Lucene search
K

78 matches found

EUVD
EUVD
added 2026/05/28 8:45 p.m.12 views

EUVD-2026-33055

LinkAce is a self-hosted archive to collect website links. Prior to 2.5.6, LinkAce contains a stored cross-site scripting vulnerability that allows a low-privilege user to execute arbitrary JavaScript in an administrator's browser session. This affects instances configured with SSO/OAuth...

8.5CVSS5.9AI score0.00306EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/27 2:25 a.m.41 views

CVE-2026-48999 Stored Cross-Site Scripting (XSS) vulnerability in ZTE ZXUniPOS NDS-LTE product

Attackers carefully craft malicious scripts, such as JavaScript, and inject them into target systems; when other users access pages containing such malicious content, the scripts are automatically loaded and executed in the victim's browser.Attackers can thereby steal user cookies, hijack session...

5.7CVSS0.00169EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/26 8:14 p.m.11 views

CVE-2026-41147

NukeViet CMS is a multi Content Management System. Versions 4.5.07 and prior contain a Stored Cross-Site Scripting XSS vulnerability caused by insufficient server-side input sanitization in the Request class. The application relies primarily on client-side filtering to sanitize HTML tags and...

8.7CVSS5.8AI score0.00349EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/26 6:0 p.m.11 views

Cross-site Scripting (XSS)

Overview @typebot.io/js is a Javascript library to display typebots on your website Affected versions of this package are vulnerable to Cross-site Scripting XSS via the href attribute in anchor tags rendered from user-controlled content. An attacker can execute arbitrary JavaScript in the context...

6.1CVSS5.8AI score0.00241EPSS
Exploits0References2
CNVD
CNVD
added 2026/03/31 12:0 a.m.7 views

HCL Aftermarket DPC Cross-Site Scripting Vulnerability

HCL Aftermarket DPC is a digital spare parts and aftermarket management platform for HCL India. HCL Aftermarket DPC suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data, which can be exploited by an...

4.3CVSS5.8AI score0.00231EPSS
Exploits0
Packet Storm
Packet Storm
added 2026/02/02 12:0 a.m.141 views

📄 WP Flash Player 1.3 Cross Site Scripting

Multiple cross site scripting vulnerabilities exist in WP Flash Player WordPress Plugin version 1.3. This issue is older research added to the archive. WP Flash Player 1.3 - Multiple Cross-site Scripting Advisory ID: RO-15-011 Severity: High Vendor: WordPress Product: WP Flash Player Version: 1.3...

5AI score
Exploits0
Positive Technologies
Positive Technologies
added 2025/11/18 12:0 a.m.6 views

PT-2025-47299

Name of the Vulnerable Software and Affected Versions WinPlus version 24.11.27 Description A stored Cross-site Scripting XSS issue exists in WinPlus version 24.11.27 due to insufficient validation of user-supplied data. This allows a remote attacker to send a malicious query to an authenticated...

5.1CVSS5.9AI score0.00289EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/10/10 12:0 a.m.5 views

CVE-2025-61319

ReNgine thru 2.2.0 is vulnerable to a Stored Cross-Site Scripting XSS vulnerability in the Vulnerabilities module. When scanning a target with an XSS payload, the unsanitized payload is rendered in the ReNgine web UI, resulting in arbitrary JavaScript execution in the victim's browser. This can b...

4.8AI score0.00266EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2005-4679

Malware in sbrugna...

6.4CVSS6.4AI score0.01154EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-38794

Malicious code in bioql PyPI...

6.3CVSS7AI score0.00538EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-4251

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.01944EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2025/10/02 10:45 a.m.3 views

CVE-2025-40991 Stored XSS in Creativeitem Ekushey CRM

Stored Cross Site Scripting vulnerability in Ekushey CRM v5.0 by Creativeitem, due to lack of proper validation of user inputs via the "/ekushey/index.php/client/projectfile/upload/xxxx", affecting to "description" parameter via POST. This vulnerability could allow a remote attacker to send a...

5.1CVSS5.7AI score0.00193EPSS
Exploits0References1
CVE
CVE
added 2025/10/02 10:40 a.m.10 views

CVE-2025-40989

CVE-2025-40989 describes a stored cross-site scripting vulnerability in Ekushey CRM v5.0 (Creativeitem) caused by insufficient validation of user input in the POST endpoint dealing with the applicant’s message, specifically the API path that includes the message parameter. The affected component ...

5.4CVSS5.7AI score0.00193EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/08/18 12:0 a.m.6 views

PT-2025-33702 · Unknown · Sante Pacs Server

Name of the Vulnerable Software and Affected Versions: Sante PACS Server affected versions not specified Description: Sante PACS Server is susceptible to stored cross-site scripting. An attacker can inject malicious HTML code, potentially redirecting a user to a malicious webpage and stealing the...

6.1CVSS6.2AI score0.00181EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/05/22 10:32 a.m.9 views

CVE-2019-14550

An issue was discovered in EspoCRM before 5.6.9. Stored XSS was executed when a victim clicks on the Edit Dashboard feature present on the Homepage. An attacker can load malicious JavaScript inside the add tab list feature, which would fire when a user clicks on the Edit Dashboard button, thus...

5.4CVSS5.8AI score0.0108EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/03/22 1:29 p.m.17 views

CVE-2024-10723

A stored cross-site scripting XSS vulnerability was discovered in phpipam/phpipam version 1.5.2. This vulnerability allows an attacker to inject malicious scripts into the destination address field of the NAT tool, which can be executed when a user interacts with the field. The impact of this...

5.4CVSS5.7AI score0.00315EPSS
Exploits1References1
OSV
OSV
added 2024/11/06 12:0 a.m.6 views

CVE-2024-50637

UnoPim 0.1.3 and below is vulnerable to Cross Site Scripting XSS in the Create User function. This allows attackers to perform XSS via an SVG document, which can be used to steal cookies...

5.4CVSS5.3AI score0.0037EPSS
Exploits1References5
OSV
OSV
added 2024/07/10 4:15 p.m.4 views

CVE-2023-33860

IBM Security QRadar EDR 3.12 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the...

5.3CVSS5.6AI score0.0024EPSS
Exploits0References2
Snyk
Snyk
added 2024/02/13 6:34 p.m.2 views

Cross-site Scripting (XSS)

Overview sidekiq-unique-jobs is a package containing unique jobs that were removed from sidekiq. Affected versions of this package are vulnerable to Cross-site Scripting XSS via specially crafted GET request parameters handled by any of the following endpoints of the "admin" web UI: /changelogs,...

8.2CVSS5.2AI score0.00525EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/01/26 12:0 a.m.5 views

Cups Easy 跨站脚本漏洞

Cups Easy is a PHP-based purchasing and inventory software that may become a full-fledged ERP in the future. Cups Easy suffers from a cross-site scripting vulnerability that stems from insufficient escaping of the description parameter on the /cupseasylive/itempopup.php page. An attacker could us...

8.2CVSS7AI score0.00398EPSS
Exploits0References2
Rows per page
Query Builder