Lucene search
K

1206691 matches found

Nuclei
Nuclei
added 10 hours ago8 views

WordPress Competition Form Plugin <= 2.0 - Cross-Site Scripting

Competition Form WordPress plugin = 2.0 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires victim to visit a...

7.1CVSS7AI score0.00566EPSS
Exploits1References2
Nuclei
Nuclei
added 10 hours ago24 views

MemberSpace WordPress - Cross-Site Scripting

MemberSpace WordPress plugin 2.1.14 contains a reflected XSS caused by unsanitized and unescaped parameter output, letting unauthenticated attackers execute scripts, exploit requires no authentication. id: CVE-2024-13727 info: name: MemberSpace WordPress - Cross-Site Scripting author: Sourabh-Sah...

6.1CVSS7.1AI score0.00564EPSS
Exploits1References2
Nuclei
Nuclei
added 10 hours ago16 views

iBuildApp <= 0.2.0 - Reflected Cross-Site Scripting

iBuildApp WordPress plugin through 0.2.0 contains a reflected cross-site scripting caused by unsanitized parameter output in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to craft a malicious URL. id: CVE-2024-13326 info:...

6.1CVSS7AI score0.00567EPSS
Exploits1References2
Nuclei
Nuclei
added 10 hours ago29 views

WP-Lister Lite for Amazon <= 2.6.16 - Cross-Site Scripting

The WP-Lister Lite for Amazon plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.6.16 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages tha...

7.1CVSS6.2AI score0.0063EPSS
Exploits0References3
Nuclei
Nuclei
added 10 hours ago33 views

ChangeDetection.io <= v0.50.33 - Stored XSS via Watch API

changedetection.io = 0.50.34 contains a stored cross site scripting caused by insufficient security checks in the Watch update API, letting attackers execute arbitrary JavaScript when users preview malicious links, exploit requires user interaction id: CVE-2025-62780 info: name: ChangeDetection.i...

5.4CVSS6AI score0.00441EPSS
Exploits1References2
Nuclei
Nuclei
added 10 hours ago10 views

Vite dev server - Cross-Site Scripting

Vite's dev server, when used with appType: 'custom' and manually invoking server.transformIndexHtml using the unmodified request URL, is vulnerable to XSS via a crafted URL payload. If the HTML being served includes an inline module script ..., an attacker can inject a script via the URL,...

6.1CVSS6.7AI score0.00997EPSS
Exploits1References2
Nuclei
Nuclei
added 10 hours ago8 views

SiYuan <= v3.5.9 - Cross Site Scripting

SiYuan v3.5.10 contains a reflected XSS caused by improper sanitization of javascript: href attributes allowing ASCII control characters to bypass prefix checks in SVG sanitizer, letting unauthenticated attackers execute JavaScript via /api/icon/getDynamicIcon. id: CVE-2026-31809 info: name: SiYu...

6.4CVSS7.1AI score0.00505EPSS
Exploits1References2
Nuclei
Nuclei
added 10 hours ago21 views

Pi-hole Reflected XSS in 404-Error Page

Pi-hole Admin Interface = 6.2.1 contains a reflected XSS vulnerability on the 404 error page. The URL path is reflected unsanitized into the class attribute of the body tag, allowing attribute injection via a crafted URL to execute arbitrary JavaScript in victim browsers. id: CVE-2025-53533 info:...

6.1CVSS6.8AI score0.00564EPSS
Exploits2References2
Nuclei
Nuclei
added 10 hours ago6 views

SiYuan Note - Cross-Site Scripting

Unauthenticated reflected cross-site scripting XSS vulnerability in all versions of SiYuan Note containing /api/icon/getDynamicIcon with unsafe type=8 rendering logic. Attacker-controlled content is inserted directly into SVG output without proper sanitization. An attacker can execute arbitrary...

9.3CVSS7.2AI score0.00625EPSS
Exploits1References2
Nuclei
Nuclei
added 10 hours ago155 views

SiYuan Note - Cross-Site Scripting

SiYuan Note through version 3.6.1 is vulnerable to unauthenticated reflected Cross-Site Scripting XSS in the /api/icon/getDynamicIcon endpoint due to improper filtering of SVG elements with a namespace prefix such as . By using a namespaced script element, attackers can bypass the SanitizeSVG...

