Lucene search
K

266 matches found

CNVD
CNVD
added 2026/04/15 12:0 a.m.4 views

Adobe Connect Cross-Site Scripting Vulnerability (CNVD-2026-19445)

Adobe Connect is a software for creating meeting environments from the American company Audobee Adobe. Adobe Connect suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute malicious JavaScript in the context of the victim's browser by manipulating the DO...

9.3CVSS5.7AI score0.00119EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.3 views

PT-2026-28298

Name of the Vulnerable Software and Affected Versions HCL Aftermarket DPC affected versions not specified Description HCL Aftermarket DPC is susceptible to a Cross Domain Script Include issue. An attacker can use external scripts to manipulate the Document Object Model DOM, potentially changing t...

5.3CVSS5.8AI score0.00013EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/11 12:0 a.m.3 views

OpenProject 跨站脚本漏洞

OpenProject is an open-source web-based project management software. Versions of OpenProject prior to 17.2.0 had a cross-site scripting vulnerability. This vulnerability stemmed from improper Markdown rendering validation in OpenProject, especially in the handling of hyperlinks. It could allow...

6.5CVSS5.6AI score0.00103EPSS
Exploits0References1
CVE
CVE
added 2026/03/10 9:27 p.m.5 views

CVE-2026-31822

Sylius (PHP/Symfony eCommerce framework) has an XSS vulnerability in the shop checkout login form handled by ApiLoginController. When a login fails, AuthenticationFailureHandler returns a JSON message that is rendered into the DOM via innerHTML, allowing injected HTML/JS in the message to execute...

6.1CVSS5.7AI score0.00051EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/03/10 12:0 a.m.2 views

GitHub Enterprise Server 安全漏洞

GitHub Enterprise Server is an open-source application developed by GitHub in the United States. It provides a scalable and easy-to-manage platform by allowing users to set their GitHub instances as virtual devices. Prior to version 3.20 of GitHub Enterprise Server, there was a security...

7.4CVSS5.6AI score0.00034EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/09 6:32 p.m.23 views

CVE-2026-25230 FileRise affected by HTML Injection using color property in file tags

FileRise is a self-hosted web file manager / WebDAV server. Prior to 3.3.0, an HTML Injection vulnerability allows an authenticated user to modify the DOM and add e.g. form elements that call certain endpoints or link elements that redirect the user on active interaction. This vulnerability is...

4.6CVSS0.00057EPSS
Exploits1References4
GithubExploit
GithubExploit
added 2026/02/06 7:40 a.m.135 views

davids-xss-lab

XSS Attack & Defense EXPERIMENT 1: Stored XSS Attack aler...

5.2AI score
Exploits0
GithubExploit
GithubExploit
added 2026/02/06 7:40 a.m.123 views

davids-xss-attack-defense

XSS Attack & Defense EXPERIMENT 1: Stored XSS Attack aler...

5.2AI score
Exploits0
OSV
OSV
added 2026/02/03 8:15 p.m.1 views

CVE-2025-10878

A SQL injection vulnerability exists in the login functionality of Fikir Odalari AdminPando 1.0.1 before 2026-01-26. The username and password parameters are vulnerable to SQL injection, allowing unauthenticated attackers to bypass authentication completely. Successful exploitation grants full...

10CVSS5.9AI score0.0019EPSS
Exploits2References2
CVE
CVE
added 2026/02/03 12:0 a.m.13 views

CVE-2025-10878

The CVE-2025-10878 entry describes a SQL injection in the login for Fikir Odalari AdminPando 1.0.1 (pre-2026-01-26) that allows unauthenticated bypass of authentication and full admin access, including HTML/DOM content manipulation. Connected advisories confirm the issue affects AdminPando prior ...

10CVSS5.7AI score0.0019EPSS
Exploits2References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.5 views

MiracleLinux 9 : tbb-2020.3-8.el9_5.1 (AXSA:2025-9628:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9628:01 advisory. jquery: Untrusted code execution via tag in HTML passed to DOM manipulation methods CVE-2020-11023 Tenable has extracted the preceding description block...

6.9CVSS7.5AI score0.34098EPSS
Exploits6References2
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.3 views

MiracleLinux 9 : doxygen-1.9.1-12.el9_5 (AXSA:2025-9657:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9657:01 advisory. jquery: Untrusted code execution via tag in HTML passed to DOM manipulation methods CVE-2020-11023 Tenable has extracted the preceding description block...

6.9CVSS7.4AI score0.34098EPSS
Exploits6References2
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.2 views

MiracleLinux 9 : gcc-11.5.0-5.el9_5.ML.1 (AXSA:2025-9691:09)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9691:09 advisory. jquery: Untrusted code execution via tag in HTML passed to DOM manipulation methods CVE-2020-11023 Tenable has extracted the preceding description block...

6.9CVSS7.3AI score0.34098EPSS
Exploits6References2
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.5 views

MiracleLinux 7 : gcc-4.8.5-44.0.1.el7.AXS7 (AXSA:2025-9920:15)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9920:15 advisory. CVE-2020-11023: sanitize HTML content passed to DOM manipulation methods to prevent execution of untrusted code CVEs: CVE-2020-11023 In jQuery versions great...

6.9CVSS7.1AI score0.34098EPSS
Exploits6References2
Github Security Blog
Github Security Blog
added 2025/12/19 9:32 p.m.5 views

Tuta Mail has DOM attribute and CSS injection in its Contact Viewer feature

Impact Users importing contacts from untrusted sources. Specifically crafted contact data can lead to some of DOM modifications for the link button next to the field e.g. the link address can be overriden. CSS can be manipulated to give the button arbitrary look and change it's size so that any...

6.9AI score
Exploits0References8Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/18 6:46 p.m.7 views

CVE-2025-13537

The Live Composer – Free WordPress Website Builder plugin for WordPress is vulnerable to multiple Stored Cross-Site Scripting vulnerabilities via DOM manipulation in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping on user-supplied attributes. Th...

6.4CVSS5.4AI score0.00037EPSS
Exploits0References1
NVD
NVD
added 2025/12/17 7:16 p.m.2 views

CVE-2025-13537

The Live Composer – Free WordPress Website Builder plugin for WordPress is vulnerable to multiple Stored Cross-Site Scripting vulnerabilities via DOM manipulation in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping on user-supplied attributes. Th...

6.4CVSS0.00037EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/12/17 6:21 p.m.24 views

CVE-2025-13537 Live Composer – Free WordPress Website Builder <= 2.0.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting

The Live Composer – Free WordPress Website Builder plugin for WordPress is vulnerable to multiple Stored Cross-Site Scripting vulnerabilities via DOM manipulation in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping on user-supplied attributes. Th...

6.4CVSS0.00037EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/17 12:0 a.m.2 views

PT-2025-51860

The Live Composer – Free WordPress Website Builder plugin for WordPress is vulnerable to multiple Stored Cross-Site Scripting vulnerabilities via DOM manipulation in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping on user-supplied attributes. Th...

6.4CVSS5.4AI score0.00037EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2013-6262

Malware in sbrugna...

5.3CVSS5.6AI score0.00389EPSS
Exploits0References2
Rows per page
Query Builder