Lucene search
K

207 matches found

EUVD
EUVD
added yesterday4 views

EUVD-2026-41052

Guardian language-system fails to sanitize the name GET parameter before outputting it into an HTML input value attribute in designer.php line 57. An authenticated attacker can craft a URL containing script tags that execute in the victim's browser session...

4.8CVSS5.8AI score
Exploits0References2
CVE
CVE
added 2026/06/17 4:42 p.m.10 views

CVE-2026-48591

CVE-2026-48591 describes a stored cross-site scripting vulnerability in the open-source earmark Markdown library used with Elixir. The issue arises from how Elixir.Earmark.Transform:_make_att1/2 splices attribute values directly between two literal quotes, causing attribute values to be emitted v...

4.8CVSS5AI score0.00133EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/09 2:59 p.m.10 views

CVE-2026-11511

A weakness has been identified in Bolt CMS up to 3.7.5. This vulnerability affects unknown code of the file src/Storage/Field/Type/TextType.php of the component HTML Attribute Handler. Executing a manipulation of the argument style can lead to HTML injection. It is possible to launch the attack...

5.1CVSS5.3AI score0.00191EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/08 11:45 a.m.37 views

CVE-2026-11511 Bolt CMS HTML Attribute TextType.php HTML injection

A weakness has been identified in Bolt CMS up to 3.7.5. This vulnerability affects unknown code of the file src/Storage/Field/Type/TextType.php of the component HTML Attribute Handler. Executing a manipulation of the argument style can lead to HTML injection. It is possible to launch the attack...

5.1CVSS0.00191EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.9 views

Bolt CMS 注入漏洞

Bolt CMS is an open-source content management system based on PHP, developed by Bolt CMS. Versions of Bolt CMS 3.7.5 and earlier have a vulnerability related to injection attacks. This vulnerability stems from the handling of the 'style' parameter in the Component HTML Attribute Handler file,...

5.1CVSS5AI score0.00191EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:24 p.m.10 views

CVE-2026-8245

Concrete CMS 9.5.0 and below is vulnerable to Reflected XSS in Legacy Pagination via HTML attribute injection. Concrete\Core\Legacy\Pagination builds pagination links by raw-interpolating its $URL field into href="" . Any authenticated admin or report viewer with access to...

6CVSS5.5AI score0.00139EPSS
Exploits0References1
NVD
NVD
added 2026/05/28 8:16 a.m.17 views

CVE-2026-6427

The a3 Lazy Load plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.7.6 This is due to a regex bug in the filtervideos method that breaks HTML attribute quoting when processing crafted elements, combined with unescaped output in the...

6.4CVSS0.00291EPSS
Exploits0References8
EUVD
EUVD
added 2026/05/22 12:31 a.m.10 views

EUVD-2026-31357

Concrete CMS 9.5.0 and below is vulnerable to Reflected XSS in Legacy Pagination via HTML attribute injection. Concrete\Core\Legacy\Pagination builds pagination links by raw-interpolating its $URL field into href="" . Any authenticated admin or report viewer with access to...

6CVSS5.8AI score0.00139EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/21 9:14 p.m.32 views

CVE-2026-8245 Concrete CMS 9.5.0 and below is vulnerable to Reflected XSS in Legacy Pagination via HTML attribute injection

Concrete CMS 9.5.0 and below is vulnerable to Reflected XSS in Legacy Pagination via HTML attribute injection. Concrete\Core\Legacy\Pagination builds pagination links by raw-interpolating its $URL field into href="" . Any authenticated admin or report viewer with access to...

6CVSS0.00139EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/21 9:14 p.m.6 views

CVE-2026-8245 Concrete CMS 9.5.0 and below is vulnerable to Reflected XSS in Legacy Pagination via HTML attribute injection

Concrete CMS 9.5.0 and below is vulnerable to Reflected XSS in Legacy Pagination via HTML attribute injection. Concrete\Core\Legacy\Pagination builds pagination links by raw-interpolating its $URL field into href="" . Any authenticated admin or report viewer with access to...

