Lucene search
K

4 matches found

CVE
CVE
added 2026/06/17 6:0 a.m.7 views

CVE-2026-7850

The WP Magnific Popup WordPress plugin (versions through 1.0) is affected by a Stored XSS due to improper escaping of user-controlled link URLs before injecting them into the DOM when displaying image load error messages. This allows authenticated attackers with Author-level access or higher to i...

5.9CVSS5.2AI score0.0014EPSS
Exploits0References1
OSV
OSV
added 2025/09/04 7:43 p.m.4 views

CVE-2025-58361 Promptcraft Forge Studio's incomplete URL check is vulnerable to XSS via SVG

Promptcraft Forge Studio is a toolkit for evaluating, optimizing, and maintaining LLM-powered applications. All versions contain an non-exhaustive URL scheme check that does not protect against XSS. User-controlled URLs pass through src/utils/validation.ts, but the check only strips javascript: a...

9.3CVSS7.1AI score
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/02/15 5:16 a.m.5 views

SUSE CVE-2015-5522

Heap-based buffer overflow in the ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service crash via vectors involving a command character in an href...

6.8CVSS7.4AI score0.04655EPSS
Exploits1References5
OSV
OSV
added 2019/07/19 4:15 p.m.2 views

CVE-2019-1010113

Premium Software CLEditor 1.4.5 and earlier is affected by: Cross Site Scripting XSS. The impact is: An attacker might be able to inject arbitrary html and script code into the web site. The component is: jQuery plug-in. The attack vector is: the victim must open a crafted href attribute of a lin...

6.1CVSS6.4AI score0.00826EPSS
Exploits1References1
Rows per page
Query Builder