Lucene search
K

9 matches found

OSV
OSV
added 2026/04/01 12:13 a.m.2 views

GHSA-37FQ-47QJ-6J5J YesWiki has Persistent Blind XSS at "/?BazaR&vue=consulter"

Summary A stored and blind XSS vulnerability exists in the form title field. A malicious attacker can inject JavaScript without any authentication via a form title that is saved in the backend database. When any user visits that injected page, the JavaScript payload gets executed. Type: Stored an...

7.1CVSS6AI score0.00213EPSS
Exploits1References4
OSV
OSV
added 2026/03/19 11:2 p.m.3 views

CVE-2026-29106 SuiteCRM has blind XSS in return_id parameter

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, the value of the returnid request parameter is copied into the value of an HTML tag attribute which is an event handler and is encapsulated in double quotati...

5.9CVSS5.9AI score0.00149EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/09 10:56 a.m.11 views

CVE-2022-38801

In Zkteco BioTime 8.5.3 Build:20200816.447, an employee can hijack an administrator session and cookies using blind cross-site scripting...

5.4CVSS6.8AI score0.00337EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:34 a.m.8 views

CVE-2024-34070

Froxlor is open source server administration software. Prior to 2.1.9, a Stored Blind Cross-Site Scripting XSS vulnerability was identified in the Failed Login Attempts Logging Feature of the Froxlor Application. An unauthenticated User can inject malicious scripts in the loginname parameter on t...

9.6CVSS5.7AI score0.00963EPSS
Exploits2References1
Tenable Nessus
Tenable Nessus
added 2025/09/03 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2019-14881

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in moodle 3.7 before 3.7.3, where there is blind XSS reflected in some locations where user email is displayed. CVE-2019-14881 Note th...

6.1CVSS6AI score0.01113EPSS
Exploits0References2
OSV
OSV
added 2022/11/30 2:15 p.m.3 views

CVE-2022-38801

In Zkteco BioTime 8.5.3 Build:20200816.447, an employee can hijack an administrator session and cookies using blind cross-site scripting...

5.4CVSS5.3AI score0.00337EPSS
Exploits0References2
Prion
Prion
added 2022/11/30 2:15 p.m.14 views

Cross site scripting

In Zkteco BioTime 8.5.3 Build:20200816.447, an employee can hijack an administrator session and cookies using blind cross-site scripting...

4.9CVSS5.3AI score0.00337EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2022/11/30 12:0 a.m.9 views

CVE-2022-38801

In Zkteco BioTime 8.5.3 Build:20200816.447, an employee can hijack an administrator session and cookies using blind cross-site scripting...

5.2AI score0.00337EPSS
Exploits0References2
CNNVD
CNNVD
added 2020/11/27 12:0 a.m.8 views

Crafter CMS Cross-Site Scripting Vulnerability

Crafter CMS is an open source content management system CMS for digital experience applications. A cross-site scripting vulnerability exists in Crafter CMS Crafter Studio version 3.0.1, which allows an attacker to exploit the vulnerability to be able to inject malicious JavaScript code, leading t...

6.1CVSS6.2AI score0.00744EPSS
Exploits0References3
Rows per page
Query Builder