8.6CVSS6.3AI score0.00469EPSS
Exploits1References2
Nuclei
Nuclei
added 10 hours ago30 views

WP Pricing Table - Reflected XSS

WP Pricing Table WordPress plugin = 1.1 contains a reflected cross-site scripting caused by unsanitized parameter output, letting attackers execute scripts in the context of high privilege users, exploit requires attacker to craft malicious URL. id: CVE-2024-13628 info: name: WP Pricing Table -...

6.1CVSS7AI score0.00641EPSS
Exploits1References1
Nuclei
Nuclei
added 10 hours ago36 views

ECT Home Page Products - Reflected XSS

ECT Home Page Products WordPress plugin through 1.9 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users such as admin, exploit...

6.1CVSS7AI score0.00577EPSS
Exploits1References1
Nuclei
Nuclei
added 10 hours ago14 views

Musicbox WordPress - Reflected XSS

contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to craft a malicious URL. id: CVE-2024-13327 info:...

6.1CVSS7AI score0.00567EPSS
Exploits1References2
Nuclei
Nuclei
added 10 hours ago56 views

Post Sync Plugin <= 1.1 - Cross-Site Scripting

Post Sync WordPress plugin = 1.1 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to craft a maliciou...

6.1CVSS7AI score0.0061EPSS
Exploits1References2
Nuclei
Nuclei
added 10 hours ago13 views

Bulk Me Now! Plugin <= 2.0 - Cross-Site Scripting

Bulk Me Now! WordPress plugin = 2.0 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to craft a...

7.1CVSS7AI score0.00532EPSS
Exploits1References2
Nuclei
Nuclei
added 10 hours ago5 views

OWL Carousel Slider - Cross-Site Scripting

OWL Carousel Slider WordPress plugin v2.2 contains a reflected cross-site scripting caused by unsanitized parameter output in the page, letting attackers execute arbitrary scripts in the context of high privilege users, exploit requires attacker to craft malicious URL. id: CVE-2024-13627 info:...

4.7CVSS7.2AI score0.00805EPSS
Exploits1References1
Nuclei
Nuclei
added 10 hours ago40 views

Widget4Call WordPress - Cross-Site Scripting

Widget4Call WordPress plugin = 1.0.7 contains a reflected cross-site scripting caused by unsanitized parameter output in the page, letting attackers execute arbitrary scripts in the context of high privilege users, exploit requires attacker to craft a malicious URL. id: CVE-2024-13099 info: name:...

5.4CVSS7.2AI score0.00674EPSS
Exploits1References1
Nuclei
Nuclei
added 10 hours ago33 views

Plone Docker - Host Header Injection

Plone Docker Official Image 5.2.13 5221 is vulnerable to Host Header Injection due to improper validation of input by the HOST headers. This can lead to Cross-Site Scripting XSS attacks when the malicious Host header value is reflected in the response. id: CVE-2024-23055 info: name: Plone Docker ...

6.1CVSS6.8AI score0.00911EPSS
Exploits1References3
Nuclei
Nuclei
added 10 hours ago59 views

Changedetection.io RSS Single Watch - Cross-Site Scripting

changedetection.io 0.54.1 contains a stored XSS caused by unescaped reflection of UUID path parameter in RSS single-watch endpoint, letting remote attackers execute JavaScript in victim's browser, exploit requires victim to visit crafted URL. id: CVE-2026-27645 info: name: Changedetection.io RSS...

6.1CVSS6.2AI score0.00445EPSS
Exploits1References3
Nuclei
Nuclei
added 10 hours ago8 views

LifterLMS < 8.0.1 - Cross-Site Scripting

LifterLMS WordPress plugin before 8.0.1 contains a reflected XSS caused by unsanitized and unescaped parameter output, letting attackers execute scripts against high privilege users such as admin via a crafted request. id: CVE-2024-13619 info: name: LifterLMS 8.0.1 - Cross-Site Scripting author:...

6.1CVSS6.2AI score0.00521EPSS
Exploits1References3
Rows per page
Query Builder