Lucene search
K

10 matches found

NVD
NVD
added 2026/07/02 12:16 p.m.6 views

CVE-2026-14449

u5CMS through v12.8.8 is vulnerable to reflected XSS via the ‘thanks’ parameter in multiple form components...

6.4CVSS0.00269EPSS
Exploits0References1
CVE
CVE
added 2026/07/02 11:47 a.m.16 views

CVE-2026-14449

CVE-2026-14449 affects u5CMS up to v12.8.8 and is a reflected XSS via the ‘thanks’ parameter in multiple form components. The issue is described as a reflected XSS with a CVSS v4.0 base score of 6.4 (Medium) with network attack vector, no privileges required, and user interaction required. The un...

6.4CVSS5.8AI score0.00269EPSS
Exploits0References1
OSV
OSV
added 2026/07/02 11:47 a.m.2 views

CVE-2026-14449 POST-based reflected XSS via the thanks parameter in form components

u5CMS through v12.8.8 is vulnerable to reflected XSS via the ‘thanks’ parameter in multiple form components...

6.4CVSS5.9AI score0.00269EPSS
Exploits0References3
Snyk
Snyk
added 2025/10/29 11:12 p.m.3 views

Malicious Package

Overview xo-form-components is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.8AI score
Exploits0References2
EUVD
EUVD
added 2025/10/29 11:12 p.m.4 views

EUVD-2025-36756

Malicious code in xo-form-components npm...

6.6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/10/29 11:12 p.m.5 views

Malicious code in xo-form-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4b076aac6d8c1d695f9ed279e4948c727abd708141c9256d1ecc0faa1f14b579 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.8AI score
Exploits0References2
OSV
OSV
added 2025/10/29 11:12 p.m.4 views

MAL-2025-49067 Malicious code in xo-form-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4b076aac6d8c1d695f9ed279e4948c727abd708141c9256d1ecc0faa1f14b579 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.6 views

Malicious code in dynamic-form-components (npm)

The package dynamic-form-components was found to contain malicious code...

7AI score
Exploits0
OSV
OSV
added 2025/08/14 6:52 p.m.6 views

MAL-2025-19030 Malicious code in dynamic-form-components (npm)

The package dynamic-form-components was found to contain malicious code...

7.2AI score
Exploits0
Veracode
Veracode
added 2024/05/30 7:52 p.m.14 views

Cross-site Scripting (XSS)

Umbraco Commerce is vulnerable to Cross-site Scripting XSS. The vulnerability is due to insufficient validation allowing authenticated users with access to edit forms to inject unsafe code into form components...

2.7CVSS6.4AI score0.00341EPSS
Exploits0References6Affected Software2
Rows per page
Query Builder