Lucene search
K

34 matches found

NVD
NVD
added 2026/03/19 11:16 p.m.6 views

CVE-2026-29106

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, the value of the returnid request parameter is copied into the value of an HTML tag attribute which is an event handler and is encapsulated in double quotati...

6.1CVSS0.00149EPSS
Exploits0References2
CVE
CVE
added 2026/03/19 11:2 p.m.12 views

CVE-2026-29106

Summary: CVE-2026-29106 affects SuiteCRM prior to 7.15.1 and 8.9.3. The return_id request parameter value is copied into an HTML tag attribute that is an event handler and enclosed in double quotes, enabling a blind XSS condition. The issue is addressed in versions 7.15.1 and 8.9.3 (patches). Mit...

6.1CVSS5.8AI score0.00149EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/19 12:0 a.m.12 views

PT-2026-26444

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, the value of the return id request parameter is copied into the value of an HTML tag attribute which is an event handler and is encapsulated in double...

5.9CVSS5.8AI score0.00149EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/09 9:57 a.m.5 views

CVE-2020-12707

An XSS vulnerability exists in modules/wysiwyg/save.php of LeptonCMS 4.5.0. This can be exploited because the only security measure used against XSS is the stripping of SCRIPT elements. A malicious actor can use HTML event handlers to run JavaScript instead of using SCRIPT elements...

6.1CVSS5.9AI score0.01225EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:56 a.m.10 views

CVE-2020-12438

An XSS vulnerability exists in the banners.php page of PHP-Fusion 9.03.50. This can be exploited because the only security measure used against XSS is the stripping of SCRIPT tags. A malicious actor can use HTML event handlers to run JavaScript instead of using SCRIPT tags...

5.4CVSS5.9AI score0.00582EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-4750

Malware in sbrugna...

5.4CVSS5.5AI score0.00582EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-4995

Malware in sbrugna...

6.1CVSS6.3AI score0.01225EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-5006

Malware in sbrugna...

5.4CVSS5.5AI score0.00659EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-1879

Malware in sbrugna...

4.8CVSS5.2AI score0.00624EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/05/22 4:12 p.m.7 views

CVE-2020-23234

Cross Site Scripting XSS vulnerabiity exists in LavaLite CMS 5.8.0 via the Menu Blocks feature, which can be bypassed by using HTML event handlers, such as "ontoggle,"...

4.8CVSS6AI score0.00624EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 3:12 p.m.8 views

CVE-2020-12718

In administration/comments.php in PHP-Fusion 9.03.50, an authenticated attacker can take advantage of a stored XSS vulnerability in the Preview Comment feature. The protection mechanism can be bypassed by using HTML event handlers such as ontoggle...

5.4CVSS5.6AI score0.00659EPSS
Exploits1
OSV
OSV
added 2021/08/09 8:38 p.m.17 views

GHSA-V2F3-F8X4-M3W8 Cross Site Scripting in LavaLite CMS

Cross Site Scripting XSS vulnerabiity exists in LavaLite CMS 5.8.0 via the Menu Blocks feature, which can be bypassed by using HTML event handlers, such as "ontoggle,"...

4.8CVSS4.8AI score0.00624EPSS
Exploits1References2
OSV
OSV
added 2021/07/26 8:15 p.m.11 views

CVE-2020-23234

Cross Site Scripting XSS vulnerabiity exists in LavaLite CMS 5.8.0 via the Menu Blocks feature, which can be bypassed by using HTML event handlers, such as "ontoggle,"...

4.8CVSS5.9AI score
Exploits0References1
Prion
Prion
added 2021/07/26 8:15 p.m.20 views

Cross site scripting

Cross Site Scripting XSS vulnerabiity exists in LavaLite CMS 5.8.0 via the Menu Blocks feature, which can be bypassed by using HTML event handlers, such as "ontoggle,"...

3.5CVSS4.8AI score0.00624EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2021/07/26 7:12 p.m.84 views

CVE-2020-23234

CVE-2020-23234 affects LavaLite CMS 5.8.0 (Menu Blocks feature) with a Cross-Site Scripting (XSS) vulnerability that can be bypassed using HTML event handlers such as ontoggle. The available connected sources confirm the product, version, and the XSS in this component, along with the described by...

4.8CVSS4.9AI score0.00624EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/07/26 7:12 p.m.16 views

CVE-2020-23234

Cross Site Scripting XSS vulnerabiity exists in LavaLite CMS 5.8.0 via the Menu Blocks feature, which can be bypassed by using HTML event handlers, such as "ontoggle,"...

4.9AI score0.00624EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2021/02/25 2:1 a.m.12 views

Content injection in marked

Versions 0.3.7 and earlier of marked When mangling is disabled via option mangle don't escape target href. This allow attacker to inject arbitrary html-event into resulting a tag...

4.5AI score
Exploits0References3Affected Software1
OSV
OSV
added 2021/02/25 2:1 a.m.4 views

GHSA-WJMF-58VC-XQJR Content injection in marked

Versions 0.3.7 and earlier of marked When mangling is disabled via option mangle don't escape target href. This allow attacker to inject arbitrary html-event into resulting a tag...

7.1AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2020/12/01 12:0 a.m.27 views

Oracle Linux 8 : thunderbird (ELSA-2020-5236)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2020-5236 advisory. 78.5.0-1.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js 78.5.0-1 - Update to 78.5.0 build3 Tenable has...

9.3CVSS7.4AI score0.0247EPSS
Exploits1References11
Prion
Prion
added 2020/05/08 12:15 a.m.15 views

Cross site scripting

In administration/comments.php in PHP-Fusion 9.03.50, an authenticated attacker can take advantage of a stored XSS vulnerability in the Preview Comment feature. The protection mechanism can be bypassed by using HTML event handlers such as ontoggle...

3.5CVSS5AI score0.00659EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder