Lucene search
+L

35 matches found

ATTACKERKB
ATTACKERKB
added 2026/07/08 4:9 p.m.4 views

CVE-2026-59895

Hono is a Web application framework that provides support for any JavaScript runtime. From 4.0.0 before 4.12.27, cx in hono/css composes class names from plain strings but marks the result as already escaped without HTML-escaping the input, allowing untrusted className values used in a JSX class...

6.1CVSS6.1AI score0.00187EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.8 views

PT-2026-56505

Name of the Vulnerable Software and Affected Versions Hono versions 4.0.0 through 4.12.26 Description The cx function in hono/css composes class names from plain strings but marks the result as already escaped without performing HTML-escaping on the input. This allows untrusted className values...

6.1CVSS6.2AI score0.00187EPSS
Exploits0References9
NVD
NVD
added 2026/06/15 2:16 a.m.12 views

CVE-2026-12202

A vulnerability has been found in Intelliants Subrion CMS up to 4.0.3. Affected by this issue is some unknown functionality of the component Blocks Endpoint. Such manipulation of the argument CSS class name leads to cross site scripting. The attack may be launched remotely. The exploit has been...

4.8CVSS0.00214EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/06/15 12:45 a.m.9 views

CVE-2026-12202 Intelliants Subrion CMS Blocks Endpoint cross site scripting

A vulnerability has been found in Intelliants Subrion CMS up to 4.0.3. Affected by this issue is some unknown functionality of the component Blocks Endpoint. Such manipulation of the argument CSS class name leads to cross site scripting. The attack may be launched remotely. The exploit has been...

4.8CVSS3.7AI score0.00214EPSS
Exploits0References6
NVD
NVD
added 2026/06/09 5:16 a.m.14 views

CVE-2026-41846

Spring MVC applications which accept user-supplied values in the cssClass, cssErrorClass, or cssStyle attributes of JSP form tags allow arbitrary HTML/JavaScript code injection, potentially resulting in a cross-site scripting XSS vulnerability. Affected versions: Spring Framework 7.0.0 through...

6.1CVSS0.0014EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/06/09 3:50 a.m.13 views

CVE-2026-41846

Spring MVC applications which accept user-supplied values in the cssClass, cssErrorClass, or cssStyle attributes of JSP form tags allow arbitrary HTML/JavaScript code injection, potentially resulting in a cross-site scripting XSS vulnerability. Affected versions: Spring Framework 7.0.0 through...

6.1CVSS5.4AI score0.0014EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.22 views

PT-2026-47657

Name of the Vulnerable Software and Affected Versions Spring Framework versions 7.0.0 through 7.0.7 Spring Framework versions 6.2.0 through 6.2.18 Spring Framework versions 6.1.0 through 6.1.27 Spring Framework versions 5.3.0 through 5.3.48 Description Spring MVC applications that accept...

6.1CVSS5AI score0.0014EPSS
Exploits0References9
UbuntuCve
UbuntuCve
added 2026/06/09 12:0 a.m.2 views

CVE-2026-41846

Spring MVC applications which accept user-supplied values in the cssClass, cssErrorClass, or cssStyle attributes of JSP form tags allow arbitrary HTML/JavaScript code injection, potentially resulting in a cross-site scripting XSS vulnerability. Affected versions: Spring Framework 7.0.0 through...

6.1CVSS6.1AI score0.0014EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.18 views

Spring Framework 跨站脚本漏洞

The Spring Framework is an application development framework developed by Spring in open source. Versions 7.0.0 to 7.0.7, 6.2.0 to 6.2.18, 6.1.0 to 6.1.27, and 5.3.0 to 5.3.48 have cross-site scripting vulnerabilities. These vulnerabilities stem from the cssClass, cssErrorClass, or cssStyle...

6.1CVSS5.2AI score0.0014EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:28 p.m.9 views

CVE-2026-4811

The WPB Floating Menu & Categories for WordPress – Sticky Side Menu with Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Icon CSS Class' category field in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping. This mak...

4.9CVSS5.7AI score0.00311EPSS
Exploits0References1
NVD
NVD
added 2026/05/21 4:16 a.m.24 views

CVE-2026-4811

The WPB Floating Menu & Categories for WordPress – Sticky Side Menu with Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Icon CSS Class' category field in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping. This mak...

4.9CVSS0.00311EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/21 2:27 a.m.10 views

EUVD-2026-31208

The WPB Floating Menu & Categories for WordPress – Sticky Side Menu with Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Icon CSS Class' category field in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping. This mak...

4.9CVSS6AI score0.00311EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/21 2:27 a.m.6 views

CVE-2026-4811

The WPB Floating Menu & Categories for WordPress – Sticky Side Menu with Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Icon CSS Class' category field in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping. This mak...

4.9CVSS6AI score0.00311EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.13 views

PT-2026-42393

The WPB Floating Menu & Categories for WordPress – Sticky Side Menu with Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Icon CSS Class' category field in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping. This mak...

4.9CVSS6AI score0.00311EPSS
Exploits0References3
Snyk
Snyk
added 2025/12/01 11:4 p.m.4 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview mdast-util-to-hast is a mdast utility to transform to hast Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes in the class attribute in rendered markdown code elements. An attacker can cause arbitrary CSS...

6.9CVSS6.9AI score0.0026EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-33916

Malicious code in bioql PyPI...

5.4CVSS5.8AI score0.00499EPSS
Exploits0References2
OSV
OSV
added 2024/06/01 5:15 a.m.8 views

CVE-2023-6382

The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'msslide' shortcode in all versions up to, and including, 3.9.9 due to insufficient input sanitization and output escaping on user supplied 'cssclass' attribute. This mak...

5.4CVSS6AI score0.00323EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/06/01 12:0 a.m.12 views

PT-2024-14942 · WordPress · The Master Slider

Name of the Vulnerable Software and Affected Versions: The Master Slider – Responsive Touch Slider plugin for WordPress versions up to, and including, 3.9.9 Description: The issue arises from insufficient input sanitization and output escaping on the user-supplied css class attribute in the...

6.4CVSS6.8AI score0.00323EPSS
Exploits0References7
Huntr
Huntr
added 2023/09/14 11:39 a.m.19 views

Stored XSS at LOGO+USER menu

Description Please enter a description of the vulnerability. Proof of Concept login with admin account visit https://demo.instantcms.io/admin/widgets?templatename=modern&scrollto=row-14 navigate to logo+user menu tab insert payload 1" onmouseover = "alert'hackedbytisha' at Parent row Tag CSS clas...

6.5AI score
Exploits0References1
Prion
Prion
added 2023/05/26 9:15 p.m.23 views

Input validation

Highlight is an open source, full-stack monitoring platform. Highlight may record passwords on customer deployments when a password html input is switched to type="text" via a javascript "Show Password" button. This differs from the expected behavior which always obfuscates type="password" inputs...

4CVSS6.4AI score0.00285EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder