Lucene search
K

358 matches found

Positive Technologies
Positive Technologies
added 2025/10/02 12:0 a.m.4 views

PT-2025-40338

Name of the Vulnerable Software and Affected Versions Ekushey CRM version 5.0 Description A stored cross site scripting issue exists in Ekushey CRM version 5.0 due to insufficient validation of user-supplied data. The issue is located in the project file upload functionality via the...

5.1CVSS5.9AI score0.00193EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/10/02 12:0 a.m.4 views

PT-2025-40337

Name of the Vulnerable Software and Affected Versions Ekushey CRM version 5.0 Description A stored Cross Site Scripting issue exists in Ekushey CRM version 5.0 due to insufficient validation of user-supplied data. The issue is located in the project bug creation functionality, accessible via the...

5.1CVSS5.9AI score0.00193EPSS
Exploits0References6
NVD
NVD
added 2025/10/01 8:18 p.m.6 views

CVE-2025-57444

An authenticated cross-site scripting XSS vulnerability in the Administrative interface of Radware AlteonOS Web UI Management v33.0.4.50 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Description parameter...

6.1CVSS0.00192EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/01 12:0 a.m.9 views

CVE-2025-57444

An authenticated cross-site scripting XSS vulnerability in the Administrative interface of Radware AlteonOS Web UI Management v33.0.4.50 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Description parameter...

0.00192EPSS
Exploits0References1
CVE
CVE
added 2025/10/01 12:0 a.m.15 views

CVE-2025-57444

Radware AlteonOS Web UI Management (v33.0.4.50) has an authenticated XSS in the Administrative interface caused by insufficient validation of the Description parameter, enabling injection of arbitrary web scripts/HTML. Documented impact is arbitrary script execution within the authenticated user ...

6.1CVSS5.3AI score0.00192EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/01 12:0 a.m.3 views

CVE-2025-57444

An authenticated cross-site scripting XSS vulnerability in the Administrative interface of Radware AlteonOS Web UI Management v33.0.4.50 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Description parameter...

5.3AI score0.00192EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/10/01 12:0 a.m.8 views

PT-2025-40293

Name of the Vulnerable Software and Affected Versions Radware AlteonOS Web UI Management version 33.0.4.50 Description A security issue exists in the Administrative interface of Radware AlteonOS Web UI Management. An attacker with authentication can inject a crafted payload into the Description...

6.1CVSS5.8AI score0.00192EPSS
Exploits0References4
OSV
OSV
added 2025/09/22 9:15 a.m.7 views

CVE-2025-10790

A security flaw has been discovered in SourceCodester Simple Forum Discussion System 1.0. This affects an unknown function of the file /ajax.php?action=savecategory. The manipulation of the argument Description results in sql injection. The attack can be executed remotely. The exploit has been...

8.8CVSS5.8AI score0.00308EPSS
Exploits1References5
NVD
NVD
added 2025/09/22 9:15 a.m.6 views

CVE-2025-10790

A security flaw has been discovered in SourceCodester Simple Forum Discussion System 1.0. This affects an unknown function of the file /ajax.php?action=savecategory. The manipulation of the argument Description results in sql injection. The attack can be executed remotely. The exploit has been...

8.8CVSS0.00308EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/09/22 12:0 a.m.4 views

PT-2025-38700

Name of the Vulnerable Software and Affected Versions SourceCodester Simple Forum Discussion System version 1.0 Description A security flaw exists in SourceCodester Simple Forum Discussion System version 1.0. The issue involves SQL injection, which can be triggered by manipulating the Description...

8.8CVSS6.4AI score0.00308EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2025/09/17 12:0 a.m.4 views

PT-2025-38105

Name of the Vulnerable Software and Affected Versions: Portabilis i-Educar versions up to 2.10 Description: A vulnerability exists in Portabilis i-Educar up to version 2.10. The issue is related to cross site scripting in the file /intranet/educar calendario anotacao cad.php. Manipulation of the ...

