Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

9 matches found

ATTACKERKB
ATTACKERKBadded 2026/05/22 4:12 p.m.3 views

CVE-2026-28445

Typebot is a chatbot builder tool. In versions 3.15.2 and prior, the RatingButton component in the embed package renders the user-controlled customIcon.svg field directly via Solid's innerHTML directive without any sanitization, even though DOMPurify is already a dependency and is used elsewhere ...

8.7CVSS6AI score0.00031EPSS
Exploits0References4Affected Software1
EUVD
EUVDadded 2026/03/13 8:0 p.m.2 views

EUVD-2026-11720

OneUptime: Stored XSS via Mermaid Diagram Rendering securityLevel: "loose"...

7.6CVSS5.8AI score0.00053EPSS
Exploits1References2
EUVD
EUVDadded 2026/03/11 12:13 a.m.4 views

EUVD-2026-10916

Sylius has a XSS vulnerability in checkout login form...

5.3CVSS5.8AI score0.00051EPSS
Exploits0References1
Cvelist
Cvelistadded 2025/09/15 4:43 p.m.7 views

CVE-2025-58172 drawnix debug logging cross-site scripting vulnerability

drawnix is an all in one open-source whiteboard tool. In drawnix versions through 0.2.1, a cross-site scripting XSS vulnerability exists in the debug logging functionality. User controlled content is inserted directly into the DOM via innerHTML without sanitization when the global function...

5.3CVSS0.00185EPSS
Exploits0References2
CNNVD
CNNVDadded 2025/08/19 12:0 a.m.2 views

Mermaid 跨站脚本漏洞

Mermaid is a mermaid-js open source application. Create charts and visualizations using text and code. A cross-site scripting vulnerability exists in Mermaid versions 10.9.0-rc.1 through 11.9.0, which stems from user-entered sequence diagram tags passed to innerHTML, potentially leading to...

5.3CVSS5.9AI score0.00029EPSS
Exploits0References4
RedhatCVE
RedhatCVEadded 2025/05/22 8:6 p.m.5 views

CVE-2021-37700

@github/paste-markdown is an npm package for pasting markdown objects. A self Cross-Site Scripting vulnerability exists in the @github/paste-markdown before version 0.3.4. If the clipboard data contains the string , a div is dynamically created, and the clipboard content is copied into its...

6.5CVSS6.3AI score0.00672EPSS
Exploits1References1
RedHat Linux
RedHat Linuxadded 2020/01/16 12:2 p.m.5 views

Mozilla: CSS sanitization does not escape HTML tags

When pasting a style tag from the clipboard into a rich text editor, the CSS sanitizer does not escape and characters. Because the resulting string is pasted directly into the text node of the element this does not result in a direct injection into the webpage; however, if a webpage subsequently...

6.1CVSS7.3AI score0.02423EPSS
Exploits0References5
OSV
OSVadded 2020/01/08 10:15 p.m.2 views

DEBIAN-CVE-2019-17022

When pasting a style tag from the clipboard into a rich text editor, the CSS sanitizer does not escape and characters. Because the resulting string is pasted directly into the text node of the element this does not result in a direct injection into the webpage; however, if a webpage subsequently...

6.1CVSS6.9AI score0.02423EPSS
Exploits0References1
RedHat Linux
RedHat Linuxadded 2019/09/19 3:45 a.m.3 views

Mozilla: XSS by breaking out of title and textarea elements using innerHTML

Some HTML elements, such as title and textarea, can contain literal angle brackets without treating them as markup. It is possible to pass a literal closing tag to .innerHTML on these elements, and subsequent content after that will be parsed as if it were outside the tag. This can lead to XSS if...

6.1CVSS7.2AI score0.00669EPSS
Exploits0References5
Rows per page
Query Builder