Lucene search
K

11 matches found

Vulnrichment
Vulnrichment
added 2026/05/17 10:15 p.m.13 views

CVE-2026-8766 Kilo-Org kilocode Environment Variable config.ts load information disclosure

A flaw has been found in Kilo-Org kilocode up to 7.0.47. This issue affects the function Load of the file packages/opencode/src/config/config.ts of the component Environment Variable Handler. Executing a manipulation of the argument KILOCONFIGCONTENT can lead to information disclosure. It is...

5.3CVSS5.4AI score0.00316EPSS
Exploits1References4
Snyk
Snyk
added 2026/05/07 9:18 p.m.12 views

Improper Encoding or Escaping of Output

Overview Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the RSS feed rendering process. An attacker can execute arbitrary JavaScript in the context of RSS readers by injecting malicious tag names or raw HTML markdown content. This is only exploitab...

4.8CVSS6AI score
Exploits0References3
Cvelist
Cvelist
added 2026/04/30 12:0 a.m.34 views

CVE-2026-36763

A stored cross-site scripting XSS vulnerability in the /api/blade-desk/notice/submit endpoint of SpringBlade v4.8.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted input into the content parameter...

0.00187EPSS
Exploits0References3
Drupal
Drupal
added 2026/04/22 12:0 a.m.19 views

Obfuscate - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-033

This module enables you to obfuscate email addresses in content. The module doesn't sufficiently sanitize user input via the Twig filter. This vulnerability is mitigated by the fact that it only affects sites using the ROT13 encoding and where an attacker can enter content that is filtered using...

6.1CVSS5.8AI score0.00196EPSS
Exploits0References2
NVD
NVD
added 2026/02/05 5:16 p.m.4 views

CVE-2020-37152

PHP-Fusion 9.03.50 panels.php is vulnerable to cross-site scripting XSS via the 'panelcontent' POST parameter. The application fails to properly sanitize user input before rendering it in the browser, allowing attackers to inject arbitrary JavaScript. This can be exploited by submitting crafted...

6.1CVSS0.00246EPSS
Exploits0References3
EUVD
EUVD
added 2026/02/05 4:13 p.m.6 views

EUVD-2020-31043

PHP-Fusion 9.03.50 panels.php is vulnerable to cross-site scripting XSS via the 'panelcontent' POST parameter. The application fails to properly sanitize user input before rendering it in the browser, allowing attackers to inject arbitrary JavaScript. This can be exploited by submitting crafted...

5.1CVSS5.5AI score0.00246EPSS
Exploits0References3
CNVD
CNVD
added 2025/10/15 12:0 a.m.3 views

ERPNext Cross-Site Scripting Vulnerability

ERPNext is an open source enterprise resource planning solution from ERPNext India. A cross-site scripting vulnerability exists in ERPNext version v15.67.0, which stems from improper cleanup of content field inputs by the blog post feature and can be exploited by an attacker to cause a stored...

5.4CVSS6.1AI score0.00382EPSS
Exploits2References1
Veracode
Veracode
added 2025/09/18 4:23 p.m.8 views

Stored Cross-site Scripting (XSS)

com.liferay, com.liferay.journal.service is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper validation of user input in the web content text field, which allows a remote unauthenticated attacker to inject malicious JavaScript and execute it in the context of a...

6.9CVSS5.9AI score0.00181EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2025/01/22 12:0 a.m.4 views

PT-2025-3883 · WordPress · Ai Power: Complete Ai Pack

Name of the Vulnerable Software and Affected Versions: AI Power: Complete AI Pack plugin for WordPress versions up to, and including, 1.8.96 Description: The issue allows authenticated attackers with administrative privileges to inject a PHP Object via deserialization of untrusted input from the...

7.2CVSS7.1AI score0.00642EPSS
Exploits0References11
OSV
OSV
added 2023/09/09 9:15 p.m.3 views

CVE-2023-4864

A vulnerability, which was classified as problematic, was found in SourceCodester Take-Note App 1.0. This affects an unknown part of the file index.php. The manipulation of the argument noteContent with the input alert'xss' leads to cross site scripting. It is possible to initiate the attack...

6.1CVSS4AI score0.00542EPSS
Exploits1References3
CNVD
CNVD
added 2018/11/13 12:0 a.m.4 views

XiaoCms Cross-Site Scripting Vulnerability

XiaoCms is a lightweight content management system CMS based on PHP and MySQL and capable of running on Linux, Windows and other platforms. A cross-site scripting vulnerability exists in XiaoCms version 20141229, which can be exploited by remote attackers to inject arbitrary web script or HTML vi...

6.1CVSS5.9AI score0.00675EPSS
Exploits1References1
Rows per page
Query Builder