Lucene search
K

1119115 matches found

CVE
CVE
added 1 hour ago6 views

CVE-2026-58077

CVE-2026-58077 affects the Joomla extension 4Analytics (weeblr.com) prior to version 5.0.2. It describes an unauthenticated stored XSS vulnerability, where a specially crafted unauthenticated request can lead to website takeover under certain conditions. The provided documents identify the vulner...

8.7CVSS6.1AI score
Exploits0References1
CVE
CVE
added 1 hour ago6 views

CVE-2026-57833

The CVE affects the Joomla extension 4Analytics for weeblr.com, with an unauthenticated stored XSS vulnerability in the AI analysis feature present in versions prior to 5.0.2. The underlying issue is a stored XSS in the AI analysis workflow, leading to high impact on confidentiality, integrity, a...

8.6CVSS6.1AI score
Exploits0References1
CVE
CVE
added yesterday28 views

CVE-2026-47730

Twig: XSS in Twig\Profiler\Dumper\HtmlDumper allows attacker-controlled template/profile names to inject HTML in profiler output due to unescaped getTemplate()/getName() data. Affects Twig 3.0.0–3.26.0; fixed in 3.26.0 by escaping these values via htmlspecialchars(). No exploit details provided b...

5.1CVSS6.2AI score0.00037EPSS
Exploits0References3
EUVD
EUVD
added yesterday3 views

EUVD-2026-44554

ColdFusion is affected by a reflected Cross-Site Scripting XSS vulnerability. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated access or control over the victim's account or session. Exploitation of this issue requires user...

8.5CVSS6.1AI score
Exploits0References1
CVE
CVE
added yesterday34 views

CVE-2026-49978

CVE-2026-49978 affects DOMPurify, where IN_PLACE sanitization before version 3.4.7 could skip shadow contents inside a .content, allowing attacker-controlled markup (e.g., event handlers, JavaScript URLs, scripts) to survive during cloning and insertion of sanitized templates. The issue is fixed ...

6.3CVSS6.1AI score0.00038EPSS
Exploits0References3
CVE
CVE
added yesterday53 views

CVE-2026-49459

CVE-2026-49459 affects DOMPurify prior to 3.4.6, where IN_PLACE mode could retain event-handler attributes on an attacker‑controlled root DOM due to _isClobbered logic and incomplete removal paths. Affected component: DOMPurify.sanitize(root, { IN_PLACE: true }) with a clobbered root form. Conseq...

6.1CVSS6.1AI score0.00042EPSS
Exploits0References3
CVE
CVE
added yesterday6 views

CVE-2026-47999

CVE-2026-47999 describes a stored Cross-Site Scripting (XSS) flaw in Adobe Commerce . A high-privilege attacker can inject malicious scripts into vulnerable form fields, with JavaScript potentially executing in a victim’s browser when loading the page containing the affected field. The CVSS metri...

4.8CVSS6.1AI score
Exploits0References1
CVE
CVE
added yesterday4 views

CVE-2026-47995

Technical details such as affected versions, vulnerable components, exploit methods, or remediation steps are not provided in the supplied documents. Monitor for updates from Adobe/NVD for concrete technical information.

8.1CVSS6.1AI score
Exploits0References1
CVE
CVE
added yesterday7 views

CVE-2026-48371

Adobe Commerce is affected by a stored Cross-Site Scripting (XSS) vulnerability. The issue allows a low-privilege attacker to inject malicious scripts into vulnerable form fields, with malicious JavaScript potentially executing in a victim’s browser when visiting the page containing the vulnerabl...

5.4CVSS6.1AI score
Exploits0References1
CVE
CVE
added yesterday7 views

CVE-2026-47994

Adobe Commerce is affected by a stored Cross-Site Scripting (XSS) vulnerability (CVE-2026-47994). The issue allows a low-privileged attacker to inject malicious scripts into vulnerable form fields, with malicious JavaScript potentially executing in a victim’s browser when visiting the page contai...

8.7CVSS6.1AI score
Exploits0References1
CVE
CVE
added yesterday5 views

CVE-2026-48263

CVE-2026-48263 : Adobe Experience Manager is affected by a stored Cross-Site Scripting (XSS) vulnerability in vulnerable form fields. The issue allows a low-privileged attacker to inject malicious scripts, which may execute in a victim’s browser when visiting a page containing the vulnerable fiel...

5.4CVSS6.1AI score
Exploits0References1
CVE
CVE
added yesterday6 views

CVE-2026-48260

Adobe Experience Manager is affected by a DOM-based XSS vulnerability (CVE-2026-48260). The issue allows an attacker to manipulate the DOM to execute malicious JavaScript in the victim’s browser. Exploitation requires user interaction (victim visits a crafted page). CVSS v3.1: AV:N/AC:L/PR:L/UI:R...

5.4CVSS6.1AI score
Exploits0References1
CVE
CVE
added yesterday5 views

CVE-2026-48355

Adobe Experience Manager is affected by a stored XSS vulnerability (CVE-2026-48355) that allows a low-privileged attacker to inject JavaScript into vulnerable form fields, with victim browsers executing the script when visiting the affected page. The CVSS v3.1 base score is 5.4 (Medium) with netw...

5.4CVSS6.1AI score
Exploits0References1
CVE
CVE
added yesterday8 views

CVE-2026-48261

Adobe Experience Manager is affected by a DOM-based XSS vulnerability. An attacker could manipulate the DOM to execute JavaScript in the victim’s browser, with user interaction required (victim visits a crafted page). The vulnerability is scope-changed; CVSS 3.1 base score 5.4 (MEDIUM) with NETWO...

5.4CVSS6.1AI score
Exploits0References1
CVE
CVE
added yesterday7 views

CVE-2026-48253

CVE-2026-48253 affects Adobe Experience Manager and describes a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could cause malicious JavaScript to execute in the victim’s browser by manipulating the DOM; exploitation requires user interaction (the victim visits a crafted page). T...

5.4CVSS6.1AI score
Exploits0References1
CVE
CVE
added yesterday6 views

CVE-2026-48255

CVE-2026-48255 affects Adobe Experience Manager with a DOM-based Cross-Site Scripting (XSS) vulnerability. The issue arises from manipulating the DOM to execute malicious JavaScript in the victim’s browser, requiring user interaction (victim visits a crafted webpage). CVSS 3.1 metrics indicate Ne...

5.4CVSS6.1AI score
Exploits0References1
CVE
CVE
added yesterday7 views

CVE-2026-48257

CVE-2026-48257 : Adobe Experience Manager is affected by a DOM-based XSS vulnerability. An attacker could manipulate the DOM to run malicious JavaScript in the victim’s browser, with exploitation requiring the user to visit a crafted webpage. The CVSS v3.1 base score is 5.4 (Medium) with network ...

5.4CVSS6.1AI score
Exploits0References1
CVE
CVE
added yesterday5 views

CVE-2026-48254

Technical details are not publicly available in the provided documents. Monitor for updates on CVE-2026-48254.

5.4CVSS6.1AI score
Exploits0References1
NVD
NVD
added yesterday4 views

CVE-2026-57101

Improper neutralization of input during web page generation 'cross-site scripting' in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally...

7.1CVSS
Exploits0References1
NVD
NVD
added yesterday3 views

CVE-2026-55126

Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...

7.3CVSS
Exploits0References1
Rows per page
Query Builder