Lucene search
K

57 matches found

Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.7 views

PT-2026-51634

Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.14.3 Description The Jupyter Notebook ipynb sanitizer endpoint at 'POST /-/api/sanitize ipynb' allows arbitrary data: URIs without proper restrictions, which can lead to Cross-Site Scripting XSS. The endpoint utilizes...

6.4CVSS6AI score0.00677EPSS
Exploits0References8
GithubExploit
GithubExploit
added 2026/06/12 5:49 p.m.65 views

katex-xss-test

KaTeX render test Inline href: $\hrefjavascript:alertdocume...

5.3AI score
Exploits0
Cvelist
Cvelist
added 2026/06/10 8:39 p.m.27 views

CVE-2026-53742 Simple Link Directory through 9.0.4 Stored XSS via Embed Shortcode Attributes

Simple Link Directory through 9.0.4 echoes embed shortcode attributes into HTML data attributes without escaping in the embedder template. Attackers with contributor access can craft a shortcode attribute that injects an event handler executing in a viewer's browser...

5.4CVSS0.00141EPSS
Exploits0References2
CVE
CVE
added 2026/06/10 8:39 p.m.18 views

CVE-2026-53742

CVE-2026-53742 affects the WordPress plugin Simple Link Directory up to version 9.0.4. The issue is a Stored XSS via embed shortcode attributes: the embedder template echoes shortcode attributes into HTML data attributes without escaping. Attackers with contributor access can craft a shortcode at...

5.4CVSS5.5AI score0.00141EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/04 11:5 p.m.6 views

CVE-2026-11195

Inappropriate implementation in MHTML in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

5.5AI score0.0019EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.8 views

PT-2026-28090

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.27 n8n versions prior to 2.13.3 n8n versions prior to 2.14.1 Description n8n is a workflow automation platform. An authenticated user with appropriate permissions could create a workflow that generates HTML binary...

9CVSS5.8AI score0.00249EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-1398

Malware in sbrugna...

6.1CVSS6.5AI score0.03189EPSS
Exploits0References17
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-1200

Malware in sbrugna...

6.1CVSS6.1AI score0.04327EPSS
Exploits0References15
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-31992

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.01219EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2021-33829

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A cross-site scripting XSS vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4.16.x before 4.16.1 allows remote attackers to inject executab...

6.1CVSS6.4AI score0.03189EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2025/04/07 12:0 a.m.5 views

The vulnerability of the MathLive formula editor, related to the lack of measures taken to protect the website structure, allows attackers to perform cross-site scripting attacks.

The vulnerability of MathLive’s formula editor is related to the lack of measures taken to protect the structure of web pages when processing LaTeX expressions with the \htmlData attribute. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...

6.5CVSS5.2AI score0.00486EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2025/01/17 12:0 a.m.10 views

KaTeX 安全漏洞

KaTeX is a fast, easy-to-use JavaScript library open-sourced by KaTeX for TeX math rendering on the web. A security vulnerability exists in KaTeX prior to version v0.16.21, which stems from the htmlData command that allows embedding of HTML data, and an improper configuration of the trust option...

7.2CVSS6.5AI score0.00381EPSS
Exploits0References4
NVD
NVD
added 2025/01/14 1:15 a.m.7 views

CVE-2025-0059

Applications based on SAP GUI for HTML in SAP NetWeaver Application Server ABAP store user input in the local browser storage to improve usability. An attacker with administrative privileges or access to the victim�s user directory on the Operating System level would be able to read this data...

6CVSS0.00184EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/08/08 4:31 a.m.15 views

CVE-2024-5668 Lightbox & Modal Popup WordPress Plugin – FooBox <= 2.7.28 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via HTML Data Attributes

The Lightbox & Modal Popup WordPress Plugin – FooBox plugin for WordPress is vulnerable to DOM-based Stored Cross-Site Scripting via HTML data attributes in all versions up to, and including, 2.7.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes...

6.4CVSS5.7AI score0.00282EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/07/01 3:52 a.m.6 views

WordPress Gutenberg Blocks with AI by Kadence WP plugin <= 3.2.45 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via HTML Data Attributes vulnerability

Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via HTML Data Attributes vulnerability discovered by Webbernaut in WordPress Plugin Gutenberg Blocks by Kadence Blocks versions = 3.2.45...

6.4CVSS6AI score0.00263EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/03/06 11:8 a.m.21 views

BIT-MOODLE-2021-36401

In Moodle, ID numbers exported in HTML data formats required additional sanitizing to prevent a local stored XSS risk...

4.8CVSS4.8AI score0.0053EPSS
Exploits0References2
OSV
OSV
added 2024/03/06 10:55 a.m.20 views

BIT-DRUPAL-2020-9281

A cross-site scripting XSS vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to inject arbitrary web script through a crafted "protected" comment with the ckeprotected syntax...

6.1CVSS5.5AI score0.04327EPSS
Exploits0References10
OSV
OSV
added 2024/03/06 10:55 a.m.29 views

BIT-DRUPAL-2021-33829

A cross-site scripting XSS vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4.16.x before 4.16.1 allows remote attackers to inject executable JavaScript code through a crafted comment because --! is mishandled...

6.1CVSS5.8AI score0.03189EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2024/01/30 3:1 a.m.2 views

SUSE CVE-2021-33829

A cross-site scripting XSS vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4.16.x before 4.16.1 allows remote attackers to inject executable JavaScript code through a crafted comment because --! is mishandled...

6.1CVSS6.9AI score0.03189EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/10/23 12:0 a.m.33 views

Ubuntu 16.04 ESM : CKEditor vulnerabilities (USN-5340-2)

The remote Ubuntu 16.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5340-2 advisory. USN-5340-1 fixed several vulnerabilities in CKEditor. This update provides the fixes for CVE-2018-9861, CVE-2020-9281, CVE-2021-32809, CVE-2021-33829 and...

7.3CVSS6.6AI score0.04327EPSS
Exploits0References6
Rows per page
Query Builder