Lucene search
+L

115 matches found

nvd
nvd
added 6 days ago6 views

CVE-2026-11591

The Widgets for Google Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 13.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level...

4.4CVSS0.00251EPSS
Exploits0References10
attackerkb
attackerkb
added 6 days ago2 views

CVE-2026-11591

The Widgets for Google Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 13.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level...

4.4CVSS6.2AI score0.00251EPSS
Exploits0References11
euvd
euvd
added 6 days ago8 views

EUVD-2026-43155

The Widgets for Google Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 13.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level...

4.4CVSS6.2AI score0.00251EPSS
Exploits0References10
nvd
nvd
added last week8 views

CVE-2026-8595

A user with Editor permissions can craft a dashboard whose table TableNG panel contains a malicious field name that executes as a script in the browser of any user who views the dashboard stored cross-site scripting...

6.8CVSS0.00239EPSS
Exploits0References1
cvelist
cvelist
added last week31 views

CVE-2026-8595 Stored XSS in the table panel (TableNG)

A user with Editor permissions can craft a dashboard whose table TableNG panel contains a malicious field name that executes as a script in the browser of any user who views the dashboard stored cross-site scripting...

6.8CVSS0.00239EPSS
Exploits0References1
cve
cve
added last week8 views

CVE-2026-8595

CVE-2026-8595 describes a stored XSS in Grafana's TableNG panel. An Editor can craft a dashboard with a malicious field name, causing script execution in the browser for any viewer of that dashboard. Affected component: the TableNG panel in dashboards. Root cause: stored cross-site scripting via ...

6.8CVSS6AI score0.00239EPSS
Exploits0References1Affected Software1
euvd
euvd
added last week7 views

EUVD-2026-42922

A user with Editor permissions can craft a dashboard whose table TableNG panel contains a malicious field name that executes as a script in the browser of any user who views the dashboard stored cross-site scripting...

6.8CVSS6AI score0.00239EPSS
Exploits0References1
vulnrichment
vulnrichment
added last week7 views

CVE-2026-8595 Stored XSS in the table panel (TableNG)

A user with Editor permissions can craft a dashboard whose table TableNG panel contains a malicious field name that executes as a script in the browser of any user who views the dashboard stored cross-site scripting...

6.8CVSS6AI score0.00239EPSS
Exploits0References1
osv
osv
added last week3 views

CVE-2026-8595 Stored XSS in the table panel (TableNG)

A user with Editor permissions can craft a dashboard whose table TableNG panel contains a malicious field name that executes as a script in the browser of any user who views the dashboard stored cross-site scripting...

6.8CVSS6AI score0.00239EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/07/10 12:0 a.m.10 views

PT-2026-57211

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description A user with Editor permissions can create a dashboard where the TableNG panel includes a malicious field name. This leads to stored cross-site scripting XSS, a...

6.8CVSS6AI score0.00239EPSS
Exploits0References4
cvelist
cvelist
added 2026/06/27 6:50 a.m.37 views

CVE-2026-12399 Gutenverse <= 3.8.0 - Authenticated (Editor+) Stored Cross-Site Scripting via 'fonts[].font.font.value' Parameter

The Gutenverse – WordPress Blocks, Page Builder & Site Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.8.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

4.4CVSS0.00246EPSS
Exploits0References12
ptsecurity
ptsecurity
added 2026/06/27 12:0 a.m.14 views

PT-2026-53053

Name of the Vulnerable Software and Affected Versions Gutenverse versions prior to 3.8.1 Description The Gutenverse – WordPress Blocks, Page Builder & Site Editor plugin for WordPress contains a Stored Cross-Site Scripting issue in the admin settings. This occurs due to insufficient input...

4.4CVSS5.9AI score0.00246EPSS
Exploits0References16
osv
osv
added 2026/06/08 1:16 p.m.11 views

UBUNTU-CVE-2026-7186

Stored cross-site scripting in the URL dashboard widget in Checkmk 2.5.0p5, 2.4.0p31, 2.3.0p48, and all 2.2.0 versions allows a user with dashboard editing permissions to store a URL with a dangerous URI scheme such as javascript: that executes scripts in other users' browsers when they view the...

8.5CVSS5.2AI score0.00136EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/06/04 7:28 p.m.10 views

CVE-2026-41518

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In versions 4.9.0 through 5.0.0, an authenticated user with project-editor permissions can store arbitrary HTML/JavaScript in the ChartDatasetConfig.legend field. The...

7.6CVSS6AI score0.002EPSS
Exploits0References2Affected Software1
osv
osv
added 2026/05/21 8:34 p.m.45 views

GHSA-2C5X-4JGF-88MJ NocoDB: SSRF Protection Bypass in Notification Webhook Plugins (Slack, Discord, Mattermost, Teams)

Summary The request-filtering-agent SSRF protection was non-functional in the four notification webhook plugins Slack, Discord, Mattermost, Teams because httpAgent / httpsAgent were passed as part of the request body rather than the axios config. An authenticated user with hook-creation permissio...

4.3CVSS5.9AI score0.00176EPSS
Exploits0References2
euvd
euvd
added 2026/05/13 9:32 p.m.25 views

EUVD-2026-30137

Editors could delete any annotation, even those they do not have read access to. The editor user cannot create or read the annotations...

4.3CVSS5.8AI score0.00198EPSS
Exploits0References2
nvd
nvd
added 2026/05/13 8:16 p.m.36 views

CVE-2026-28374

Editors could delete any annotation, even those they do not have read access to. The editor user cannot create or read the annotations...

4.3CVSS0.00198EPSS
Exploits0References1
osv
osv
added 2026/05/13 8:16 p.m.7 views

UBUNTU-CVE-2026-28374

Editors could delete any annotation, even those they do not have read access to. The editor user cannot create or read the annotations...

4.3CVSS5.8AI score0.00198EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2026/05/12 9:24 p.m.11 views

CVE-2026-41195 mosparo: Rule package source URL stored SSRF enables internal HTTP probing

mosparo is the modern solution to protect your online forms from spam. Prior to 1.4.13, the automatic rule package source URL feature allows a project member with the editor role to store an attacker-controlled URL that the server later fetches. Because the server follows http/https redirects and...

5CVSS5.8AI score0.00197EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/12 12:0 a.m.13 views

mosparo 代码问题漏洞

Mosparo is a modern spam protection software developed under open source. Versions of Mosparo prior to 1.4.13 had code vulnerabilities. These vulnerabilities stemmed from the automatic rule package source URL feature, which allowed project members with editor roles to store URLs controlled by...

5CVSS5.9AI score0.00197EPSS
Exploits0References2
Rows per page
Query Builder