5.1CVSS3.7AI score0.00261EPSS
Exploits0References8
CNNVD
CNNVD
added 2025/09/14 12:0 a.m.6 views

Selleo Mentingo 代码注入漏洞

Selleo Mentingo is an in-house training and employee development platform from Selleo Poland. A code injection vulnerability exists in Selleo Mentingo version 2025.08.27, which stems from an incorrect manipulation of the parameter Description in the file /api/course/enroll-course, which could lea...

5.1CVSS4.8AI score0.00233EPSS
Exploits0References5
OSV
OSV
added 2025/09/05 9:32 p.m.2 views

GHSA-XMCW-MV9P-7PQ2 Duplicate Advisory: Keycloak error_description injection on error pages that can trigger phishing attacks

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-27gc-wj6x-9w55. This link is maintained to preserve external references. Original Description A flaw was found in Keycloak. Keycloak’s account console and other pages accept arbitrary text in the errordescriptio...

4.3CVSS5.8AI score0.00291EPSS
Exploits0References8
OSV
OSV
added 2025/09/05 8:15 p.m.4 views

CVE-2025-10044

A flaw was found in Keycloak. Keycloak’s account console and other pages accept arbitrary text in the errordescription query parameter. This text is directly rendered in error pages without validation or sanitization. While HTML encoding prevents XSS, an attacker can craft URLs with misleading...

4.3CVSS5.8AI score0.00291EPSS
Exploits0References7
Snyk
Snyk
added 2025/09/05 12:0 a.m.1 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the errordescription query parameter, which is rendered directly on error pages without validation or sanitization. An attacker can display misleading messages within the trusted user interface by crafting...

5.1CVSS3.6AI score0.00291EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/08/31 12:0 a.m.15 views

O2OA 安全漏洞

O2OA is an enterprise application development platform from O2OA Open Source. A security vulnerability exists in O2OA version 10.0-410 and earlier, which stems from a cross-site scripting attack due to incorrect manipulation of the parameter description/queryName in the file...

5.4CVSS4.3AI score0.00302EPSS
Exploits1References7
Cvelist
Cvelist
added 2025/08/29 3:2 p.m.10 views

CVE-2025-9655 O2OA Personal Profile person cross site scripting

A weakness has been identified in O2OA up to 10.0-410. This affects an unknown part of the file /xorganizationassemblecontrol/jaxrs/person/ of the component Personal Profile Page. Executing manipulation of the argument Description can lead to cross site scripting. The attack can be launched...

5.1CVSS0.00238EPSS
Exploits1References5
NVD
NVD
added 2025/08/26 2:15 a.m.4 views

CVE-2025-9434

A vulnerability was determined in 1000projects Online Project Report Submission and Evaluation System 1.0. This affects an unknown function of the file /admin/edittitle.php?id=1. Executing manipulation of the argument desc can lead to cross site scripting. The attack may be launched remotely. The...

6.1CVSS0.00337EPSS
Exploits1References4
CVE
CVE
added 2025/08/26 1:2 a.m.26 views

CVE-2025-9434

The CVE-2025-9434 issue affects 1000projects Online Project Report Submission and Evaluation System 1.0. A cross-site scripting vulnerability exists in the file path /admin/edit_title.php?id=1 when the desc parameter is manipulated. The vulnerability can be exploited remotely, and public disclosu...

6.1CVSS6.5AI score0.00337EPSS
Exploits1References4Affected Software1
Hacker One
Hacker One
added 2025/08/03 6:4 p.m.7 views

U.S. Dept Of Defense: Cross-Site Scripting via 'EVENT_DESCRIPTION' parameter

A Cross-Site Scripting XSS vulnerability was discovered in the POST method on the website, specifically through the EVENTDESCRIPTION parameter. Exploitation of this vulnerability could have led to severe consequences, including session hijacking. The vulnerability was caused by insufficient...

5.9AI score
Exploits0
Rows per page
Query Builder