Lucene search
K

415 matches found

Positive Technologies
Positive Technologies
added 2025/09/08 12:0 a.m.2 views

PT-2025-37748

Name of the Vulnerable Software and Affected Versions error-ex versions prior to 1.3.4 Description The error-ex npm package was compromised through a phishing attack resulting in the publication of version 1.3.3 containing a malware payload. This malware targets cryptocurrency transactions and...

8.8CVSS6.5AI score0.00378EPSS
Exploits0References16
Positive Technologies
Positive Technologies
added 2025/09/08 12:0 a.m.4 views

PT-2025-37760

Name of the Vulnerable Software and Affected Versions color-name versions prior to 2.0.2 Description An npm publishing account for color-name was taken over following a phishing attack. Version 2.0.1 was published with a malware payload designed to redirect cryptocurrency transactions to the...

8.8CVSS5.8AI score0.00473EPSS
Exploits0References33
Positive Technologies
Positive Technologies
added 2025/09/08 12:0 a.m.3 views

PT-2025-37742

Name of the Vulnerable Software and Affected Versions: backslash versions prior to 0.2.2 Description: The backslash npm package was compromised through a phishing attack on the publishing account. Version 0.2.1 was published with a malicious payload designed to redirect cryptocurrency transaction...

8.8CVSS6.3AI score0.00378EPSS
Exploits0References15
RedhatCVE
RedhatCVE
added 2025/08/30 6:20 p.m.5 views

CVE-2025-34521

A reflected cross-site scripting XSS vulnerability exists in the web interface of the Arcserve Unified Data Protection UDP, where unsanitized user input is improperly reflected in HTTP responses. This flaw allows remote attackers with low privileges to craft malicious links that, when visited by...

5.4CVSS6AI score0.00197EPSS
Exploits0References1
NVD
NVD
added 2025/08/27 10:15 p.m.6 views

CVE-2025-34521

A reflected cross-site scripting XSS vulnerability exists in the web interface of the Arcserve Unified Data Protection UDP, where unsanitized user input is improperly reflected in HTTP responses. This flaw allows remote attackers with low privileges to craft malicious links that, when visited by...

5.4CVSS0.00197EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/27 9:19 p.m.4 views

CVE-2025-34521 Arcserve UDP < 10.2 Reflected Cross-Site Scripting (XSS)

A reflected cross-site scripting XSS vulnerability exists in the web interface of the Arcserve Unified Data Protection UDP, where unsanitized user input is improperly reflected in HTTP responses. This flaw allows remote attackers with low privileges to craft malicious links that, when visited by...

4.8CVSS5.5AI score0.00197EPSS
Exploits0References1
CVE
CVE
added 2025/08/27 4:48 p.m.23 views

CVE-2025-34157

CVE-2025-34157 concerns Coolify. A stored XSS in the project-creation workflow affects versions prior to 4.0.0-beta.420.6. An authenticated user with low privileges can craft a project name containing JavaScript, which when an administrator deletes the project executes in the admin context, enabl...

9.4CVSS5.3AI score0.00448EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/08/22 12:0 a.m.3 views

CVE-2025-50733

NextChat contains a cross-site scripting XSS vulnerability in the HTMLPreview component of artifacts.tsx that allows attackers to execute arbitrary JavaScript code when HTML content is rendered in the AI chat interface. The vulnerability occurs because user-influenced HTML from AI responses is...

5.8AI score0.00188EPSS
Exploits0References2
CVE
CVE
added 2025/08/20 5:8 p.m.20 views

CVE-2025-47054

CVE-2025-47054 affects Adobe Experience Manager (AEM) 6.5.22 and earlier, due to a DOM-based XSS flaw caused by improper validation of user-supplied input. An attacker with low privileges can exploit it by prompting a victim to visit a crafted page, executing JavaScript in the victim’s browser (u...

