Lucene search
K

36 matches found

ATTACKERKB
ATTACKERKB
added 6 days ago6 views

CVE-2026-5922

The IP phone might use malicious input stored in configuration parameters and render it as content for the WebUI’s webpage...

5.9CVSS5.9AI score0.00234EPSS
Exploits0References2
OSV
OSV
added 6 days ago3 views

DRUPAL-CONTRIB-2026-075

This module enables you to use Single Directory Components in site building views, field formatters, blocks, layouts and it improves the Developer Experience DX with SDC. The module doesn't sufficiently sanitize the markup passed to components under certain scenarios. This vulnerability is...

5.4CVSS6AI score0.00254EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 6 days ago18 views

PT-2026-56664

Name of the Vulnerable Software and Affected Versions Drupal UI Patterns SDC in Drupal UI versions 2.0.0 through 2.0.17 Description An issue exists where the module does not sufficiently sanitize markup passed to components in certain scenarios, leading to Stored Cross-site Scripting XSS...

6.1AI score0.00254EPSS
Exploits0References3
NVD
NVD
added 2026/07/06 11:16 p.m.9 views

CVE-2026-53641

FOSSBilling is a free, open-source billing and client management system. Versions 0.6.0 through 0.7.2 have a stored cross-site scripting XSS vulnerability in the client-facing email history views of FOSSBilling. Email HTML content contenthtml is rendered into a JavaScript template literal using t...

4.8CVSS0.00286EPSS
Exploits0References1
CVE
CVE
added 2026/07/02 5:35 a.m.16 views

CVE-2026-11600

The CVE-2026-11600 entry concerns Envo’s Templates & Widgets for Elementor and WooCommerce (WordPress). Affected: Tabs and Off Canvas widgets up to version 1.4.26. Root cause: the Tabs widget render() passes a user-controlled template/post ID to Elementor’s get_builder_content_for_display() witho...

4.3CVSS5.7AI score0.00223EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.18 views

PT-2026-49836

Address bar spoofing in Arc Search for Android allows a remote attacker to display a trusted domain in the address bar while rendering attacker-controlled content, enabling phishing...

7.4CVSS5.4AI score0.00283EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.12 views

TinyMCE 跨站脚本漏洞

TinyMCE is an open-source rich text editor developed by Tiny Technologies in the United States. Versions of TinyMCE prior to 5.11.1, 7.9.3, and 8.5.1 contained a cross-site scripting vulnerability. This vulnerability stemmed from a storage-type XSS vulnerability in the media plugin. Attackers cou...

8.7CVSS5.7AI score0.00264EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/26 6:0 p.m.12 views

Cross-site Scripting (XSS)

Overview @typebot.io/js is a Javascript library to display typebots on your website Affected versions of this package are vulnerable to Cross-site Scripting XSS via the href attribute in anchor tags rendered from user-controlled content. An attacker can execute arbitrary JavaScript in the context...

6.1CVSS5.8AI score0.00241EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/18 4:23 p.m.17 views

CI4MS: Stored XSS in Pages Module Content via Broken html_purify Validation Rule

Summary The Pages backend module registers the htmlpurify validation rule on language-keyed page content but persists the raw, un-purified POST value into the database. The public renderer for pages Home::index → app/Views/templates/default/pages.php emits $pageInfo-content without esc, yielding...

6.1AI score0.00062EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/04/09 3:25 a.m.32 views

CVE-2026-4336 Ultimate FAQ Accordion Plugin <= 2.4.7 - Authenticated (Author+) Stored Cross-Site Scripting via FAQ Content

The Ultimate FAQ Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via FAQ content in all versions up to, and including, 2.4.7. This is due to the plugin calling htmlentitydecode on postcontent during rendering in the setdisplayvariables function View.FAQ.class.php, line...

6.4CVSS0.00227EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/02/23 12:0 a.m.10 views

PT-2026-21569

Name of the Vulnerable Software and Affected Versions Bludit version 3.16.2 Description The application does not properly sanitize content input on the server side, despite client-side sanitation. An authenticated user can inject JavaScript into the post content field. This injected script execut...

5.4CVSS5.3AI score0.00139EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/02/12 12:0 a.m.6 views

HashiCorp next-mdx-remote 安全漏洞

HashiCorp next-mdx-remote is a content rendering tool developed by the American company HashiCorp. Versions of HashiCorp next-mdx-remote prior to version 6.0.0 contained security vulnerabilities, which were due to insufficient MDX content cleanup and could lead to arbitrary code execution...

8.8CVSS6.3AI score0.00582EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/05 12:0 a.m.6 views

PT-2026-1208

Name of the Vulnerable Software and Affected Versions zhanglun lettura versions up to 0.1.22 Description A security issue exists in zhanglun lettura affecting the RSS Handler component and specifically the processing within the src/components/ArticleView/ContentRender.tsx file. This issue results...

3.1CVSS6AI score0.00333EPSS
Exploits0References11
Veracode
Veracode
added 2025/12/13 6:27 a.m.6 views

User Interface (UI) Misrepresentation Of Critical Information

Drupal core is vulnerable to User Interface UI Misrepresentation of Critical Information. The vulnerability is due to improper handling of UI content rendering, which allows an attacker to spoof or misrepresent content and mislead users within the application interface...

4.3CVSS5.8AI score0.00198EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2025/10/28 12:0 a.m.7 views

PT-2025-44216

Name of the Vulnerable Software and Affected Versions Sharp versions prior to 9.11.1 Description Sharp, a content management framework for Laravel, contains a Cross-Site Scripting XSS issue in the SharpShowTextField component. Prior to version 9.11.1, expressions enclosed in & were processed by...

5.4CVSS5.8AI score0.00197EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-22466

Malicious code in bioql PyPI...

8.7CVSS6.3AI score0.00222EPSS
Exploits0References2
NVD
NVD
added 2025/07/23 6:15 p.m.6 views

CVE-2025-4700

An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that, under specific circumstances, could have potentially allowed a successful attacker to trigger unintended content rendering leading to XSS...

8.7CVSS0.00222EPSS
Exploits0References2
OSV
OSV
added 2025/07/23 6:15 p.m.3 views

UBUNTU-CVE-2025-4700

An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that, under specific circumstances, could have potentially allowed a successful attacker to trigger unintended content rendering leading to XSS...

8.7CVSS5.8AI score0.00222EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2025/07/23 5:33 p.m.3 views

CVE-2025-4700

An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that, under specific circumstances, could have potentially allowed a successful attacker to trigger unintended content rendering leading to XSS...

8.7CVSS5.8AI score0.00222EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2025/07/23 5:33 p.m.30 views

CVE-2025-4700

GitLab CVE-2025-4700 affects GitLab CE/EE versions 15.10–18.0.4, 18.1.x before 18.1.3, and 18.2.x before 18.2.1. The issue could allow an attacker to trigger unintended content rendering that leads to Cross-site Scripting (XSS) under certain conditions. The provided documents do not specify the v...

8.7CVSS5.9AI score0.00222EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder