Lucene search
K

43675 matches found

CNNVD
CNNVD
added 2026/01/26 12:0 a.m.5 views

Grav CMS cross-site scripting vulnerability

Grav CMS is an open-source file-based content management system developed by Grav. Grav CMS 1.9.18 contains a cross-site scripting vulnerability; this vulnerability stems from a persistent cross-site scripting in the page title field, which may allow for the execution of malicious scripts...

6.4CVSS5.8AI score0.00567EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/26 12:0 a.m.3 views

Alibaba Cloud Linux 3 : 0015: openssl (ALINUX3-SA-2026:0015)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2026:0015 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2025-9230: Issue summary: An application trying...

7.5CVSS7AI score0.01744EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/01/25 1:4 p.m.2 views

CVE-2020-36932

SeaCMS 11.1 contains a stored cross-site scripting vulnerability in the checkuser parameter of the admin settings page. Attackers can inject malicious JavaScript payloads that will execute in users' browsers when the page is loaded...

6.1CVSS5.8AI score0.00244EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/01/24 9:15 p.m.6 views

CVE-2025-71177

LavaLite CMS versions up to and including 10.1.0 contain a stored cross-site scripting vulnerability in the package creation and search functionality. Authenticated users can supply crafted HTML or JavaScript in the package Name or Description fields that is stored and later rendered without prop...

5.4CVSS5AI score0.00198EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/01/23 6:31 p.m.13 views

LavaLite CMS affected by a stored cross-site scripting vulnerability

LavaLite CMS versions up to and including 10.1.0 contain a stored cross-site scripting vulnerability in the package creation and search functionality. Authenticated users can supply crafted HTML or JavaScript in the package Name or Description fields that is stored and later rendered without prop...

5.4CVSS5AI score0.00198EPSS
Exploits1References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/01/23 4:47 p.m.4 views

CVE-2021-47906

BloofoxCMS 0.5.2.1 contains a stored cross-site scripting vulnerability in the articles text parameter that allows authenticated attackers to inject malicious scripts. Attackers can insert malicious javascript payloads in the text field to execute scripts and potentially steal authenticated users...

6.4CVSS5.9AI score0.00197EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/01/23 4:40 p.m.2 views

CVE-2025-71177

LavaLite CMS versions up to and including 10.1.0 contain a stored cross-site scripting vulnerability in the package creation and search functionality. Authenticated users can supply crafted HTML or JavaScript in the package Name or Description fields that is stored and later rendered without prop...

5.4CVSS5.8AI score0.00198EPSS
Exploits1References4
CVE
CVE
added 2026/01/23 4:40 p.m.13 views

CVE-2025-71177

LavaLite CMS ≤ 10.1.0 is reported to have a stored XSS vulnerability in package creation and package search. Authenticated users can inject HTML/JavaScript into the Package Name or Description fields, which is stored and later rendered without proper output encoding in search results, enabling po...

5.4CVSS5AI score0.00198EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/23 4:40 p.m.3 views

CVE-2025-71177 LavaLite CMS <= 10.1.0 Stored XSS via Package Creation and Search

LavaLite CMS versions up to and including 10.1.0 contain a stored cross-site scripting vulnerability in the package creation and search functionality. Authenticated users can supply crafted HTML or JavaScript in the package Name or Description fields that is stored and later rendered without prop...

5.1CVSS5AI score0.00198EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/01/23 4:40 p.m.28 views

CVE-2025-71177 LavaLite CMS <= 10.1.0 Stored XSS via Package Creation and Search

LavaLite CMS versions up to and including 10.1.0 contain a stored cross-site scripting vulnerability in the package creation and search functionality. Authenticated users can supply crafted HTML or JavaScript in the package Name or Description fields that is stored and later rendered without prop...

5.1CVSS0.00198EPSS
Exploits1References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/01/23 1:13 a.m.7 views

Malicious code in public-site-cms-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3ab3fee105c88cb2417b79efd376d25e9f23afaaef354d5f154635820c702079 The package public-site-cms-ui was found to contain malicious code...

5.4AI score
Exploits0
OSV
OSV
added 2026/01/23 1:13 a.m.3 views

MAL-2026-483 Malicious code in public-site-cms-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3ab3fee105c88cb2417b79efd376d25e9f23afaaef354d5f154635820c702079 The package public-site-cms-ui was found to contain malicious code...

5.4AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/01/23 12:0 a.m.6 views

PT-2026-4535

Name of the Vulnerable Software and Affected Versions Typemill versions 2.19.1 and below Description Typemill is a flat-file, Markdown-based CMS for informational documentation websites. A reflected Cross-Site Scripting XSS issue exists in the login error view template login.twig. The username...

6.1CVSS5.5AI score0.00254EPSS
Exploits1References9
Github Security Blog
Github Security Blog
added 2026/01/22 9:41 p.m.11 views

Freeform Craft Plugin CP UI (builder/integrations) has Stored Cross-Site Scripting (XSS) issue

Summary An authenticated, low-privilege user able to create/edit forms can inject arbitrary HTML/JS into the Craft Control Panel CP builder and integrations views. User-controlled form labels and integration metadata are rendered with dangerouslySetInnerHTML without sanitization, leading to store...

5.4CVSS5.9AI score0.00253EPSS
Exploits1References5Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/22 5:34 p.m.7 views

CVE-2021-47860

GetSimple CMS Custom JS 0.1 plugin contains a cross-site request forgery vulnerability that allows unauthenticated attackers to inject arbitrary client-side code into administrator browsers. Attackers can craft a malicious website that triggers a cross-site scripting payload to execute remote cod...

8.5CVSS6AI score0.00226EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/22 5:34 p.m.5 views

CVE-2021-47778

GetSimple CMS My SMTP Contact Plugin 1.1.2 contains a PHP code injection vulnerability. An authenticated administrator can inject arbitrary PHP code through plugin configuration parameters, leading to remote code execution on the server...

8.6CVSS6.7AI score0.0109EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/01/22 12:0 a.m.8 views

PT-2026-7943

Name of the Vulnerable Software and Affected Versions Solspace Freeform plugin for Craft CMS versions 5.0 through 5.14.6 Description A low-privilege authenticated user with form creation/editing permissions can inject arbitrary HTML and JavaScript code into the Craft Control Panel builder and...

5.1CVSS5.5AI score0.00253EPSS
Exploits1References10
GithubExploit
GithubExploit
added 2026/01/21 10:17 p.m.166 views

Exploit for Cross-site Scripting in Exponentcms Exponent_Cms

Synthetic Test Case: CVE-2017-8085 CWE: CWE-79 Origin...

6.1CVSS5.6AI score0.01147EPSS
Exploits1
OSV
OSV
added 2026/01/21 6:16 p.m.5 views

CVE-2021-47870

GetSimple CMS My SMTP Contact Plugin 1.1.2 suffers from a Stored Cross-Site Scripting XSS vulnerability. The plugin attempts to sanitize user input using htmlspecialchars, but this can be bypassed by passing dangerous characters as escaped hex bytes. This allows attackers to inject arbitrary...

5.4CVSS5.9AI score0.00229EPSS
Exploits1References5
NVD
NVD
added 2026/01/21 6:16 p.m.7 views

CVE-2021-47870

GetSimple CMS My SMTP Contact Plugin 1.1.2 suffers from a Stored Cross-Site Scripting XSS vulnerability. The plugin attempts to sanitize user input using htmlspecialchars, but this can be bypassed by passing dangerous characters as escaped hex bytes. This allows attackers to inject arbitrary...

5.4CVSS0.00229EPSS
Exploits1References5
Rows per page
Query Builder