Lucene search
K

8 matches found

OSV
OSV
added 2026/06/08 1:16 p.m.8 views

UBUNTU-CVE-2026-7186

Stored cross-site scripting in the URL dashboard widget in Checkmk 2.5.0p5, 2.4.0p31, 2.3.0p48, and all 2.2.0 versions allows a user with dashboard editing permissions to store a URL with a dangerous URI scheme such as javascript: that executes scripts in other users' browsers when they view the...

8.5CVSS5.2AI score0.00136EPSS
Exploits0References3
CVE
CVE
added 2026/04/15 5:0 a.m.16 views

CVE-2026-5160

Summary: CVE-2026-5160 affects the Go package github.com/yuin/goldmark/renderer/html prior to 1.7.17, where cross-site scripting (XSS) can occur due to the order of URL validation and entity resolution. The renderer checks destinations with IsDangerousURL before HTML entity decoding, allowing an ...

6.1CVSS6.1AI score0.00287EPSS
Exploits0References2Affected Software1
Packet Storm
Packet Storm
added 2023/09/05 12:0 a.m.286 views

WEBIGniter 28.7.23 Cross Site Scripting

Title: WEBIGniter-28.7.23-XSS-Reflected Author: nu11secur1ty Date: 09/04/2023 Vendor: https://webigniter.net/ Software: https://webigniter.net/demo Reference: https://portswigger.net/web-security/cross-site-scripting Description: The value of the redirect request parameter is copied into the valu...

7.1AI score
Exploits0
0day.today
0day.today
added 2023/07/04 12:0 a.m.176 views

SPIP v4.1.10 - Spoofing Admin account Vulnerability

Exploit Title: spip v4.1.10 - Spoofing Admin account Author: nu11secur1ty Vendor: https://www.spip.net/enrubrique25.html Software: https://files.spip.net/spip/archives/spip-v4.1.10.zip Reference: https://www.crowdstrike.com/cybersecurity-101/spoofing-attacks/ Description: The malicious user can...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2023/07/03 12:0 a.m.197 views

spip v4.1.10 - Spoofing Admin account

Exploit Title: spip v4.1.10 - Spoofing Admin account Author: nu11secur1ty Date: 06.29.2023 Vendor: https://www.spip.net/enrubrique25.html Software: https://files.spip.net/spip/archives/spip-v4.1.10.zip Reference: https://www.crowdstrike.com/cybersecurity-101/spoofing-attacks/ Description: The...

7.4AI score
Exploits0
FreeBSD
FreeBSD
added 2023/06/18 12:0 a.m.18 views

gitea -- Disallow dangerous URL schemes

The Gitea team reports: Disallow javascript, vbscript and data data uri images still work url schemes even if all other schemes are allowed...

7.1AI score
Exploits0References2
xssed
xssed
added 2008/02/02 12:0 a.m.15 views

Unfixed XSS vulnerability at forums.mirror.co.uk

Security researcher TreX, has submitted on 02/02/2008 a cross-site-scripting XSS vulnerability affecting forums.mirror.co.uk, which at the time of submission ranked 7506 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 16/03/2008. It is currentl...

Exploits0References1
Packet Storm
Packet Storm
added 2005/07/28 12:0 a.m.23 views

simplicityRemote.txt

--------------Boundary-00=B6O8YHI1VA4000000000 Content-Type: Text/Plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable 26/07/2005 16.09.18=0D =0D Simplicity OF Upload 1.3 possibly prior versons remote code execution =0D & cross site scripting=0D =0D software: =0D author site:...

7.4AI score
Exploits0
Rows per page
Query Builder