Lucene search
K

190 matches found

OSV
OSV
added 2026/03/27 6:6 p.m.3 views

GHSA-3C7F-5HGJ-H279 n8n has XSS in Chat Trigger Node through Custom CSS

Impact An authenticated user with permission to create or modify workflows could inject malicious JavaScript into the Custom CSS field of the Chat Trigger node. Due to a misconfiguration in the sanitize-html library, the sanitization could be bypassed, resulting in stored XSS on the public chat...

5.4CVSS5.8AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/13 1:18 a.m.3 views

CVE-2026-22209 wpDiscuz before 7.6.47 - Cross-Site Scripting via Unescaped Custom CSS in Style Tag

wpDiscuz before 7.6.47 contains a cross-site scripting vulnerability in the customCss field that allows administrators to inject malicious scripts by breaking out of style tags. Attackers with admin access can inject payloads like alert1 in the custom CSS setting to execute arbitrary JavaScript i...

5.5CVSS5.9AI score0.00222EPSS
Exploits0References3
CVE
CVE
added 2026/03/13 1:18 a.m.16 views

CVE-2026-22209

The CVE concerns wpDiscuz before 7.6.47, where a cross-site scripting (XSS) flaw exists in the customCss field. The underlying issue allows an administrator to break out of style tags and inject scripts (for example, ), enabling arbitrary JavaScript execution in the browsers of users. The vulnera...

5.5CVSS5.9AI score0.00222EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/03/13 1:18 a.m.24 views

CVE-2026-22209 wpDiscuz before 7.6.47 - Cross-Site Scripting via Unescaped Custom CSS in Style Tag

wpDiscuz before 7.6.47 contains a cross-site scripting vulnerability in the customCss field that allows administrators to inject malicious scripts by breaking out of style tags. Attackers with admin access can inject payloads like alert1 in the custom CSS setting to execute arbitrary JavaScript i...

5.5CVSS0.00222EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/02/15 7:10 a.m.8 views

CVE-2026-2027

The AMP Enhancer – Compatibility Layer for Official AMP Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the AMP Custom CSS setting in all versions up to, and including, 1.0.49 due to insufficient input sanitization and output escaping on user supplied attributes. This makes ...

4.4CVSS5.7AI score0.00202EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/14 4:35 a.m.3 views

CVE-2026-2027

The AMP Enhancer – Compatibility Layer for Official AMP Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the AMP Custom CSS setting in all versions up to, and including, 1.0.49 due to insufficient input sanitization and output escaping on user supplied attributes. This makes ...

4.4CVSS6AI score0.00202EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/02/14 4:35 a.m.3 views

CVE-2026-2027 AMP Enhancer <= 1.0.49 - Authenticated (Administrator+) Stored Cross-Site Scripting via AMP Custom CSS Setting

The AMP Enhancer – Compatibility Layer for Official AMP Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the AMP Custom CSS setting in all versions up to, and including, 1.0.49 due to insufficient input sanitization and output escaping on user supplied attributes. This makes ...

4.4CVSS5.7AI score0.00202EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/02/14 4:35 a.m.26 views

CVE-2026-2027 AMP Enhancer <= 1.0.49 - Authenticated (Administrator+) Stored Cross-Site Scripting via AMP Custom CSS Setting

The AMP Enhancer – Compatibility Layer for Official AMP Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the AMP Custom CSS setting in all versions up to, and including, 1.0.49 due to insufficient input sanitization and output escaping on user supplied attributes. This makes ...

4.4CVSS0.00202EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/02/13 10:7 p.m.7 views

WordPress AMP Enhancer plugin <= 1.0.49 - Authenticated (Administrator+) Stored Cross-Site Scripting via AMP Custom CSS Setting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via AMP Custom CSS Setting vulnerability discovered by Muqsith Barru - TCC in WordPress Plugin AMP Enhancer Compatibility Layer for Official AMP Plugin versions = 1.0.49...

4.4CVSS5.4AI score0.00202EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/01/20 9:15 a.m.3 views

CVE-2025-41768

An high privileged remote attacker can inject arbitrary content into the custom CSS field on the affected devices due to improper neutralization of input during web page generation 'Cross-site Scripting'...

5.5CVSS0.00207EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/20 8:2 a.m.3 views

CVE-2025-41768 Beckhoff: XSS Vulnerability in TwinCAT 3 HMI Server

An high privileged remote attacker can inject arbitrary content into the custom CSS field on the affected devices due to improper neutralization of input during web page generation 'Cross-site Scripting'...

5.5CVSS5.8AI score0.00207EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/20 8:2 a.m.21 views

CVE-2025-41768 Beckhoff: XSS Vulnerability in TwinCAT 3 HMI Server

An high privileged remote attacker can inject arbitrary content into the custom CSS field on the affected devices due to improper neutralization of input during web page generation 'Cross-site Scripting'...

5.5CVSS0.00207EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:38 p.m.25 views

CVE-2023-29112

The SAP Application Interface Message Monitoring - versions 600, 700, allows an authorized attacker to input links or headings with custom CSS classes into a comment. The comment will render links and custom CSS classes as HTML objects. After successful exploitations, an attacker can cause limite...

5.4CVSS6.7AI score0.00324EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:46 a.m.5 views

CVE-2025-23578

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bastien Ho Custom CSS Addons css-addons allows Reflected XSS.This issue affects Custom CSS Addons: from n/a through = 1.9.1...

7.1CVSS7.2AI score0.00378EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/30 5:9 p.m.2 views

CVE-2025-68878

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in prasadkirpekar Advanced Custom CSS advanced-custom-css allows Reflected XSS.This issue affects Advanced Custom CSS: from n/a through = 1.1.0...

7.1CVSS5.9AI score0.00146EPSS
Exploits0References1
CVE
CVE
added 2025/12/29 4:0 p.m.8 views

CVE-2025-68878

CVE-2025-68878 is a reflected XSS vulnerability in the Advanced Custom CSS WordPress plugin, caused by Improper Neutralization of Input During Web Page Generation. It affects Advanced Custom CSS versions up to 1.1.0 (no details on fixed version provided in the documents). The CVSS 3.1 metrics ind...

7.1CVSS5.9AI score0.00146EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/29 4:0 p.m.1 views

CVE-2025-68878 WordPress Advanced Custom CSS plugin <= 1.1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in prasadkirpekar Advanced Custom CSS advanced-custom-css allows Reflected XSS.This issue affects Advanced Custom CSS: from n/a through = 1.1.0...

7.1CVSS5.7AI score0.00146EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/29 4:0 p.m.26 views

CVE-2025-68878 WordPress Advanced Custom CSS plugin <= 1.1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in prasadkirpekar Advanced Custom CSS advanced-custom-css allows Reflected XSS.This issue affects Advanced Custom CSS: from n/a through = 1.1.0...

7.1CVSS0.00146EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/29 12:0 a.m.2 views

PT-2025-53749

Name of the Vulnerable Software and Affected Versions Prasadkirpekar Advanced Custom CSS versions through 1.1.0 Description The software contains a flaw related to improper input handling during web page creation, which allows for Reflected Cross-Site Scripting XSS. This means an attacker could...

7.1CVSS6AI score0.00146EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/12/29 12:0 a.m.2 views

WordPress plugin Advanced Custom CSS 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

7.1CVSS5.7AI score0.00146EPSS
Exploits0References2
Rows per page
Query Builder