Lucene search
K

21 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 10:49 a.m.4 views

CVE-2022-37787

An issue was discovered in WeCube platform 3.2.2. A DOM XSS vulnerability has been found on the plugin database execution page...

6.1CVSS6.1AI score0.0055EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2017-0008

Malware in sbrugna...

6.1CVSS6.3AI score0.01955EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.20 views

EUVD-2025-12232

Malicious code in bioql PyPI...

6.8CVSS6AI score0.12241EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-43702

Malicious code in bioql PyPI...

7.3CVSS7.1AI score0.0045EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-48338

Malicious code in bioql PyPI...

5.4CVSS5.6AI score0.00522EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-40396

Malicious code in bioql PyPI...

6.1CVSS6.4AI score0.0055EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/05/23 6:36 a.m.12 views

CVE-2024-10858

The Jetpack WordPress plugin before 14.1 does not properly checks the postmessage origin in its 13.x versions, allowing it to be bypassed and leading to DOM-XSS. The issue only affects websites hosted on WordPress.com...

6.1CVSS6.7AI score0.00324EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:37 p.m.5 views

CVE-2020-29587

SimplCommerce 1.0.0-rc uses the Bootbox.js library, which allows creation of programmatic dialog boxes using Bootstrap modals. The Bootbox.js library intentionally does not perform any sanitization of user input, which results in a DOM XSS, because it uses the jQuery .html function to directly...

5.4CVSS6.8AI score0.00676EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 12:53 a.m.8 views

CVE-2015-9299

The events-manager plugin before 5.5.7.1 for WordPress has DOM XSS...

6.1CVSS7.1AI score0.00923EPSS
Exploits0References1
OSV
OSV
added 2025/04/25 7:14 a.m.10 views

BIT-GRAFANA-2025-2703

The built-in XY Chart plugin is vulnerable to a DOM XSS vulnerability. A user with Editor permissions is able to modify such a panel in order to make it execute arbitrary JavaScript...

6.8CVSS6.3AI score0.12241EPSS
Exploits0References3
NVD
NVD
added 2025/04/23 12:15 p.m.17 views

CVE-2025-2703

The built-in XY Chart plugin is vulnerable to a DOM XSS vulnerability. A user with Editor permissions is able to modify such a panel in order to make it execute arbitrary JavaScript...

6.8CVSS0.12241EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/04/23 11:36 a.m.9 views

CVE-2025-2703

The built-in XY Chart plugin is vulnerable to a DOM XSS vulnerability. A user with Editor permissions is able to modify such a panel in order to make it execute arbitrary JavaScript...

6.8CVSS6.5AI score0.12241EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/04/23 11:36 a.m.66 views

CVE-2025-2703

The built-in XY Chart plugin is vulnerable to a DOM XSS vulnerability. A user with Editor permissions is able to modify such a panel in order to make it execute arbitrary JavaScript...

6.8CVSS0.12241EPSS
Exploits0References2
CVE
CVE
added 2025/04/23 11:36 a.m.141 views

CVE-2025-2703

CVE-2025-2703 affects Grafana’s built-in XY Chart plugin through a DOM XSS flaw. The advisory text states that a user with Editor permissions can modify a panel to execute arbitrary JavaScript, indicating that the vulnerability stems from client-side script handling in the chart component and cou...

6.8CVSS6.5AI score0.12241EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2025/04/23 11:36 a.m.5 views

CVE-2025-2703

The built-in XY Chart plugin is vulnerable to a DOM XSS vulnerability. A user with Editor permissions is able to modify such a panel in order to make it execute arbitrary JavaScript...

6.8CVSS6.8AI score0.12241EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2025/04/23 12:0 a.m.7 views

PT-2025-17601 · Unknown +1 · Xy Chart Plugin +1

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: The built-in XY Chart plugin is affected by a DOM XSS issue. A user with Editor permissions can modify a panel to execute arbitrary JavaScript. Recommendations: At the moment, there is no...

9.9CVSS8.2AI score0.97809EPSS
Exploits22References59
FreeBSD
FreeBSD
added 2025/03/14 12:0 a.m.16 views

Grafana -- DOM XSS vulnerability

Grafana Labs reports: An external security researcher responsibly reported a security vulnerability in Grafana’s built-in XY chart plugin that is vulnerable to a DOM XSS vulnerability. The CVSS score for this vulnerability is 6.8 MEDIUM...

8.3CVSS6.4AI score0.12241EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/13 5:45 p.m.8 views

CVE-2023-3010

Grafana is an open-source platform for monitoring and observability. The WorldMap panel plugin, versions before 1.0.4 contains a DOM XSS vulnerability...

7.3CVSS6AI score0.0045EPSS
Exploits0References1
NVD
NVD
added 2024/12/25 6:15 a.m.29 views

CVE-2024-10858

The Jetpack WordPress plugin before 14.1 does not properly checks the postmessage origin in its 13.x versions, allowing it to be bypassed and leading to DOM-XSS. The issue only affects websites hosted on WordPress.com...

6.1CVSS0.00324EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2023/04/26 12:0 a.m.11 views

CVE-2023-29442

Zoho ManageEngine Applications Manager before 16400 allows proxy.html DOM XSS...

7AI score0.0941EPSS
Exploits0References1
Rows per page
Query Builder