Lucene search
K

1498 matches found

EUVD
EUVD
added 2026/04/01 6:36 p.m.4 views

EUVD-2026-17939

A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with administrative privileges to conduct a stored XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user input. An attacker could...

4.8CVSS6.2AI score0.0017EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/31 1:51 p.m.2 views

CVE-2026-20915 Stored cross-site scripting in Pending Changes sidebar

Stored cross-site scripting XSS in Checkmk version 2.5.0 beta before 2.5.0b2 allows authenticated users with permission to create pending changes to inject malicious JavaScript into the Pending Changes sidebar, which will execute in the browsers of other users viewing the sidebar...

8.5CVSS5.9AI score0.00147EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/27 10:51 p.m.5 views

CVE-2026-33653

Ulloady is a file uploader script with multi-file upload support. A Stored Cross-Site Scripting XSS vulnerability exists in versions prior to 3.1.2 due to improper sanitization of filenames during the file upload process. An attacker can upload a file with a malicious filename containing JavaScri...

4.6CVSS5.9AI score0.00241EPSS
Exploits1References1
Snyk
Snyk
added 2026/03/27 6:8 p.m.6 views

Cross-site Scripting (XSS)

Overview n8n is a n8n Workflow Automation Tool Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Credential Management Flow when a crafted OAuth2 credential contains a JavaScript URL in the Authorization URL field. An attacker can execute arbitrary scripts in th...

5.4CVSS5.9AI score
Exploits0References2
CVE
CVE
added 2026/03/27 1:41 p.m.12 views

CVE-2026-32859

ByteDance Deer-Flow is affected by a stored XSS in the artifacts API for versions prior to commit 5dbb362. An attacker can upload malicious HTML/script content as artifacts, causing the browser to execute scripts when users view artifacts, potentially leading to session compromise and credential ...

5.4CVSS5.9AI score0.00196EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/24 10:30 p.m.7 views

Cross-site Scripting (XSS)

Overview @orpc/openapi is a Affected versions of this package are vulnerable to Cross-site Scripting XSS in the generation of OpenAPI documentation. An attacker can execute arbitrary JavaScript in the context of the user's browser by injecting malicious payloads into controllable fields within th...

8.3CVSS5.9AI score0.00288EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/20 8:0 p.m.4 views

CVE-2026-33140

PySpector is a static analysis security testing SAST Framework engineered for modern Python development workflows. PySpector versions 0.1.6 and prior are affected by a stored Cross-Site Scripting XSS vulnerability in the HTML report generator. When PySpector scans a Python file containing...

5.3CVSS5.9AI score0.00217EPSS
Exploits1References2Affected Software1
Snyk
Snyk
added 2026/03/20 6:48 a.m.5 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS through the SanitizeSVG function in kernel/util/misc.go. An attacker can execute JavaScript in a user’s browser by supplying a crafted data: URI in an SVG payload. Details Cross-site scripting or XSS is a code...

9.3CVSS5.6AI score0.00302EPSS
Exploits1References2
EUVD
EUVD
added 2026/03/16 3:30 p.m.4 views

EUVD-2015-9419

Next Click Ventures RealtyScript 4.0.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious HTML and iframe elements through the text parameter in the pages.php admin interface. Attackers can submit POST requests to the add page action with...

6.4CVSS5.7AI score0.00207EPSS
Exploits1References4
OSV
OSV
added 2026/03/11 1:16 a.m.4 views

CVE-2026-27260

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

5.4CVSS5.7AI score0.0003EPSS
Exploits0References1
CVE
CVE
added 2026/03/11 12:23 a.m.14 views

CVE-2026-27252

CVE-2026-27252 : Adobe Experience Manager (AEM) versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability in vulnerable form fields. A low-privilege attacker could inject malicious JavaScript, which would be executed in a victim’s browser when they access the a...

5.4CVSS5.8AI score0.00167EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.5 views

PT-2026-24734

In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.9, and 9.3.9, and Splunk Cloud Platform versions below 10.2.2510.4, 10.1.2507.15, 10.0.2503.11, and 9.3.2411.123, a low-privileged user who does not hold the "admin" or "power" Splunk roles could craft a malicious payload when creating a Vie...

6.3CVSS5.9AI score0.00201EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/02/26 12:0 a.m.9 views

Wolters Kluwer A3factura 跨站脚本漏洞

Wolters Kluwer A3factura is a billing management software developed by the German company Wolters Kluwer. Wolters Kluwer A3factura has a cross-site scripting vulnerability. This vulnerability stems from a reflective cross-site scripting vulnerability in the parameter customerName of the...

6.1CVSS6AI score0.00164EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/02/20 12:24 a.m.5 views

SUSE CVE-2026-25500

Rack is a modular Ruby web server interface. Prior to versions 2.2.22, 3.1.20, and 3.2.5, Rack::Directory generates an HTML directory index where each file entry is rendered as a clickable link. If a file exists on disk whose basename starts with the javascript: scheme e.g. javascript:alert1, the...

5.4CVSS6.4AI score0.00224EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/02/17 12:0 a.m.4 views

PT-2026-20229

Name of the Vulnerable Software and Affected Versions IBM webMethods Integration Server version 12.0 Description The software is susceptible to HTML injection. A remote attacker could inject malicious HTML code that would be executed in the victim's web browser within the security context of the...

5.4CVSS5.7AI score0.00162EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/02/11 7:30 a.m.5 views

CVE-2026-24323

The BSP applications allow an unauthenticated user to inject malicious script content via user-controlled URL parameters that are not sufficiently sanitized. When a victim accesses a crafted URL, the injected script is executed in the victim�s browser, leading to a low impact on confidentiality a...

6.1CVSS5.5AI score0.00206EPSS
Exploits0References1
NVD
NVD
added 2026/02/10 4:16 a.m.7 views

CVE-2026-24323

The BSP applications allow an unauthenticated user to inject malicious script content via user-controlled URL parameters that are not sufficiently sanitized. When a victim accesses a crafted URL, the injected script is executed in the victim�s browser, leading to a low impact on confidentiality a...

6.1CVSS0.00206EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/10 3:4 a.m.31 views

CVE-2026-24323 Multiple vulnerabilities in BSP Applications of SAP Document Management System

The BSP applications allow an unauthenticated user to inject malicious script content via user-controlled URL parameters that are not sufficiently sanitized. When a victim accesses a crafted URL, the injected script is executed in the victim�s browser, leading to a low impact on confidentiality a...

6.1CVSS0.00206EPSS
Exploits0References2
CVE
CVE
added 2026/02/10 3:4 a.m.10 views

CVE-2026-24323

CVE-2026-24323 affects BSP applications of SAP Document Management System. An unauthenticated user can inject malicious script via user-controlled URL parameters that are not sufficiently sanitized, causing script execution in the victim’s browser. Impact is described as low for confidentiality a...

6.1CVSS5.5AI score0.00206EPSS
Exploits0References2Affected Software3
Positive Technologies
Positive Technologies
added 2026/02/10 12:0 a.m.6 views

PT-2026-7222

The BSP applications allow an unauthenticated user to inject malicious script content via user-controlled URL parameters that are not sufficiently sanitized. When a victim accesses a crafted URL, the injected script is executed in the victim�s browser, leading to a low impact on confidentiality a...

6.1CVSS5.5AI score0.00206EPSS
Exploits0References3
Rows per page
Query Builder