Lucene search
K

4 matches found

Github Security Blog
Github Security Blog
added 2026/06/03 9:6 p.m.14 views

malla: Stored XSS via Meshtastic node names in multiple frontend pages

Node names longname, shortname received via MQTT are stored in SQLite without sanitization and rendered into the DOM without escaping. Any participant on a public Meshtastic MQTT broker can set a malicious node name that executes JavaScript in the browser of every Malla dashboard visitor. Affecte...

6.1AI score0.00174EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/01/16 8:23 a.m.4 views

CVE-2026-0913

The User Submitted Posts – Enable Users to Submit Posts from the Front End plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'uspaccess' shortcode in all versions up to, and including, 20260110 due to insufficient input sanitization and output escaping on user...

6.4CVSS5.5AI score0.00232EPSS
Exploits0References4
CNVD
CNVD
added 2021/11/19 12:0 a.m.50 views

SmarterMail Remote Code Execution Vulnerability

SmarterMail is the award-winning email, collaboration and group chat server that easily meets the needs of businesses of any size, from individual business owners to large corporations and enterprise organizations. With lower hardware requirements, superior stability and lower maintenance costs,...

9.8CVSS4.8AI score0.02089EPSS
Exploits0References1
CNVD
CNVD
added 2021/01/27 12:0 a.m.6 views

Logic Flaw Vulnerability in Songcms Front-End Pages

SongCMS is a PHP MySQL, ASP Access/SQL Server based development, enterprise-oriented, multi-language support, free, open source CMS to help business users to quickly build and deploy enterprise-level portals. A logic vulnerability exists in the front-end page of SongCMS. An attacker can exploit...

7.2AI score
Exploits0
Rows per page
Query Builder