID: EV0104 CVE: CVE-2006-1256 Software: Skull-Splitter's PHP Guestbook Sowtware's Web Site: http://www.boysen.be/ Versions: 2.6 2.7 Critic...

2.6CVSS6.7AI score0.0103EPSS
Exploits1
Rows per page
Query Builder