Lucene search
+L

11 matches found

EUVD
EUVD
added 2026/04/08 9:31 a.m.6 views

EUVD-2026-20393

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Elfsight Elfsight WhatsApp Chat CC elfsight-whatsapp-chat allows DOM-Based XSS.This issue affects Elfsight WhatsApp Chat CC: from n/a through = 1.2.0...

6.5CVSS5.9AI score0.0013EPSS
Exploits0References2
NVD
NVD
added 2025/09/22 7:15 p.m.5 views

CVE-2025-57938

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in themewant Easy Hotel Booking easy-hotel allows DOM-Based XSS.This issue affects Easy Hotel Booking: from n/a through = 1.9.0...

6.5CVSS0.00203EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/03 2:36 p.m.14 views

CVE-2025-58631 WordPress IssueM Plugin <= 2.9.0 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ZEEN101 IssueM issuem allows DOM-Based XSS.This issue affects IssueM: from n/a through = 2.9.0...

5.9CVSS0.00165EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/01/24 12:0 a.m.11 views

PT-2025-5546 · Unknown · Bookingpress

Name of the Vulnerable Software and Affected Versions: BookingPress versions 1.1.25 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for DOM-Based XSS. This means an attacker could potentially inject malicious scripts into...

6.5CVSS7.2AI score0.00296EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/12/02 12:0 a.m.6 views

PT-2024-35343 · Imbachat · Imbachat

Name of the Vulnerable Software and Affected Versions: ImbaChat versions prior to 3.1.4 Description: The issue is related to improper neutralization of input during web page generation, which allows for DOM-Based XSS. This means that an attacker could potentially inject malicious scripts into the...

6.5CVSS9.4AI score0.00285EPSS
Exploits0References3
Malwarebytes
Malwarebytes
added 2021/07/19 9:43 a.m.61 views

A week in security (July 12 – July 18)

Last week on Malwarebytes Labs: DNS-over-HTTPS takes another small step towards global domination Nope, that isn’t Elon Musk, and he isn’t offering a free Topmist Dust watch either Four in-the-wild exploits, 13 critical patches headline bumper Patch Tuesday Is crypto’s criminal rollercoaster...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2019/10/02 8:53 a.m.79 views

How SMBs Can Mitigate the Growing Risk of File-based Attacks

Cases of document-based malware are steadily rising. 59 percent of all malicious files detected in the first quarter of 2019 were contained in documents. Due to how work is done in today's offices and workplaces, companies are among those commonly affected by file-based attacks. Since small to...

0.5AI score
Exploits0
NVD
NVD
added 2018/10/01 8:29 p.m.30 views

CVE-2018-3982

An exploitable arbitrary write vulnerability exists in the Word document parser of the Atlantis Word Processor 3.0.2.3 and 3.0.2.5. A specially crafted document can prevent Atlas from adding elements to an array that is indexed by a loop. When reading from this array, the application will use an...

8.8CVSS8AI score0.0128EPSS
Exploits1References1
ThreatPost
ThreatPost
added 2017/01/31 7:0 a.m.14 views

Nested, Targeted Attacks Built for Reconnaissance

Researchers say members of the North Atlantic Treaty Organization were targeted during the holidays by a unique document-based attack that evades discovery by lying dormant when it detects a security researcher’s test environment. Characteristics of this attack, according to researchers at Cisco...

7.3AI score
Exploits0References2
ThreatPost
ThreatPost
added 2016/09/22 9:0 a.m.12 views

Malware Evades Detection with Novel Technique

Researchers have found a new strain of document-based macro malware that evades discovery by lying dormant when it detects a security researcher’s test environment. The malware, according to researcher Caleb Fenton with security firm SentinelOne, evades detection simply by counting the number of...

0.1AI score
Exploits0References3
ThreatPost
ThreatPost
added 2016/02/18 6:59 a.m.15 views

Locky Ransomware Borrows Tricks from Dridex

It’s been difficult to keep track of all the different strains of ransomware that have plagued users over the last year or two. Unlike many of them the latest to grab headlines is spreading through a decidedly old school vector: document-based macros. Named Locky, the ransomware appears to borrow...

0.4AI score
Exploits0References16
Rows per page
Query Builder