Lucene search
K

7613 matches found

NVD
NVD
added 2025/05/05 6:15 p.m.10 views

CVE-2025-45236

A stored cross-site scripting XSS vulnerability in the Edit Profile feature of DBSyncer v2.0.6 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Nickname parameter...

5.4CVSS0.00261EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2025/05/05 9:31 a.m.5 views

yelp: Arbitrary file read

A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment...

7.4CVSS6AI score0.10598EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/05/05 12:0 a.m.12 views

CVE-2025-45236

A stored cross-site scripting XSS vulnerability in the Edit Profile feature of DBSyncer v2.0.6 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Nickname parameter...

0.00261EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/05/05 12:0 a.m.6 views

CVE-2025-45236

A stored cross-site scripting XSS vulnerability in the Edit Profile feature of DBSyncer v2.0.6 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Nickname parameter...

5.3AI score0.00261EPSS
Exploits1References3
CVE
CVE
added 2025/05/05 12:0 a.m.63 views

CVE-2025-45236

Affected product: DBSyncer v2.0.6. Vulnerability: stored cross-site scripting (XSS) in the Edit Profile feature via the Nickname parameter. Root cause: mishandling of the Nickname field enabling injection of arbitrary web scripts/HTML. Impact: attackers can execute scripts or HTML in the context ...

5.4CVSS5.5AI score0.00261EPSS
Exploits1References2Affected Software1
RedhatCVE
RedhatCVE
added 2025/04/26 4:46 a.m.34 views

CVE-2024-41446

A stored cross-site scripting XSS vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the image parameter under the Create/Modify article function...

5.4CVSS5.5AI score0.00272EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/04/22 12:0 a.m.5 views

CVE-2023-43378

A cross-site scripting XSS vulnerability in Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the commento11 parameter...

5.9AI score0.00278EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/04/22 12:0 a.m.4 views

PT-2025-17585 · Unknown · Volmarg Personal Management System

Name of the Vulnerable Software and Affected Versions: Volmarg Personal Management System version 1.4.65 Description: A stored cross-site scripting XSS issue exists in the New Goal Creation section, allowing authenticated attackers to execute arbitrary web scripts or HTML by injecting a crafted...

5.4CVSS5.4AI score0.00185EPSS
Exploits0References7
NVD
NVD
added 2025/04/21 3:16 p.m.16 views

CVE-2025-29660

A vulnerability exists in the daemon process of the Yi IOT XY-3820 v6.0.24.10, which exposes a TCP service on port 6789. This service lacks proper input validation, allowing attackers to execute arbitrary scripts present on the device by sending specially crafted TCP requests using directory...

9.8CVSS0.01222EPSS
Exploits2References2
OSV
OSV
added 2025/04/21 2:15 p.m.16 views

CVE-2024-41446

A stored cross-site scripting XSS vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the image parameter under the Create/Modify article function...

5.4CVSS5.4AI score0.00272EPSS
Exploits1References3
Veracode
Veracode
added 2025/04/21 3:56 a.m.9 views

Cross-Site Scripting

yiisoft/yii is vulnerable to Reflected Cross-Site Scripting XSS. The vulnerability is due to in specific scenarios where the fallback error renderer is used, allowing an attacker to execute arbitrary scripts in the context of the user’s browser...

6.1CVSS6.6AI score0.00215EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2025/04/21 12:0 a.m.5 views

CVE-2025-29660

A vulnerability exists in the daemon process of the Yi IOT XY-3820 v6.0.24.10, which exposes a TCP service on port 6789. This service lacks proper input validation, allowing attackers to execute arbitrary scripts present on the device by sending specially crafted TCP requests using directory...

7.4AI score0.01222EPSS
Exploits2References2
Cvelist
Cvelist
added 2025/04/21 12:0 a.m.9 views

CVE-2025-28102

A cross-site scripting XSS vulnerability in flaskBlog v2.6.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the postContent parameter at /createpost...

0.00205EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/04/21 12:0 a.m.3 views

FlaskBlog 安全漏洞

FlaskBlog is a simple blogging application built using Flask by Doğukan Ürker, an individual developer. A security vulnerability exists in FlaskBlog version 2.6.1, which stems from the presence of cross-site scripting in the postContent parameter, which could lead to the execution of arbitrary we...

6.1CVSS5.9AI score0.00205EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/04/21 12:0 a.m.11 views

CVE-2025-29660

A vulnerability exists in the daemon process of the Yi IOT XY-3820 v6.0.24.10, which exposes a TCP service on port 6789. This service lacks proper input validation, allowing attackers to execute arbitrary scripts present on the device by sending specially crafted TCP requests using directory...

0.01222EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2025/04/21 12:0 a.m.3 views

PT-2025-17441 · Yi · Yi Iot Xy-3820

Name of the Vulnerable Software and Affected Versions: Yi IOT XY-3820 version 6.0.24.10 Description: A vulnerability exists in the daemon process of the Yi IOT XY-3820, which exposes a TCP service on port 6789. This service lacks proper input validation, allowing attackers to execute arbitrary...

9.8CVSS6.9AI score0.01222EPSS
Exploits2References12
Cvelist
Cvelist
added 2025/04/21 12:0 a.m.40 views

CVE-2024-41446

A stored cross-site scripting XSS vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the image parameter under the Create/Modify article function...

0.00272EPSS
Exploits1References2
CVE
CVE
added 2025/04/21 12:0 a.m.51 views

CVE-2025-28102

FlaskBlog v2.6.1 is affected by a cross-site scripting (XSS) vulnerability exposed via the postContent parameter at /createpost. The issue stems from allowing arbitrary script/HTML injection, enabling attackers to run client-side code. Available connected reports confirm the affected software ver...

6.1CVSS5.6AI score0.00205EPSS
Exploits1References2Affected Software1
Github Security Blog
Github Security Blog
added 2025/04/18 6:31 p.m.25 views

Alkacon OpenCMS stored cross-site scripting (XSS) vulnerability

A stored cross-site scripting XSS vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the author parameter under the Create/Modify article function...

5.4CVSS5.7AI score0.00209EPSS
Exploits3References4Affected Software1
CVE
CVE
added 2025/04/18 12:0 a.m.82 views

CVE-2024-41447

CVE-2024-41447 — Alkacon OpenCMS 17.0 stored XSS . A stored cross-site scripting flaw exists in the author parameter used in the Create/Modify article workflow, allowing an attacker to inject arbitrary web scripts/HTML. The vulnerability affects OpenCMS v17.0 and can be triggered by crafted paylo...

5.4CVSS5.7AI score0.00209EPSS
Exploits3References1Affected Software1
Rows per page
Query Builder