Lucene search
+L

26 matches found

nvd
nvd
added last week7 views

CVE-2026-53963

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, a malicious second factor name on an attacker-controlled account was not escaped in the delete confirmation dialog, allowing stored cross-site scripting when an administrator impersonated that...

9CVSS0.00451EPSS
Exploits0References9
osv
osv
added last week4 views

CVE-2026-53963 Discourse: Stored-XSS in 2FA delete confirmation modal

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, a malicious second factor name on an attacker-controlled account was not escaped in the delete confirmation dialog, allowing stored cross-site scripting when an administrator impersonated that...

7.3CVSS6.1AI score0.00451EPSS
Exploits0References11
attackerkb
attackerkb
added last week6 views

CVE-2026-53963

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, a malicious second factor name on an attacker-controlled account was not escaped in the delete confirmation dialog, allowing stored cross-site scripting when an administrator impersonated that...

7.3CVSS5.8AI score0.00451EPSS
Exploits0References10Affected Software1
cve
cve
added last week8 views

CVE-2026-53963

CVE-2026-53963 (Discourse) describes a stored XSS in the delete confirmation dialog for a malicious second-factor name on an attacker-controlled account. Affected software is Discourse (open-source discussion platform); vulnerable versions are prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5. ...

9CVSS5.8AI score0.00451EPSS
Exploits0References9Affected Software1
cvelist
cvelist
added last week35 views

CVE-2026-53963 Discourse: Stored-XSS in 2FA delete confirmation modal

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, a malicious second factor name on an attacker-controlled account was not escaped in the delete confirmation dialog, allowing stored cross-site scripting when an administrator impersonated that...

7.3CVSS0.00451EPSS
Exploits0References9
nvd
nvd
added 2026/06/22 4:16 p.m.12 views

CVE-2026-11942

Akaunting 3.1.21 contains an authenticated stored cross-site scripting vulnerability in the reusable delete confirmation flow. A user with permission to create or modify records, such as Items, can store HTML/JavaScript in the record name...

4.8CVSS0.00261EPSS
Exploits0References2
euvd
euvd
added 2026/06/22 3:18 p.m.8 views

EUVD-2026-38260

Akaunting 3.1.21 contains an authenticated stored cross-site scripting vulnerability in the reusable delete confirmation flow. A user with permission to create or modify records, such as Items, can store HTML/JavaScript in the record name...

4.8CVSS5.7AI score0.00261EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/06/22 3:18 p.m.3 views

CVE-2026-11942

Akaunting 3.1.21 contains an authenticated stored cross-site scripting vulnerability in the reusable delete confirmation flow. A user with permission to create or modify records, such as Items, can store HTML/JavaScript in the record name...

4.8CVSS5.7AI score0.00261EPSS
Exploits0References3Affected Software1
osv
osv
added 2026/06/22 3:18 p.m.2 views

CVE-2026-11942 Akaunting 3.1.21 - Stored XSS in delete confirmation modal

Akaunting 3.1.21 contains an authenticated stored cross-site scripting vulnerability in the reusable delete confirmation flow. A user with permission to create or modify records, such as Items, can store HTML/JavaScript in the record name...

4.8CVSS5.8AI score0.00261EPSS
Exploits0References4
cvelist
cvelist
added 2026/06/22 3:18 p.m.30 views

CVE-2026-11942 Akaunting 3.1.21 - Stored XSS in delete confirmation modal

Akaunting 3.1.21 contains an authenticated stored cross-site scripting vulnerability in the reusable delete confirmation flow. A user with permission to create or modify records, such as Items, can store HTML/JavaScript in the record name...

4.8CVSS0.00261EPSS
Exploits0References2
cve
cve
added 2026/06/22 3:18 p.m.19 views

CVE-2026-11942

CVE-2026-11942 affects Akaunting 3.1.21. The vulnerability is an authenticated stored cross-site scripting flaw in the reusable delete confirmation flow: a user with permission to create or modify records (e.g., Items) can store HTML/JavaScript in a record name, which could be reflected to other ...

4.8CVSS5.7AI score0.00261EPSS
Exploits0References2
redhatcve
redhatcve
added 2026/06/05 7:14 p.m.11 views

CVE-2026-4344

A maliciously crafted HTML payload in a component name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read loc...

7.1CVSS5.9AI score0.00204EPSS
Exploits0References1
nvd
nvd
added 2026/04/14 3:16 p.m.5 views

CVE-2026-4344

A maliciously crafted HTML payload in a component name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read loc...

7.1CVSS0.00204EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/04/14 1:56 p.m.3 views

CVE-2026-4344

A maliciously crafted HTML payload in a component name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read loc...

7.1CVSS6.1AI score0.00204EPSS
Exploits0References4Affected Software1
cvelist
cvelist
added 2026/04/14 1:47 p.m.27 views

CVE-2026-4369 Stored Cross-Site Scripting (XSS) Vulnerability in Assembly Variant Name

A maliciously crafted HTML payload in an assembly variant name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to...

7.1CVSS0.002EPSS
Exploits0References3
cve
cve
added 2026/04/14 1:47 p.m.18 views

CVE-2026-4369

The CVE-2026-4369 entry describes a Stored Cross-Site Scripting (XSS) vulnerability in Autodesk Fusion desktop app tied to a malicious payload in an assembly variant name. The vulnerability can be triggered when the affected variant name is rendered in the delete confirmation dialog, and a user c...

7.1CVSS6.1AI score0.002EPSS
Exploits0References3Affected Software1
vulnrichment
vulnrichment
added 2026/04/14 1:47 p.m.2 views

CVE-2026-4369 Stored Cross-Site Scripting (XSS) Vulnerability in Assembly Variant Name

A maliciously crafted HTML payload in an assembly variant name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to...

7.1CVSS6.1AI score0.002EPSS
Exploits0References3
snyk
snyk
added 2026/03/23 8:37 p.m.6 views

Cross-site Scripting (XSS)

Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Tag Delete Confirmation. An attacker can execute arbitrary JavaScript in the application's context by injecting malicious HTML into the tag name, which is then...

8.6CVSS5.9AI score0.00243EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/03/23 7:13 p.m.2 views

CVE-2026-33517 MantisBT Vulnerable to Stored HTML Injection in Tag Delete Confirmation

Mantis Bug Tracker MantisBT is an open source issue tracker. In version 2.28.0, when deleting a Tag tagdelete.php, improper escaping of its name when displaying the confirmation message allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript. Versi...

8.6CVSS6AI score0.00243EPSS
Exploits0References3
nvd
nvd
added 2026/01/22 5:16 p.m.8 views

CVE-2026-0533

A maliciously crafted HTML payload in a design name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local...

8.1CVSS0.0059EPSS
Exploits0References3
Rows per page
Query Builder