Lucene search
+L

31 matches found

RedhatCVE
RedhatCVE
added 2 days ago7 views

CVE-2026-41846

A flaw was found in Spring MVC applications, part of the Spring Framework. This vulnerability allows a remote attacker to inject arbitrary HTML or JavaScript code due to improper handling of user-supplied values in the cssClass, cssErrorClass, or cssStyle attributes of JSP form tags. Successful...

6.8CVSS5.2AI score0.0014EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 3 days ago7 views

CVE-2026-59884

A flaw was found in pyasn1, a generic ASN.1 library for Python. The Basic Encoding Rules BER decoder, used by CER and DER codecs, processes long-form tags by accumulating continuation octets without an upper bound. A remote attacker can exploit this by providing a specially crafted input, leading...

7.5CVSS6.1AI score0.00354EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/06/09 3:50 a.m.9 views

CVE-2026-41846 Spring Framework Cross-site Scripting via JSP Form Tags

Spring MVC applications which accept user-supplied values in the cssClass, cssErrorClass, or cssStyle attributes of JSP form tags allow arbitrary HTML/JavaScript code injection, potentially resulting in a cross-site scripting XSS vulnerability. Affected versions: Spring Framework 7.0.0 through...

5.9CVSS5.4AI score0.0014EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/09 12:0 a.m.17 views

Linux Distros Unpatched Vulnerability : CVE-2026-41846

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Spring MVC applications which accept user-supplied values in the cssClass, cssErrorClass, or cssStyle attributes of JSP form tags allow arbitrary HTML/JavaScrip...

6.1CVSS5.3AI score0.0014EPSS
Exploits0References3
Spring Security Advisories
Spring Security Advisories
added 2026/06/08 12:0 a.m.4 views

Spring Framework Cross-site Scripting via JSP Form Tags

Spring MVC applications which accept user-supplied values in the cssClass , cssErrorClass , or cssStyle attributes of JSP tags allow arbitrary HTML/JavaScript code injection, potentially resulting in a cross-site scripting XSS vulnerability...

5.9CVSS5.7AI score0.0014EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/27 8:37 p.m.4 views

CVE-2026-33883 Statamic has Reflected XSS via unescaped redirect parameter in its password reset form tag

Statamic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.16 and 6.7.2, the user:resetpasswordform tag could render user-input directly into HTML without escaping, allowing an attacker to craft a URL that executes arbitrary JavaScript in the victim's browser. Thi...

6.1CVSS5.9AI score0.00149EPSS
Exploits0References1
OSV
OSV
added 2026/03/27 8:37 p.m.16 views

CVE-2026-33883 Statamic has Reflected XSS via unescaped redirect parameter in its password reset form tag

Statamic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.16 and 6.7.2, the user:resetpasswordform tag could render user-input directly into HTML without escaping, allowing an attacker to craft a URL that executes arbitrary JavaScript in the victim's browser. Thi...

6.1CVSS5.8AI score0.00149EPSS
Exploits0References3
OSV
OSV
added 2026/03/26 7:5 p.m.6 views

GHSA-3JG4-P23X-P4QX Statamic has Reflected XSS via unescaped redirect parameter in its password reset form tag

Impact The user:resetpasswordform tag could render user-input directly into HTML without escaping, allowing an attacker to craft a URL that executes arbitrary JavaScript in the victim's browser. Patches This has been fixed in 5.73.16 and 6.7.2...

6.1CVSS5.8AI score0.00149EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.6 views

PT-2026-28550

Name of the Vulnerable Software and Affected Versions Statamic versions prior to 5.73.16 Statamic versions prior to 6.7.2 Description The user:reset password form tag does not properly escape user-supplied input before rendering it as HTML, potentially allowing an attacker to inject and execute...

6.1CVSS6.1AI score0.00149EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/10/04 11:53 a.m.10 views

CVE-2025-9129

The Flexi plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin for WordPress's flexi-form-tag shortcode in all versions up to, and including, 4.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5AI score0.00225EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/10/03 10:10 p.m.7 views

WordPress Flexi plugin <= 4.28 - Authenticated (Contributor+) Stored Cross-Site Scripting via flexi-form-tag Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via flexi-form-tag Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin Flexi – Guest Submit versions = 4.28...

6.4CVSS5.8AI score0.00225EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-32251

Malicious code in bioql PyPI...

6.4CVSS6.6AI score0.00225EPSS
Exploits0References4
NVD
NVD
added 2025/10/03 12:15 p.m.23 views

CVE-2025-9129

The Flexi plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin for WordPress's flexi-form-tag shortcode in all versions up to, and including, 4.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.00225EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/10/03 11:17 a.m.4 views

CVE-2025-9129 Flexi <= 4.28 - Authenticated (Contributor+) Stored Cross-Site Scripting via flexi-form-tag Shortcode

The Flexi plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin for WordPress's flexi-form-tag shortcode in all versions up to, and including, 4.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS4.7AI score0.00225EPSS
Exploits0References3
CVE
CVE
added 2025/10/03 11:17 a.m.21 views

CVE-2025-9129

CVE-2025-9129 describes a Stored Cross-Site Scripting flaw in the WordPress Flexi plugin (up to version 4.28) via the flexi-form-tag shortcode. The issue arises from insufficient input sanitization and output escaping on user-supplied attributes, allowing authenticated attackers with contributor-...

6.4CVSS4.7AI score0.00225EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/10/03 11:17 a.m.12 views

CVE-2025-9129 Flexi <= 4.28 - Authenticated (Contributor+) Stored Cross-Site Scripting via flexi-form-tag Shortcode

The Flexi plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin for WordPress's flexi-form-tag shortcode in all versions up to, and including, 4.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.00225EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/10/03 12:0 a.m.8 views

PT-2025-40483

Name of the Vulnerable Software and Affected Versions Flexi plugin for WordPress versions up to and including 4.28 Description The Flexi plugin for WordPress is susceptible to Stored Cross-Site Scripting through the flexi-form-tag shortcode. Insufficient input sanitization and output escaping on...

6.4CVSS5.2AI score0.00225EPSS
Exploits0References6
GithubExploit
GithubExploit
added 2024/01/10 3:49 p.m.360 views

Exploit for Cross-site Scripting in Alinto Sogo

CVE-2023-48104 HTML Injection in Alinto/SOGo Web Client Ve...

6.1CVSS6.4AI score0.01022EPSS
Exploits1
OSV
OSV
added 2020/08/31 10:48 p.m.14 views

GHSA-6QQJ-RX4W-R3CJ CSRF Vulnerability in jquery-ujs

Versions 1.0.3 and earlier of jquery-ujs are vulnerable to an information leakage attack that may enable attackers to launch CSRF attacks, as it allows attackers to send CSRF tokens to external domains. When an attacker controls the href attribute of an anchor tag, or the action attribute of a fo...

6.5CVSS6.9AI score
Exploits0References4
RubySec
RubySec
added 2020/05/18 12:0 a.m.36 views

CSRF Vulnerability in rails-ujs

There is an vulnerability in rails-ujs that allows attackers to send CSRF tokens to wrong domains. Versions Affected: rails = 5.2.4.3, rails = 6.0.3.1 Impact ------ This is a regression of CVE-2015-1840. In the scenario where an attacker might be able to control the href attribute of an anchor ta...

6.5CVSS2AI score0.04397EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder