Lucene search
K

208 matches found

CVE
CVE
added 2025/02/19 4:6 p.m.47 views

CVE-2025-20211

CVE-2025-20211 describes a cross-site scripting vulnerability in the web-based management interface of Cisco BroadWorks Application Delivery Platform. The flaw arises from improper validation of user-supplied input, enabling an unauthenticated, remote attacker to persuade a user to click a crafte...

6.1CVSS6.2AI score0.00284EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/14 11:29 a.m.9 views

CVE-2025-0511

The Welcart e-Commerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘name’ parameter in all versions up to, and including, 2.11.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

7.2CVSS8AI score0.00346EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/12 11:37 p.m.10 views

CVE-2024-55488

A stored cross-site scripting XSS vulnerability in Umbraco CMS v14.3.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. NOTE: This has been disputed by the vendor since this potential attack is only possible via authenticated users who have been manually allowed...

6.5CVSS5.4AI score0.00309EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 4:58 a.m.5 views

CVE-2024-10108

The WPAdverts – Classifieds Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's advertsadd shortcode in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers t...

7.2CVSS6.1AI score0.00382EPSS
Exploits0References1
Kaspersky
Kaspersky
added 2025/02/04 12:0 a.m.10 views

KLA79484 Multiple vulnerabilities in Mozilla Thunderbird

Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to bypass security restrictions, spoof user interface, execute arbitrary code, obtain sensitive information, cause denial of service, perform cross-site scripting attack. Below is a...

9.8CVSS10AI score0.01331EPSS
Exploits0References3
Kaspersky
Kaspersky
added 2025/02/04 12:0 a.m.12 views

KLA79485 Multiple vulnerabilities in Mozilla Thunderbird

Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to execute arbitrary code, bypass security restrictions, spoof user interface, obtain sensitive information, cause denial of service, perform cross-site scripting attack. Below is a...

9.8CVSS10AI score0.01331EPSS
Exploits0References3
NVD
NVD
added 2025/01/18 2:15 p.m.28 views

CVE-2025-0559

A vulnerability, which was classified as problematic, has been found in Campcodes School Management Software 1.0. This issue affects some unknown processing of the file /create-id-card of the component Create Id Card Page. The manipulation of the argument ID Card Title leads to cross site...

5.1CVSS0.00345EPSS
Exploits1References5
Apple
Apple
added 2024/11/19 12:0 a.m.22 views

About the security content of visionOS2.1.1

About the security content of visionOS2.1.1 This document describes the security content of visionOS 2.1.1. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are...

8.8CVSS7.6AI score0.22728EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2024/10/04 2:20 p.m.30 views

CVE-2024-47765 Minecraft MOTD Parser's HtmlGenerator vulnerable to XSS

Minecraft MOTD Parser is a PHP library to parse minecraft server motd. The HtmlGenerator class is subject to potential cross-site scripting XSS attack through a parsed malformed Minecraft server MOTD. The HtmlGenerator iterates through objects of MotdItem that are contained in an object of...

6.9CVSS0.00367EPSS
Exploits0References2
Apple
Apple
added 2024/07/29 12:0 a.m.3420 views

About the security content of Safari 17.6

About the security content of Safari 17.6 This document describes the security content of Safari 17.6. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available...

9.8CVSS8AI score0.01344EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/07/03 6:0 a.m.16 views

CVE-2024-2375 WPQA < 6.1.1 - Contributor+ Stored XSS

The WPQA Builder WordPress plugin before 6.1.1 does not sanitise and escape some of its Slider settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks...

5.8AI score0.00329EPSS
Exploits2References1
Cvelist
Cvelist
added 2024/06/10 7:38 p.m.37 views

CVE-2024-36413 SuiteCRM authenticated Reflected Cross-Site Scripting

SuiteCRM is an open-source Customer Relationship Management CRM software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in the import module error view allows for a cross-site scripting attack. Versions 7.14.4 and 8.6.1 contain a fix for this issue...

8.9CVSS0.00313EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/05/31 5:38 p.m.57 views

CVE-2023-38551

A CRLF Injection vulnerability in Ivanti Connect Secure 9.x, 22.x allows an authenticated high-privileged user to inject malicious code on a victim’s browser, thereby leading to cross-site scripting attack...

8.2CVSS7.9AI score0.01003EPSS
Exploits0References1
OSV
OSV
added 2024/05/31 3:15 p.m.16 views

MGASA-2024-0199 Updated python-jinja2 packages fix security vulnerabilities

It was discovered that Jinja2 incorrectly handled certain HTML attributes that were accepted by the xmlattr filter. An attacker could use this issue to inject arbitrary HTML attribute keys and values to potentially execute a cross-site scripting XSS attack...

6.1CVSS6.2AI score0.00979EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/05/24 12:0 a.m.124 views

Ivanti Connect Secure 9.x / 22.x XSS Vulnerability

The Ivanti Connect Secure installed on the remote host is 9.x or 22.x. It is, therefore, affected by a CRLF vulnerability. This vulnerability allows an authenticated high-privileged user to inject malicious code on a victim’s browser, thereby leading to cross-site scripting attack. Note that...

8.2CVSS7.9AI score0.01003EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/04/15 12:0 a.m.4 views

PT-2024-24178 · Unknown · Cosmetics/Beauty Product Online Store

Name of the Vulnerable Software and Affected Versions: Cosmetics and Beauty Product Online Store version 1.0 Description: A cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search parameter. This enables attackers to...

6.1CVSS5.5AI score0.00426EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2024/04/07 12:0 a.m.4 views

PT-2024-25790 · Unknown · Puneethreddyhc Event Management

Name of the Vulnerable Software and Affected Versions: PuneethReddyHC Event Management version 1.0 Description: A problematic vulnerability has been found in the software. The issue affects an unknown function of the file /backend/register.php. The manipulation of the arguments event id, full nam...

5.4CVSS3.8AI score0.0055EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2023/11/15 3:47 a.m.14 views

CVE-2023-5986

A CWE-601 URL Redirection to Untrusted Site vulnerability exists that could cause an openredirect vulnerability leading to a cross site scripting attack. By providing a URL-encoded input attackers can cause the software’s web application to redirect to the chosen domain after a successful login i...

8.2CVSS6.2AI score0.00453EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/10/10 10:21 a.m.3 views

CVE-2023-44315

A vulnerability has been identified in SINEC NMS All versions V2.0. The affected application improperly sanitizes certain SNMP configuration data retrieved from monitored devices. An attacker with access to a monitored device could prepare a stored cross-site scripting XSS attack that may lead to...

4.7CVSS5.1AI score0.00296EPSS
Exploits0References2
NVD
NVD
added 2023/07/28 5:15 a.m.28 views

CVE-2023-32445

This issue was addressed with improved checks. This issue is fixed in Safari 16.6, watchOS 9.6, iOS 15.7.8 and iPadOS 15.7.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. Processing a document may lead to a cross site scripting attack...

6.1CVSS5.1AI score0.00475EPSS
Exploits0References6
Rows per page
Query Builder