Lucene search
K

857 matches found

osv
osv
added 2026/02/10 6:16 p.m.10 views

CVE-2026-21516

Improper neutralization of special elements used in a command 'command injection' in Github Copilot allows an unauthorized attacker to execute code over a network...

7.8CVSS5.9AI score0.0081EPSS
Exploits0References1
euvd
euvd
added 2026/02/04 8:25 p.m.5 views

EUVD-2026-5337

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal AT Internet Piano Analytics allows Cross-Site Scripting XSS.This issue affects AT Internet Piano Analytics: from 0.0.0 before 1.0.1, from 2.0.0 before 2.3.1...

4.8CVSS5.3AI score0.00142EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/02/04 1:20 p.m.5 views

CVE-2025-8589

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in AKCE Software Technology R Industry and Trade Inc. SKSPro allows Reflected XSS.This issue affects SKSPro: through 07012026...

7.6CVSS5.3AI score0.00258EPSS
Exploits0References1
nvd
nvd
added 2026/02/04 8:16 a.m.8 views

CVE-2026-1819

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Karel Electronics Industry and Trade Inc. ViPort allows Stored XSS. This issue affects ViPort: through 23012026...

8.8CVSS0.00322EPSS
Exploits0References2
nvd
nvd
added 2026/02/03 1:15 a.m.5 views

CVE-2025-11261

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Language/mediawiki.Language.Js. This issue affects MediaWiki: from before 1.39.15,...

6.1CVSS0.00225EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/02/03 1:4 a.m.5 views

CVE-2025-61655

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation VisualEditor. This vulnerability is associated with program files includes/ApiVisualEditorEdit.Php, modules/ve-mw/init/targets/ve.Init.Mw.DesktopArticleTarget.Js,...

5.2AI score0.00144EPSS
Exploits0References2
nvd
nvd
added 2026/01/28 8:16 p.m.21 views

CVE-2025-13983

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Tagify allows Cross-Site Scripting XSS.This issue affects Tagify: from 0.0.0 before 1.2.44...

5.4CVSS0.00136EPSS
Exploits0References1
cve
cve
added 2026/01/28 8:2 p.m.16 views

CVE-2025-13983

Summary of CVE-2025-13983 (Drupal Tagify XSS) A Cross-Site Scripting vulnerability affects the Drupal Tagify module, specifically Tagify up to version 1.2.43 (i.e., before 1.2.44). The root cause is improper neutralization of input during web page generation, which can allow attackers to inject s...

5.4CVSS5.9AI score0.00136EPSS
Exploits0References1Affected Software1
attackerkb
attackerkb
added 2026/01/28 8:1 p.m.5 views

CVE-2025-13981

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal AI Artificial Intelligence allows Cross-Site Scripting XSS.This issue affects AI Artificial Intelligence: from 0.0.0 before 1.0.7, from 1.1.0 before 1.1.7, from 1.2.0 before 1.2.4...

5.9AI score0.00118EPSS
Exploits0References2Affected Software1
nvd
nvd
added 2026/01/28 7:16 p.m.7 views

CVE-2026-0749

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Form Builder allows Cross-Site Scripting XSS.This issue affects Drupal: from 7.X-1.0 through 7.X-1.22...

6.1CVSS0.00204EPSS
Exploits1References2
attackerkb
attackerkb
added 2026/01/28 6:56 p.m.3 views

CVE-2026-0749

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Form Builder allows Cross-Site Scripting XSS.This issue affects Drupal: from 7.X-1.0 through 7.X-1.22...

4.8CVSS5.9AI score0.00204EPSS
Exploits1References3Affected Software1
ptsecurity
ptsecurity
added 2026/01/28 12:0 a.m.10 views

PT-2026-5202

Name of the Vulnerable Software and Affected Versions Drupal Tagify versions prior to 1.2.44 Description A flaw exists in Drupal Tagify that allows for Cross-Site Scripting XSS. This issue is due to improper neutralization of input during web page generation. The vulnerability could potentially...

5.4CVSS5.4AI score0.00136EPSS
Exploits0References6
cvelist
cvelist
added 2026/01/27 9:1 a.m.33 views

CVE-2026-24824 A XSS in yacy/yacy_search_server

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in yacy yacysearchserver source/net/yacy/http/servlets modules. This vulnerability is associated with program files YaCyDefaultServlet.Java. This issue affects yacysearchserver...

6.9CVSS0.00318EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/01/27 9:1 a.m.4 views

CVE-2026-24824

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in yacy yacysearchserver source/net/yacy/http/servlets modules. This vulnerability is associated with program files YaCyDefaultServlet.Java. This issue affects yacysearchserver...

6.9CVSS5.9AI score0.00318EPSS
Exploits0References2
cve
cve
added 2026/01/27 9:1 a.m.13 views

CVE-2026-24824

CVE-2026-24824 affects the YaCy yacy_search_server component, specifically the YaCyDefaultServlet.Java handlers under source/net/yacy/http/servlets. The issue is an improper neutralization of input during web page generation, i.e., an XSS vulnerability. CVSS metrics indicate a MEDIUM base score (...

6.9CVSS5.9AI score0.00318EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/01/22 4:51 p.m.4 views

CVE-2025-67960

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in purethemes WorkScout-Core workscout-core allows Reflected XSS.This issue affects WorkScout-Core: from n/a through = 1.7.06...

7.1CVSS5.3AI score0.0023EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/01/22 4:51 p.m.2 views

CVE-2025-67952

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeGoods Grand Tour grandtour allows Reflected XSS.This issue affects Grand Tour: from n/a through 5.6.2...

7.1CVSS5.3AI score0.0023EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/01/22 12:0 a.m.11 views

PT-2026-4256

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThimPress LearnPress Course Review learnpress-course-review allows Stored XSS.This issue affects LearnPress Course Review: from n/a through = 4.1.9...

5.4AI score0.00133EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/01/14 12:0 a.m.6 views

Drupal Flag 安全漏洞

Drupal Flag is a markup creation module for the Drupal community. A security vulnerability exists in Drupal Flag versions 7.X-3.0 through 7.X-3.9, which stems from improper input neutralization during page generation and could lead to a cross-site scripting attack...

5.4CVSS6AI score0.00175EPSS
Exploits1References3
redhatcve
redhatcve
added 2026/01/10 5:41 a.m.4 views

CVE-2025-68867

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in anibalwainstein Effect Maker effect-maker allows DOM-Based XSS.This issue affects Effect Maker: from n/a through = 1.2.1...

6.5CVSS5.9AI score0.00168EPSS
Exploits0References1
Rows per page
Query Builder