6CVSS5.8AI score0.00139EPSS
Exploits0References1
CVE
CVE
added 2026/05/21 9:14 p.m.16 views

CVE-2026-8245

Concrete CMS 9.5.0 and earlier is vulnerable to a Reflected XSS in Legacy Pagination. The flaw occurs because Concrete\Core\Legacy\Pagination builds pagination links by raw-interpolating the $URL field into href, allowing an attacker to craft a URL that injects HTML into the link tag. An authenti...

6CVSS5.8AI score0.00139EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/21 9:14 p.m.4 views

CVE-2026-8245

Concrete CMS 9.5.0 and below is vulnerable to Reflected XSS in Legacy Pagination via HTML attribute injection. Concrete\Core\Legacy\Pagination builds pagination links by raw-interpolating its $URL field into href="" . Any authenticated admin or report viewer with access to...

6CVSS5.8AI score0.00139EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.8 views

Concrete CMS 安全漏洞

Concrete CMS is an open-source content management system designed for teams. Concrete CMS versions 9.5.0 and earlier have a security vulnerability, which stems from a reflective cross-site scripting attack via HTML attribute injection in Legacy Pagination...

6CVSS5.7AI score0.00139EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/20 7:34 p.m.11 views

EUVD-2026-31176

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in single.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ticketid GET parameter directly into an HTML attribute. Attackers can craft a...

5.1CVSS5.8AI score0.00221EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/20 1:25 a.m.48 views

CVE-2026-6404 Anomify AI <= 0.3.6 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'anomify_api_key' Parameter

The Anomify AI – Anomaly Detection and Alerting plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'anomifyapikey' parameter in versions up to and including 0.3.6. This is due to insufficient input sanitization and missing output escaping: the plugin applies sanitizetextfie...

4.4CVSS0.00239EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.9 views

CryptPad 跨站脚本漏洞

CryptPad is an open-source collaboration suite developed by CryptPad. Versions of CryptPad prior to 2026.2.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from the HTML cleaner’s incomplete filtering of restricted tag attributes, allowing attackers to inject arbitrary...

6.1CVSS5.8AI score0.00242EPSS
Exploits0References3
CVE
CVE
added 2026/05/19 9:30 a.m.26 views

CVE-2026-31906

CVE-2026-31906 affects Apache OFBiz up to version 24.09.05 (pre-24.09.06). The issue is an improper neutralization of input during web page generation, i.e., Cross-Site Scripting (XSS). Some sources describe it as a reflected XSS due to improper HTML attribute escaping in layered-modal dialog par...

6.1CVSS5.8AI score0.0044EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/05/18 6:0 a.m.49 views

CVE-2026-3220 Multiple Plugins - Unauthenticated Stored XSS via Minify Library

The Autoptimize WordPress plugin before 3.1.15, Clearfy Cache WordPress plugin before 2.4.2, Speed Optimizer WordPress plugin before 7.7.9 are vulnerable to unauthenticated Stored Cross-Site Scripting XSS due to a predictable replacement hash used during the HTML minification process and abusing ...

0.0032EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/14 11:28 p.m.8 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the websiteUrl field, which is interpolated into an HTML attribute without proper encoding of quote characters. An attacker can execute arbitrary JavaScript in the context of users visiting the catalogue UI b...

5.4CVSS5.8AI score0.00167EPSS
Exploits1References2
Packet Storm
Packet Storm
added 2026/05/13 12:0 a.m.76 views

📄 Event Booking Calendar 5.0 Cross Site Scripting

Event Booking Calendar version 5.0 suffers from a cross site scripting vulnerability. Titles: Event Booking Calendar-5.0 Cross-site scripting reflected Author: nu11secur1ty Date: 5/13/2026 Vendor: https://www.phpjabbers.com/ Software: https://www.phpjabbers.com/event-booking-calendar/ Reference:...

5.3AI score
Exploits0
Rows per page
Query Builder