Lucene search
K

19 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-27283

Malware in sbrugna...

5.4CVSS5.5AI score0.00458EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-47945

Malicious code in bioql PyPI...

8.8CVSS8.6AI score0.00587EPSS
Exploits1References1
OSV
OSV
added 2025/07/28 4:41 p.m.8 views

GHSA-9Q4R-X2HJ-JMVR copyparty has DOM-Based XSS vulnerability when displaying multimedia metadata

Summary An unauthenticated attacker is able to execute arbitrary JavaScript code in a victim's browser due to improper sanitization of multimedia tags in music files, including m3u files. Details Multimedia metadata is rendered in the web-app without sanitization. This can be exploited in two way...

5.4CVSS7.1AI score0.00395EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/07/16 1:42 p.m.3 views

CVE-2025-53892 Intlify Vue I18n's escapeParameterHtml does not prevent DOM-based XSS via tag attributes like onerror

Vue I18n is the internationalization plugin for Vue.js. The escapeParameterHtml: true option in Vue I18n is designed to protect against HTML/script injection by escaping interpolated parameters. However, starting in version 9.0.0 and prior to versions 9.14.5, 10.0.8, and 11.1.0, this setting fail...

5.3CVSS5.9AI score0.0067EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2025/06/23 8:40 a.m.7 views

CVE-2025-50033

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sparklewpthemes Fitness Park fitness-park allows DOM-Based XSS.This issue affects Fitness Park: from n/a through = 1.1.1...

6.5CVSS5.9AI score0.00209EPSS
Exploits0References1
NVD
NVD
added 2025/06/10 11:15 p.m.8 views

CVE-2025-47102

Rejected reason: This CVE ID was issued in error by its CVE Numbering Authority and does not represent a valid vulnerability...

Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 12:1 p.m.5 views

CVE-2025-23890

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Tom Ewer Easy Tweet Embed easy-tweet-embed allows DOM-Based XSS.This issue affects Easy Tweet Embed: from n/a through = 1.7...

6.5CVSS7.2AI score0.00357EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:7 p.m.8 views

CVE-2021-40094

A DOM-based XSS vulnerability affects SquaredUp for SCOM 5.2.1.6654. If successfully exploited, this vulnerability may allow attackers to inject malicious code into a user's device...

5.4CVSS6.2AI score0.00458EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2025/04/24 12:0 a.m.3 views

PT-2025-17796 · Unknown · Peadig'S Google +1 Button

Name of the Vulnerable Software and Affected Versions: Peadig’s Google +1 Button versions 0.1.2 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for DOM-Based XSS. This can be exploited through the Peadig’s Google +1 Button...

6.5CVSS6.6AI score0.00215EPSS
Exploits0References3
NVD
NVD
added 2025/03/31 11:15 a.m.16 views

CVE-2025-31419

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themeix Churel allows DOM-Based XSS.This issue affects Churel: from n/a through 1.0.8...

6.5CVSS0.00189EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/27 10:54 a.m.3 views

CVE-2025-30786 WordPress Quotes llama plugin <= 3.1.0 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in oooorgle Quotes llama quotes-llama allows DOM-Based XSS.This issue affects Quotes llama: from n/a through = 3.1.0...

6.5CVSS7.3AI score0.00312EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/02/26 8:6 p.m.15 views

copyparty renders unsanitized filenames as HTML when user uploads empty files

Summary A DOM-Based XSS was discovered in copyparty, a portable fileserver. The vulnerability is considered low-risk. Details By handing someone a maliciously-named file, and then tricking them into dragging the file into copyparty's Web-UI, an attacker could execute arbitrary javascript with the...

6.1CVSS4.5AI score0.00426EPSS
Exploits1References5Affected Software1
RedhatCVE
RedhatCVE
added 2025/02/05 2:44 p.m.7 views

CVE-2020-6847

OpenTrade through 0.2.0 has a DOM-based XSS vulnerability that is executed when an administrator attempts to delete a message that contains JavaScript...

7.6CVSS6AI score0.00927EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/02/26 12:0 a.m.6 views

PT-2024-21387 · Tabatkins · Railroad-Diagrams

Name of the Vulnerable Software and Affected Versions: tabatkins/railroad-diagrams versions before commit ea9a123 Description: A DOM based cross-site scripting XSS vulnerability in the component generator.html of tabatkins/railroad-diagrams allows attackers to execute arbitrary Javascript via...

6.1CVSS5.9AI score0.00429EPSS
Exploits0References6
NVD
NVD
added 2023/12/15 11:15 a.m.19 views

CVE-2023-48591

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting DOM-based XSS vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the...

5.4CVSS0.00597EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/12/15 10:15 a.m.22 views

CVE-2023-48609 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting DOM-based XSS vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the...

5.4CVSS5.4AI score0.00597EPSS
Exploits0References1
CVE
CVE
added 2021/08/03 3:30 p.m.53 views

CVE-2021-21576

Dell EMC iDRAC9 is affected by a DOM-based cross-site scripting (XSS) vulnerability in versions prior to 4.40.40.00. The issue enables an attacker to cause client-side code execution by persuading a user to click a specially crafted link, with user interaction required. The CVSS details indicate ...

6.1CVSS5.9AI score0.00866EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2020/08/10 10:15 p.m.19 views

Cross site scripting

In MyBB before version 1.8.24, the custom MyCode BBCode for the visual editor doesn't escape input properly when rendering HTML, resulting in a DOM-based XSS vulnerability. The weakness can be exploited by pointing a victim to a page where the visual editor is active e.g. as a post or Private...

4.3CVSS6AI score0.01317EPSS
Exploits0References3Affected Software1
Packet Storm
Packet Storm
added 2011/11/28 12:0 a.m.36 views

Social Book Facebook Clone Script Cross Site Scripting

Exploit Title: Social Book Facebook Clone Script Reflected XSS Vulnerability Date: 2011 Author: Eyup CELIK Version: All Version Tested on: All versions are Vulnerability Web Site: www.eyupcelik.com.tr ISSUE XSS can be done using the command input Vulnerable Page: signup.php lostpass.php login.php...

Exploits0
Rows per page
Query Builder