Lucene search
K

1180649 matches found

CVE
CVE
added 51 minutes ago4 views

CVE-2026-47345

Namespace attributes are not encoded correctly during HTML serialization. This allows bypassing the cross-site scripting prevention mechanism of typo3/html-sanitizer before version 2.3.2...

5.1CVSS
Exploits0References2
NVD
NVD
added 51 minutes ago4 views

CVE-2026-47345

Namespace attributes are not encoded correctly during HTML serialization. This allows bypassing the cross-site scripting prevention mechanism of typo3/html-sanitizer before version 2.3.2...

5.1CVSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2 hours ago4 views

CVE-2026-47345 TYPO3 HTML Sanitizer allows Cross-Site Scripting

Namespace attributes are not encoded correctly during HTML serialization. This allows bypassing the cross-site scripting prevention mechanism of typo3/html-sanitizer before version 2.3.2...

5.1CVSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2 hours ago3 views

CVE-2026-47344 TYPO3 HTML Sanitizer allows Cross-Site Scripting

When ALLOWINSECURERAWTEXT is enabled, whitespace-variant closing tags e.g., are not recognized by the sanitizer but accepted by browsers as valid end tags, allowing subsequent content to escape sanitization. This allows bypassing the cross-site scripting prevention mechanism of typo3/html-sanitiz...

2.1CVSS
Exploits0References2
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-35132

A vulnerability was detected in imvks786 studentmanagementsystem up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. Affected by this issue is some unknown functionality of the file /add.php. The manipulation of the argument name/address/fname results in cross site scripting. It is possible to launch...

5.1CVSS4AI score
Exploits0References7
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-35087

A cross-site scripting vulnerability exists in modproxyftp's HTML directory list generation in Apache HTTP Server 2.4.67 and earlier when listing FTP directory contents either via forward or reverse proxy configuration. Users are recommended to upgrade to version 2.4.68, which fixes this issue...

6.1CVSS5.2AI score
Exploits0References2
NVD
NVD
added 3 hours ago2 views

CVE-2026-11534

A vulnerability was detected in imvks786 studentmanagementsystem up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. Affected by this issue is some unknown functionality of the file /add.php. The manipulation of the argument name/address/fname results in cross site scripting. It is possible to launch...

5.1CVSS
Exploits0References6
CVE
CVE
added 3 hours ago4 views

CVE-2026-11534

Technical details about this CVE are not publicly available in the provided documents. Monitor for updates.

5.1CVSS4AI score
Exploits0References6
ATTACKERKB
ATTACKERKB
added 4 hours ago3 views

CVE-2026-11534

A vulnerability was detected in imvks786 studentmanagementsystem up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. Affected by this issue is some unknown functionality of the file /add.php. The manipulation of the argument name/address/fname results in cross site scripting. It is possible to launch...

5.1CVSS4AI score
Exploits0References6
CVE
CVE
added 4 hours ago7 views

CVE-2026-29170

A cross-site scripting vulnerability exists in modproxyftp's HTML directory list generation in Apache HTTP Server 2.4.67 and earlier when listing FTP directory contents either via forward or reverse proxy configuration. Users are recommended to upgrade to version 2.4.68, which fixes this issue...

6.1CVSS5.2AI score
Exploits0References1
NVD
NVD
added 4 hours ago3 views

CVE-2026-29170

A cross-site scripting vulnerability exists in modproxyftp's HTML directory list generation in Apache HTTP Server 2.4.67 and earlier when listing FTP directory contents either via forward or reverse proxy configuration. Users are recommended to upgrade to version 2.4.68, which fixes this issue...

6.1CVSS
Exploits0References1
NVD
NVD
added 5 hours ago3 views

CVE-2026-25558

QloApps through 1.7.0 contains a stored cross-site scripting vulnerability in the admin file manager that allows authenticated administrators to inject malicious JavaScript by uploading crafted SVG files. Attackers can embed JavaScript event handlers such as onload within SVG files uploaded throu...

4.8CVSS
Exploits0References2
NVD
NVD
added 5 hours ago4 views

CVE-2026-11518

A vulnerability was identified in SourceCodester Inventory System 1.0. Affected is an unknown function of the file /users.php of the component User Management Page. The manipulation of the argument fullname/username leads to cross site scripting. The attack is possible to be carried out remotely...

5.3CVSS
Exploits0References6
NVD
NVD
added 5 hours ago4 views

CVE-2026-11520

A weakness has been identified in SourceCodester Inventory System 1.0. Affected by this issue is some unknown functionality of the file header.php. This manipulation causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made available to the public and...

5.1CVSS
Exploits0References5
Vulnrichment
Vulnrichment
added 5 hours ago3 views

CVE-2026-29170 Apache HTTP Server: mod_proxy_ftp XSS

A cross-site scripting vulnerability exists in modproxyftp's HTML directory list generation in Apache HTTP Server 2.4.67 and earlier when listing FTP directory contents either via forward or reverse proxy configuration. Users are recommended to upgrade to version 2.4.68, which fixes this issue...

5.1AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 6 hours ago2 views

CVE-2026-11436

A vulnerability was detected in Mage AI up to 0.9.79. This impacts the function useMutation of the file mageai/frontend/components/Sessions/SignForm/index.tsx of the component Sign-in Flow. Performing a manipulation of the argument query.redirecturl results in cross site scripting. Remote...

5.3CVSS4AI score0.00033EPSS
Exploits0References1
GithubExploit
GithubExploit
added 6 hours ago13 views

xss-defense-system

No d...

5.4AI score
Exploits0
CVE
CVE
added 7 hours ago10 views

CVE-2026-25558

CVE-2026-25558 affects QloApps up to version 1.7.0. The issue is a stored cross-site scripting flaw in the admin file manager, permitting an authenticated administrator to inject malicious JavaScript by uploading crafted SVG files. Attackers can embed event handlers (e.g., onload) in SVGs uploade...

4.8CVSS5.5AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added 7 hours ago3 views

CVE-2026-25558

QloApps through 1.7.0 contains a stored cross-site scripting vulnerability in the admin file manager that allows authenticated administrators to inject malicious JavaScript by uploading crafted SVG files. Attackers can embed JavaScript event handlers such as onload within SVG files uploaded throu...

4.8CVSS5.5AI score
Exploits0References3
Cvelist
Cvelist
added 7 hours ago4 views

CVE-2026-25558 QloApps 1.7.0 Stored XSS via SVG File Upload in Admin File Manager

QloApps through 1.7.0 contains a stored cross-site scripting vulnerability in the admin file manager that allows authenticated administrators to inject malicious JavaScript by uploading crafted SVG files. Attackers can embed JavaScript event handlers such as onload within SVG files uploaded throu...

4.8CVSS
Exploits0References2
Rows per page
Query Builder