Lucene search
K

18 matches found

CVE
CVE
added 2026/06/05 1:24 p.m.22 views

CVE-2026-50235

Affected software: Lyrion Music Server 9.2.0. Vulnerability: reflected XSS in advanced search parameters that fail to sanitize user input before displaying it in search forms. Impact: can execute arbitrary JavaScript in users’ browsers and potentially steal session information. Exploitation/Detai...

6.1CVSS5.6AI score0.00158EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.13 views

PT-2026-46954

Lyrion Music Server 9.2.0 contains a reflected cross-site scripting vulnerability in advanced search parameters that fail to properly sanitize user input before displaying it in search forms. Attackers can inject malicious scripts through unfiltered search parameters to execute arbitrary JavaScri...

6.1CVSS5.6AI score0.00158EPSS
Exploits2References3
EUVD
EUVD
added 2026/03/30 6:31 p.m.4 views

EUVD-2026-17101

A Reflected Cross-Site Scripting XSS vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the addstock.php file via the "msg" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML...

9.3CVSS6AI score0.00321EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/03/30 12:0 a.m.2 views

CVE-2026-30559

A Reflected Cross-Site Scripting XSS vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the addsales.php file via the "msg" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML...

6AI score0.00266EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/03/30 12:0 a.m.6 views

PT-2026-29032

A Reflected Cross-Site Scripting XSS vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the view supplier.php file via the "limit" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script o...

6.1CVSS6AI score0.0021EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/03/30 12:0 a.m.5 views

PT-2026-29042

A Reflected Cross-Site Scripting XSS vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the add supplier.php file via the "msg" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or...

6AI score0.00252EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/03/28 4:56 a.m.4 views

CVE-2026-30569

A Reflected Cross-Site Scripting XSS vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the viewstockavailability.php file via the "limit" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web...

6.1CVSS6AI score0.00266EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/27 12:0 a.m.1 views

CVE-2026-30571

A Reflected Cross-Site Scripting XSS vulnerability exists in SourceCodester Sales and Inventory System 1.0 in the viewcategory.php file via the "limit" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL...

6.1CVSS6AI score0.00266EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/03/27 12:0 a.m.4 views

PT-2026-28412

A Reflected Cross-Site Scripting XSS vulnerability exists in SourceCodester Inventory System 1.0 in the view category.php file via the "limit" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL...

6AI score0.00266EPSS
Exploits1References2
CVE
CVE
added 2025/12/01 12:0 a.m.12 views

CVE-2025-63526

The affected product is the Blood Bank Management System (abs.php). The vulnerability is a cross-site scripting (XSS) flaw caused by improper sanitization/encoding of user input before rendering in the response. An attacker can inject malicious JavaScript into the msg parameter, which is executed...

8.5CVSS5.5AI score0.0028EPSS
Exploits1References3Affected Software1
Snyk
Snyk
added 2025/11/20 7:41 a.m.1 views

Cross-site Scripting (XSS)

Overview lightgallery is an A lightweight, customizable, modular, responsive, lightbox gallery plugin for jQuery. Affected versions of this package are vulnerable to Cross-site Scripting XSS via insufficient input sanitization and output escaping of attributes. An attacker can execute arbitrary w...

6.4CVSS5.9AI score0.00209EPSS
Exploits0References2
OSV
OSV
added 2025/09/19 6:15 a.m.6 views

CVE-2025-10458

Parameters are not validated or sanitized, and are later used in various internal operations...

7.6CVSS5.5AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:20 a.m.3 views

CVE-2023-21410

User provided input is not sanitized on the AXIS License Plate Verifier specific “api.cgi” allowing for arbitrary code execution...

8.8CVSS7.5AI score0.00749EPSS
Exploits0References1
OSV
OSV
added 2022/06/13 1:15 p.m.2 views

CVE-2022-1532

Themify WordPress plugin before 1.3.8 does not sanitise and escape the page parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting...

6.1CVSS5.8AI score
Exploits0References1
OSV
OSV
added 2020/09/04 5:31 p.m.9 views

GHSA-QCFF-FFX3-M25C Command Injection in meta-git

All versions of meta-git are vulnerable to Command Injection. The package fails to sanitize input and passes it directly to an exec call, which may allow attackers to execute arbitrary code in the system. The clone command is vulnerable through the branch name. Recommendation No fix is currently...

8.1AI score
Exploits0References2
OSV
OSV
added 2020/05/08 12:15 p.m.4 views

CVE-2020-12014

Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Input is not properly sanitized and may allow an attacker to inject SQL commands...

7.5CVSS5.8AI score0.01529EPSS
Exploits0References2
OSV
OSV
added 2018/03/06 3:29 p.m.2 views

CVE-2018-7650

PHP Scripts Mall Hot Scripts Clone:Script Classified Version 3.1 Application is vulnerable to stored XSS within the "Add New" function for a Management User. Within the "Add New" section, the application does not sanitize user supplied input to the name parameter, and renders injected JavaScript...

4.8CVSS5.8AI score0.00548EPSS
Exploits1References1
Exploit DB
Exploit DB
added 2008/03/25 12:0 a.m.46 views

TopperMod 2.0 - SQL Injection

Author: GiReX mySite: girex.altervista.org CMS: TopperMod v2.0 Site: rtcw.ch/mio/index.php Bug: SQL Injection Type: 1 - Priviledge Escalation from user to mod 2 - Remote user password change File: /account/index.php Var : $localita Need: magicquotesgpc = Off You must be logged in Vuln Code:...

7.4AI score
Exploits0
Rows per page
Query Builder