Lucene search
K

5663 matches found

EUVD
EUVD
added 2026/05/27 8:48 a.m.12 views

EUVD-2026-32155

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Averta Master Slider allows DOM-Based XSS. This issue affects Master Slider: from n/a through 3.10.8...

6.5CVSS5.8AI score0.00182EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/27 8:35 a.m.10 views

EUVD-2025-209955

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RiceTheme Felan Framework allows Reflected XSS. This issue affects Felan Framework: from n/a through 1.1.3...

7.1CVSS5.8AI score0.0018EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/27 8:34 a.m.14 views

CVE-2025-13167

Improper neutralization of input during web page generation 'Cross-site Scripting' vulnerability in contact functionality in Synology Contacts before 1.0.10-20659 allows remote authenticated users to read or write specific files containing non-sensitive information via unspecified vectors...

5.4CVSS5.8AI score0.00254EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/25 10:28 p.m.10 views

CVE-2026-45435

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Melapress WP Activity Log allows DOM-Based XSS. This issue affects WP Activity Log: from n/a through 5.6.3...

6.5CVSS5.8AI score0.00197EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.12 views

WordPress plugin WP Activity Log 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

6.5CVSS5.7AI score0.00197EPSS
Exploits0References1
NVD
NVD
added 2026/05/20 1:16 p.m.13 views

CVE-2026-24573

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themeisle Visualizer allows Stored XSS. This issue affects Visualizer: from n/a before 4.0.0...

6.5CVSS0.00166EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/20 12:31 a.m.12 views

EUVD-2026-30997

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Orejime allows Cross-Site Scripting XSS. This issue affects Orejime: from 0.0.0 before 2.0.16...

5.8AI score0.00196EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/20 12:31 a.m.12 views

Drupal core allows Cross-Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Drupal core allows Cross-Site Scripting XSS. This issue affects Drupal core: from 11.3.0 before 11.3.7...

6.1CVSS5.4AI score0.00201EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/05/19 11:16 p.m.12 views

CVE-2026-6367

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Drupal core allows Cross-Site Scripting XSS. This issue affects Drupal core: from 11.3.0 before 11.3.7...

6.1CVSS0.00201EPSS
Exploits0References1
NVD
NVD
added 2026/05/19 11:16 p.m.17 views

CVE-2026-6871

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Obfuscate allows Cross-Site Scripting XSS. This issue affects Obfuscate: from 0.0.0 before 2.0.2...

6.1CVSS0.00196EPSS
Exploits0References1
NVD
NVD
added 2026/05/19 11:16 p.m.19 views

CVE-2026-8493

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Colorbox Inline allows Cross-Site Scripting XSS. This issue affects Colorbox Inline: from 0.0.0 before 2.1.1...

5.4CVSS0.00177EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/19 10:28 p.m.9 views

CVE-2026-6871 Obfuscate - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-033

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Obfuscate allows Cross-Site Scripting XSS. This issue affects Obfuscate: from 0.0.0 before 2.0.2...

5.8AI score0.00196EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/19 10:27 p.m.9 views

CVE-2026-6365

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Drupal core allows Cross-Site Scripting XSS. This issue affects Drupal core: from 8.0.0 before 10.5.9, from 10.6.0 before 10.6.7, from 11.0.0 before 11.2.11, from 11.3.0 before 11.3.7...

5.8AI score0.00238EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/19 10:26 p.m.21 views

CVE-2026-6095

The CVE-2026-6095 issue affects Orejime (0.0.0 to 2.0.15) and is a Cross-site Scripting (XSS) vulnerability caused by Improper Neutralization of Input During Web Page Generation, specifically the IframeConsent element writing HTML attributes without escaping. This can allow malicious input to inj...

6.1CVSS5.8AI score0.00196EPSS
Exploits0References1Affected Software1
RedHat Linux
RedHat Linux
added 2026/05/19 9:22 a.m.11 views

org.apache.tomcat/tomcat-juli: tomcat: Apache Tomcat: console manipulation

An improper input neutralization flaw has been discovered in Apache Tomcat. Tomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a...

9.6CVSS7.3AI score0.09917EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/05/18 8:54 a.m.9 views

CVE-2026-7498 Stored XSS in Basamak Informatics' DernekWeb

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Basamak Information Technology Consulting and Organization Trade Ltd. Co. DernekWeb allows Stored XSS. This issue affects DernekWeb: through 30122025...

8.8CVSS5.8AI score0.00303EPSS
Exploits0References1
CVE
CVE
added 2026/05/18 8:54 a.m.20 views

CVE-2026-7498

CVE-2026-7498 describes a Stored XSS in DernekWeb (Basamak Information Technology Consulting and Organization Trade Ltd. Co.) caused by improper neutralization of input during web page generation. Affected: DernekWeb up to 30122025. CVSSv3.1: 8.8 (HIGH) with NETWORK attack, NO privileges, UI requ...

8.8CVSS5.8AI score0.00303EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/18 12:0 a.m.14 views

EUVD-2026-30782

HSC MailInspector 5.3.3-7 is vulnerable to Cross Site Scripting XSS in the /police/WarningUrlPage.php endpoint due to improper neutralization of user-supplied input that uses alternate or obfuscated JavaScript syntax...

6.1CVSS5.8AI score0.00195EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.11 views

PT-2026-41708

HSC MailInspector 5.3.3-7 is vulnerable to Cross Site Scripting XSS in the /police/WarningUrlPage.php endpoint due to improper neutralization of user-supplied input that uses alternate or obfuscated JavaScript syntax...

5.8AI score0.00195EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/05/18 12:0 a.m.43 views

CVE-2026-29965

HSC MailInspector 5.3.3-7 is vulnerable to Cross Site Scripting XSS in the /police/WarningUrlPage.php endpoint due to improper neutralization of user-supplied input that uses alternate or obfuscated JavaScript syntax...

0.00195EPSS
Exploits1References3
Rows per page
Query Builder