5.4CVSS5.4AI score0.0033EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/06/10 12:10 a.m.2 views

CVE-2025-31325 Cross-Site Scripting (XSS) Vulnerability in SAP NetWeaver (ABAP Keyword Documentation)

Due to a Cross-Site Scripting vulnerability in SAP NetWeaver ABAP Keyword Documentation, an unauthenticated attacker could inject malicious JavaScript into a web page through an unprotected parameter. When a victim accesses the affected page, the script executes in their browser, providing the...

5.8CVSS5.5AI score0.00268EPSS
Exploits0References2
Veracode
Veracode
added 2025/05/27 4:51 a.m.10 views

Cross-Site Scripting (XSS)

dotnetnuke.core is vulnerable to cross-site scripting XSS. The vulnerability is due to uploaded SVG files containing scripts that, when rendered inline. It allows an attacker to execute malicious scripts in the context of the user’s browser...

6.1CVSS6.1AI score0.00244EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 6:1 a.m.6 views

CVE-2023-28629

GoCD is an open source continuous delivery server. GoCD versions before 23.1.0 are vulnerable to a stored XSS vulnerability, where pipeline configuration with a malicious pipeline label configuration can affect browser display of pipeline runs generated from that configuration. An attacker that h...

5.4CVSS6.1AI score0.00498EPSS
Exploits0References1
OSV
OSV
added 2025/05/16 1:15 a.m.4 views

CVE-2024-51475

IBM Content Navigator 3.0.11, 3.0.15, and 3.1.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

6.1CVSS5.8AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/02 12:12 p.m.9 views

CVE-2025-24344

A vulnerability in the error notification messages of the web application of ctrlX OS allows a remote unauthenticated attacker to inject arbitrary HTML tags and, possibly, execute arbitrary client-side code in the context of another user's browser via a crafted HTTP request...

6.3CVSS7.4AI score0.00281EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/04/11 12:12 a.m.12 views

CVE-2025-30292

ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's...

6.1CVSS5.8AI score0.12031EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/03/29 5:29 p.m.19 views

CVE-2025-30366

WeGIA is a Web manager for charitable institutions. Versions prior to 3.2.8 are vulnerable to stored cross-site scripting. This vulnerability allows unauthorized scripts to be executed within the user's browser context. Stored XSS is particularly critical, as the malicious code is permanently...

6.2CVSS5.6AI score0.00252EPSS
Exploits1References1
OSV
OSV
added 2025/03/27 4:29 p.m.11 views

CVE-2025-30366 WeGIA vulnerable to Stored XSS in personalizacao.php

WeGIA is a Web manager for charitable institutions. Versions prior to 3.2.8 are vulnerable to stored cross-site scripting. This vulnerability allows unauthorized scripts to be executed within the user's browser context. Stored XSS is particularly critical, as the malicious code is permanently...

6.2CVSS5.7AI score0.00252EPSS
Exploits1References3
OSV
OSV
added 2025/03/20 10:15 a.m.4 views

CVE-2024-8556

A stored cross-site scripting XSS vulnerability exists in modelscope/agentscope, as of the latest commit 21161fe on the main branch. The vulnerability occurs in the view for inspecting detailed run information, where a user-controllable string run ID is appended and rendered as HTML. This allows ...

6.1CVSS6AI score
Exploits0References1
Cvelist
Cvelist
added 2025/03/20 10:11 a.m.41 views

CVE-2024-8556 Stored XSS in modelscope/agentscope

A stored cross-site scripting XSS vulnerability exists in modelscope/agentscope, as of the latest commit 21161fe on the main branch. The vulnerability occurs in the view for inspecting detailed run information, where a user-controllable string run ID is appended and rendered as HTML. This allows ...

6.1CVSS0.00389EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/03/20 10:11 a.m.7 views

CVE-2024-8400 Stored XSS in gaizhenbiao/chuanhuchatgpt

A stored cross-site scripting XSS vulnerability exists in the latest version of gaizhenbiao/chuanhuchatgpt. The vulnerability allows an attacker to upload a malicious HTML file containing JavaScript code, which is then executed when the file is accessed. This can lead to the execution of arbitrar...

5.4CVSS5.3AI score0.00378EPSS
Exploits1References2
Rows per page
Query Builder