Lucene search
K

165 matches found

Drupal
Drupal
added 2025/09/24 12:0 a.m.10 views

Plausible tracking - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-107

This module integrates Plausible Analytics on a site. The module did not properly filter output in certain cases. This vulnerability is mitigated by the fact that an attacker must have permission to add raw HTML to the website, such as an unfiltered WYSIWYG field on a public-facing comment...

6.1CVSS5.5AI score0.00177EPSS
Exploits0References2
Veracode
Veracode
added 2025/07/04 6:39 a.m.6 views

Stored Cross-site Scripting (XSS)

starcitizentools/citizen-skin is vulnerable to Stored Cross-site Scripting XSS. The vulnerability is due to the Citizen skin inserting short descriptions from the ShortDescription extension as raw HTML, which allows an attacker to inject arbitrary HTML into the DOM by editing a page...

8.6CVSS5.7AI score0.003EPSS
Exploits1References6Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 10:24 a.m.9 views

CVE-2024-5668

The Lightbox & Modal Popup WordPress Plugin – FooBox plugin for WordPress is vulnerable to DOM-based Stored Cross-Site Scripting via HTML data attributes in all versions up to, and including, 2.7.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes...

6.4CVSS5.7AI score0.00282EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:24 p.m.7 views

CVE-2021-24586

The Per page add to head WordPress plugin before 1.4.4 is lacking any CSRF check when saving its settings, which could allow attackers to make a logged in admin change them. Furthermore, as the plugin allows arbitrary HTML to be inserted in one of the setting feature mentioned by the plugin, this...

4.3CVSS5.8AI score0.00467EPSS
Exploits2References1
Github Security Blog
Github Security Blog
added 2025/05/15 9:31 p.m.14 views

tarteaucitron-wp WordPress Plugin Vulnerable to Stored Cross-Site Scripting

The tarteaucitron-wp WordPress plugin before 0.3.0 allows author level and above users to add HTML into a post/page, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.4CVSS6AI score0.00254EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2025/05/15 9:31 p.m.2 views

GHSA-FXPC-QMRH-7J2H tarteaucitron-wp WordPress Plugin Vulnerable to Stored Cross-Site Scripting

The tarteaucitron-wp WordPress plugin before 0.3.0 allows author level and above users to add HTML into a post/page, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

4.8CVSS6AI score0.00254EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/05/07 2:20 p.m.8 views

CVE-2025-47626 WordPress Submission DOM tracking for Contact Form 7 plugin <= 2.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in apasionados Submission DOM tracking for Contact Form 7 cf7-submission-dom-tracking allows Stored XSS.This issue affects Submission DOM tracking for Contact Form 7: from n/a through = 2.1...

5.9CVSS8.6AI score0.00226EPSS
Exploits0References1
OSV
OSV
added 2025/04/03 2:10 p.m.3 views

BIT-JOOMLA-2020-13763

In Joomla! before 3.9.19, the default settings of the global textfilter configuration do not block HTML inputs for Guest users...

7.5CVSS7AI score0.01227EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2025/02/11 2:58 p.m.6 views

jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods

A flaw was found in jQuery. HTML containing \ elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity...

6.9CVSS6.6AI score0.8383EPSS
Exploits6References6
RedhatCVE
RedhatCVE
added 2025/02/06 3:57 a.m.14 views

CVE-2021-39202

WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. In affected versions the widgets editor introduced in WordPress 5.8 beta 1 has improper handling of HTML input in the Custom HTML feature. This leads to stored XSS in the cust...

7.6CVSS5.6AI score0.0082EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 2:58 p.m.24 views

CVE-2020-15139

In MyBB before version 1.8.24, the custom MyCode BBCode for the visual editor doesn't escape input properly when rendering HTML, resulting in a DOM-based XSS vulnerability. The weakness can be exploited by pointing a victim to a page where the visual editor is active e.g. as a post or Private...

8.8CVSS6AI score0.01317EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/11/25 6:44 p.m.10 views

CVE-2024-32468 Improper neutralization of input during web page generation ("Cross-site Scripting") in deno_doc HTML generator

Deno is a runtime for JavaScript and TypeScript written in rust. Several cross-site scripting vulnerabilities existed in the denodoc crate which lead to Self-XSS with deno doc --html. 1. XSS in generated searchindex.js, denodoc outputs a JavaScript file for searching. However, the generated file...

5.4CVSS5.7AI score0.00325EPSS
Exploits0References2
CVE
CVE
added 2024/11/25 6:44 p.m.56 views

CVE-2024-32468

Deno (Rust-based runtime) with deno_doc HTML generator vulnerabilities: XSS in generated search_index.js where innerHTML is used on unsanitized HTML, and XSS via un sanitized property, method, and enum names. This affects the deno_doc component and could enable Self-XSS when using deno doc --html...

5.4CVSS5.4AI score0.00325EPSS
Exploits0References2
Rosalinux
Rosalinux
added 2024/10/03 10:17 p.m.26 views

Advisory ROSA-SA-2024-2499

Software: python-setuptools 39.2.0 OS: ROSA Virtualization 2.1 packageevrstring: python-setuptools-39.2.0-8.rv3 CVE-ID: CVE-2022-40897 BDU-ID: 2023-02445 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Python Packaging Authority package installation tools is related to insufficient input...

8.8CVSS7.6AI score0.02617EPSS
Exploits1
Debian
Debian
added 2024/09/02 8:14 p.m.13 views

[SECURITY] [DLA 3862-1] calibre security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3862-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk September 02, 2024 https://wiki.debian.org/LTS -...

7.5CVSS6.9AI score0.04986EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2024/09/02 12:0 a.m.16 views

Debian dla-3862 : calibre - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3862 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3862-1 [email protected]...

7.5CVSS7.3AI score0.04986EPSS
Exploits2References6
CNNVD
CNNVD
added 2024/07/07 12:0 a.m.7 views

Devika Cross-Site Scripting Vulnerability

Stition Devika is an advanced AI software engineer at Stition USA that understands advanced human commands, breaks them down into steps, researches relevant information, and writes code to achieve a given goal. Devika suffers from a cross-site scripting vulnerability that stems from improper...

8.1CVSS6.2AI score0.00477EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2024/06/25 12:0 a.m.4 views

PT-2024-22599 · Checkmk · Checkmk

Name of the Vulnerable Software and Affected Versions: Checkmk versions prior to 2.3.0p7 Checkmk versions prior to 2.2.0p28 Description: The issue allows users to execute arbitrary scripts by injecting HTML elements into some user input fields that are shown in a confirmation pop-up. This is a...

5.4CVSS6.5AI score0.00343EPSS
Exploits0References6
Veracode
Veracode
added 2024/05/24 7:45 a.m.11 views

Cross Site Scripting (XSS)

silverstripe/cms is vulnerable to Cross Site Scripting XSS. The vulnerability is due to improper escaping of HTML input in the textfields of pages referred to by VirtualPage, which allows an attacker inject and execute arbitrary JavaScript in the browser...

6.8AI score
Exploits0
OSV
OSV
added 2024/03/15 8:15 p.m.3 views

DEBIAN-CVE-2024-27351

In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5.0.3, the django.utils.text.Truncator.words method with html=True and the truncatewordshtml template filter are subject to a potential regular expression denial-of-service attack via a crafted string. NOTE: this issue exists because ...

5.3CVSS6.5AI score0.01854EPSS
Exploits0References1
Rows per page
Query Builder