Lucene search
K

358 matches found

NVD
NVD
added 2026/04/06 4:16 p.m.4 views

CVE-2026-31354

Multiple authenticated stored cross-site scripting XSS vulnerabilities in the Permissions module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Group, Category or Description parameters...

5.4CVSS0.00211EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/04/06 12:0 a.m.28 views

FeehiCMS 安全漏洞

FeehiCMS is a PHP-based CMS website building system developed by Liufee’s individual developers. The FeehiCMS v2.1.1 version contains a security vulnerability. This vulnerability stems from a storage-type cross-site scripting issue with the Group, Category, or Description parameters in the...

5.4CVSS5.9AI score0.00211EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/04/06 12:0 a.m.6 views

PT-2026-30668

Multiple authenticated stored cross-site scripting XSS vulnerabilities in the Permissions module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Group, Category or Description parameters...

6AI score0.00211EPSS
Exploits1References3
CVE
CVE
added 2026/04/06 12:0 a.m.8 views

CVE-2026-31354

CVE-2026-31354 refers to multiple authenticated stored XSS vulnerabilities in Feehi CMS v2.1.1, specifically in the Permissions module where payloads can be injected via Group, Category, or Description parameters. The issue is confirmed across connected sources (Red Hat CVE entry, ENISA/EUVD entr...

5.4CVSS6AI score0.00211EPSS
Exploits1References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/03 10:58 a.m.3 views

CVE-2026-5325

A vulnerability was determined in SourceCodester Simple Customer Relationship Management System 1.0. This issue affects some unknown processing of the file /create-ticket.php of the component Create Ticket. This manipulation of the argument Description causes cross site scripting. Remote...

5.1CVSS4.7AI score0.00191EPSS
Exploits0References1
NVD
NVD
added 2026/04/02 7:15 a.m.8 views

CVE-2026-5325

A vulnerability was determined in SourceCodester Simple Customer Relationship Management System 1.0. This issue affects some unknown processing of the file /create-ticket.php of the component Create Ticket. This manipulation of the argument Description causes cross site scripting. Remote...

5.1CVSS0.00191EPSS
Exploits0References5
CVE
CVE
added 2026/04/02 7:0 a.m.19 views

CVE-2026-5325

CVE-2026-5325 affects SourceCodester Simple Customer Relationship Management System 1.0. The issue lies in the Create Ticket component, specifically in /create-ticket.php where manipulating the Description argument causes cross-site scripting . Remote exploitation is possible, and the exploit has...

5.1CVSS4.5AI score0.00191EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/02 12:0 a.m.9 views

SourceCodester Simple Customer Relationship Management System 代码注入漏洞

SourceCodester Simple Customer Relationship Management System is a simple customer relationship management system developed under open source by SourceCodester. Version 1.0 of the SourceCodester Simple Customer Relationship Management System contains a code injection vulnerability. This...

5.1CVSS5.7AI score0.00191EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.7 views

PT-2026-29685

A vulnerability was determined in SourceCodester Simple Customer Relationship Management System 1.0. This issue affects some unknown processing of the file /create-ticket.php of the component Create Ticket. This manipulation of the argument Description causes cross site scripting. Remote...

5.1CVSS4.5AI score0.00191EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/03/27 2:12 p.m.29 views

CVE-2026-33758 OpenBao has Reflected XSS in its OIDC authentication error message

OpenBao is an open source identity-based secrets management system. Prior to version 2.5.2, OpenBao installations that have an OIDC/JWT authentication method enabled and a role with callbackmode=direct configured are vulnerable to XSS via the errordescription parameter on the page for a failed...

9.4CVSS0.00287EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/03/26 3:7 p.m.8 views

CVE-2026-31382

The errordescription parameter is vulnerable to Reflected XSS. An attacker can bypass the domain's WAF using a Safari-specific onpagereveal payload...

6.1CVSS6AI score0.00245EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/03/24 2:46 a.m.1 views

CVE-2026-4626 projectworlds Lawyer Management System lawyer_booking.php cross site scripting

A vulnerability has been found in projectworlds Lawyer Management System 1.0. This impacts an unknown function of the file /lawyerbooking.php. The manipulation of the argument Description leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the...

5.1CVSS4AI score0.00185EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/03/24 12:0 a.m.7 views

PT-2026-27308

Name of the Vulnerable Software and Affected Versions projectworlds Lawyer Management System version 1.0 Description A flaw exists in projectworlds Lawyer Management System 1.0. The issue is related to cross site scripting, triggered by manipulating the Description argument in the /lawyer...

5.1CVSS4.9AI score0.00185EPSS
Exploits1References7
CNNVD
CNNVD
added 2026/03/22 12:0 a.m.6 views

Aix-DB SQL注入漏洞

Aix-DB is an intelligent data analysis and visualization system developed by AiAdventurer developers. Versions of Aix-DB 1.2.3 and earlier have a SQL injection vulnerability. This vulnerability arises from incorrect operations with the parameter Description in the unknown functions of the file...

5.3CVSS6.1AI score0.00136EPSS
Exploits0References4
NVD
NVD
added 2026/03/20 2:16 p.m.4 views

CVE-2026-31382

The errordescription parameter is vulnerable to Reflected XSS. An attacker can bypass the domain's WAF using a Safari-specific onpagereveal payload...

6.1CVSS0.00245EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/20 1:4 p.m.1 views

CVE-2026-31382

The errordescription parameter is vulnerable to Reflected XSS. An attacker can bypass the domain's WAF using a Safari-specific onpagereveal payload...

6.1CVSS5.8AI score0.00303EPSS
Exploits1References2
EUVD
EUVD
added 2026/03/06 3:31 a.m.4 views

EUVD-2026-9963

A vulnerability was found in HSC Cybersecurity Mailinspector up to 5.3.2-3. Affected by this issue is some unknown functionality of the file /mailinspector/mliUserValidation.php of the component URL Handler. The manipulation of the argument errordescription results in cross site scripting. The...

5.3CVSS4.3AI score0.00269EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/02/23 1:30 p.m.5 views

CVE-2019-25443

Inventory Webapp contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through GET parameters. Attackers can supply malicious SQL payloads in the name, description, quantity, or catid parameters to add-item.php to execut...

8.8CVSS6.2AI score0.00232EPSS
Exploits0References1
NVD
NVD
added 2026/02/22 2:16 p.m.6 views

CVE-2019-25443

Inventory Webapp contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through GET parameters. Attackers can supply malicious SQL payloads in the name, description, quantity, or catid parameters to add-item.php to execut...

8.8CVSS0.00232EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/22 1:18 p.m.26 views

CVE-2019-25443 Inventory Webapp SQL Injection via add-item.php

Inventory Webapp contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through GET parameters. Attackers can supply malicious SQL payloads in the name, description, quantity, or catid parameters to add-item.php to execut...

8.8CVSS0.00232EPSS
Exploits0References2
Rows per page
Query Builder