Lucene search
K

48 matches found

RedhatCVE
RedhatCVE
added 2026/06/10 9:4 p.m.8 views

CVE-2026-47933

ColdFusion versions 2023.19, 2025.8 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to...

5.4CVSS5.4AI score0.00224EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 5:17 p.m.8 views

CVE-2026-47962

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...

5.4CVSS0.00224EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/09 4:48 p.m.31 views

CVE-2026-47975 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...

5.4CVSS0.00224EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/28 8:27 a.m.29 views

CVE-2026-6226 Frontend Admin by DynamiApps <= 3.29.2 - Unauthenticated Privilege Escalation via Form Configuration Injection

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to unauthenticated privilege escalation in versions up to and including 3.29.2. This is due to insecure form submission handling that accepts arbitrary form definitions from user input instead of securely loading them from the...

8.8CVSS0.00433EPSS
Exploits0References10
ATTACKERKB
ATTACKERKB
added 2026/03/31 8:40 p.m.5 views

CVE-2026-34396

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo admin panel renders plugin configuration values in HTML forms without applying htmlspecialchars or any other output encoding. The jsonToFormElements function in admin/functions.php directly interpolates...

6.1CVSS6AI score0.00217EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/24 7:37 p.m.2 views

CVE-2025-68914

Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/login.cgi username SQL Injection. For example, an attacker can delete the LOGINFAILEDTABLE table...

6.5CVSS7.2AI score0.00188EPSS
Exploits1References1
NVD
NVD
added 2025/12/10 7:16 p.m.5 views

CVE-2025-64826

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

5.4CVSS0.00205EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/11/19 12:0 a.m.5 views

PT-2025-47464

Github Restaurant Website Restoran v1.0 was discovered to contain a SQL injection vulnerability via the Contact Form page...

8.4AI score0.0021EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2008-0408

Malware in sbrugna...

4.3CVSS6.4AI score0.01445EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2025/09/04 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2019-1010310

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI GLPI Product 9.3.1 is affected by: Frame and Form tags Injection allowing admins to phish users by putting code in reminder description. The impact is:...

3.5CVSS5.2AI score0.00718EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/08/27 12:0 a.m.3 views

Diskover-web 安全漏洞

Diskover-web is a file system indexing tool from Diskover, Inc. in the United States. A security vulnerability exists in Diskover-web version v2.3.0, which stems from improper cleanup of multiple POST parameters in the Elasticsearch configuration form, which could lead to an SQL injection attack...

5.3CVSS7.8AI score0.00308EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/08/13 12:0 a.m.4 views

PT-2024-6549 · Microsoft · Outlook

Name of the Vulnerable Software and Affected Versions: Microsoft Outlook affected versions not specified Description: The issue is related to incorrect external control of a file name or path in Microsoft Outlook for Windows operating systems. Exploitation of this issue may allow an attacker to...

6.7CVSS8.2AI score0.00664EPSS
Exploits0References17
OSV
OSV
added 2024/06/13 8:16 a.m.2 views

CVE-2024-36178

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

5.4CVSS5.8AI score0.0051EPSS
Exploits0References1
OSV
OSV
added 2024/06/13 8:16 a.m.4 views

CVE-2024-34120

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

5.4CVSS5.8AI score0.00676EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/06/13 7:53 a.m.9 views

CVE-2024-36189 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

5.4CVSS5.3AI score0.00534EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/06/13 7:53 a.m.19 views

CVE-2024-36171 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

5.4CVSS5.3AI score0.00717EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/05/30 12:0 a.m.4 views

PT-2024-40292 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 affected versions not specified Description: A broken access control issue has been discovered in the Import/Export module, allowing regular backend users to access import functionality that is typically restricted to admin users or tho...

4.3CVSS7.8AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/03/07 12:0 a.m.3 views

PT-2024-11733 · Unknown · Online Flight Booking Management System

Name of the Vulnerable Software and Affected Versions: Online Flight Booking Management System version 1.0 Description: The issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the airline parameter in the feedback form. This enables the execution of...

4.7CVSS7.2AI score0.00381EPSS
Exploits0References4
wpexploit
wpexploit
added 2024/01/19 12:0 a.m.192 views

lasTunes <= 3.6.1 - Settings Update via CSRF

Description The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack ' ' document.forms0...

9AI score0.00199EPSS
Exploits2
wpexploit
wpexploit
added 2023/12/29 12:0 a.m.218 views

EventON-RSVP < 2.9.5 - Reflected XSS

Description The plugin does not sanitise and escape some parameters before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open a page containing the code below "/...

6.1CVSS6AI score0.0042EPSS
Exploits2
Rows per page
Query Builder