Lucene search
K

91 matches found

Cvelist
Cvelist
added 2026/07/06 10:16 a.m.32 views

CVE-2025-8591 Reflected Cross-Site Scripting via URL Parameter in Multiple WSO2 Products Enables UI Modification

The software accepts user-supplied input via a URL parameter without adequate output encoding before reflecting it back to the user's browser. This condition allows an attacker to inject malicious script content into pages served by the application. By leveraging this weakness, an attacker can...

6.1CVSS0.00161EPSS
Exploits0References1
OSV
OSV
added 2026/07/02 7:37 p.m.6 views

CVE-2025-71385 Netdata < 2.3.1 - Reflected Cross-Site Scripting via love Parameter in ilove.svg Endpoint

Netdata before 2.3.1 reflects the user-supplied love query parameter of the api/v2/ilove.svg and api/v3/ilove.svg endpoints verbatim into the generated SVG document into a text element without HTML or XML escaping, and serves the response with Content-Type image/svg+xml. An attacker can craft a U...

5.1CVSS5.9AI score0.0024EPSS
Exploits0References7
NVD
NVD
added 2026/06/26 2:16 a.m.11 views

CVE-2026-50745

A missing sanitisation vulnerability exists with user input in the stats-video.php script. The way URLs to this script were constructed did not follow best practices, and the output of the Smarty custom helper function url was neither properly encoded nor sanitised, allowing user‑supplied input t...

6.1CVSS0.00224EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/06/26 1:11 a.m.8 views

CVE-2026-50745

A missing sanitisation vulnerability exists with user input in the stats-video.php script. The way URLs to this script were constructed did not follow best practices, and the output of the Smarty custom helper function url was neither properly encoded nor sanitised, allowing user‑supplied input t...

4.7CVSS5.8AI score0.00224EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/26 1:11 a.m.8 views

EUVD-2026-39605

A missing sanitisation vulnerability exists with user input in the stats-video.php script. The way URLs to this script were constructed did not follow best practices, and the output of the Smarty custom helper function url was neither properly encoded nor sanitised, allowing user‑supplied input t...

4.7CVSS5.8AI score0.00224EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/26 1:11 a.m.42 views

CVE-2026-50745

A missing sanitisation vulnerability exists with user input in the stats-video.php script. The way URLs to this script were constructed did not follow best practices, and the output of the Smarty custom helper function url was neither properly encoded nor sanitised, allowing user‑supplied input t...

4.7CVSS0.00224EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.13 views

PT-2026-52652

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description A missing sanitisation issue exists in the stats-video.php script. The construction of URLs to this script does not follow best practices, and the output of the...

6.1CVSS5.7AI score0.00224EPSS
Exploits1References7
CVE
CVE
added 2026/06/22 6:0 a.m.13 views

CVE-2026-4259

The CVE-2026-4259 entry concerns the Ultimate WooCommerce Auction Pro WordPress plugin (

7.1CVSS5.8AI score0.00146EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:37 p.m.9 views

CVE-2026-3319

Reflected Cross-Site Scripting XSS in the latest demo version of the Cradle eCommerce platform. User-controlled input is insecurely reflected in the HTML output in the endpoint /collection/. Exploitation of this vulnerability would allow an attacker to execute arbitrary JavaScript code...

5.1CVSS5.8AI score0.00318EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 6:48 p.m.10 views

CVE-2024-10242

The authentication endpoint fails to adequately validate user-supplied input before reflecting it back in the response. This allows an attacker to inject malicious script payloads into the input parameters, which are then executed by the victim's browser. Successful exploitation can enable an...

6.1CVSS5.5AI score0.0024EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/18 12:0 a.m.10 views

CVE-2026-29964

HSC MailInspector v5.3.3-7 contains a Cross-Site Scripting XSS vulnerability in the /tap/tap.php endpoint due to improper neutralization of user-controlled input using alternate or obfuscated JavaScript syntax. The endpoint reflects unsanitized user input in HTTP responses without adequate output...

6.2AI score0.00244EPSS
Exploits1References3
EUVD
EUVD
added 2026/05/18 12:0 a.m.14 views

EUVD-2026-30784

HSC MailInspector v5.3.3-7 contains a Cross-Site Scripting XSS vulnerability in the /tap/tap.php endpoint due to improper neutralization of user-controlled input using alternate or obfuscated JavaScript syntax. The endpoint reflects unsanitized user input in HTTP responses without adequate output...

6.1CVSS6.2AI score0.00244EPSS
Exploits1References3
CVE
CVE
added 2026/05/17 12:11 p.m.17 views

CVE-2018-25331

CVE-2018-25331 affects Zenar Content Management System. The vulnerability is a Cross-Site Scripting (XSS) in the ajax.php endpoint, where unsanitized user input is reflected in the response. Exploitation is possible via POST parameters (notably the current_page parameter), enabling unauthenticate...

6.1CVSS5.9AI score0.00215EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/11 6:31 p.m.11 views

EUVD-2026-29057

Reflected Cross-Site Scripting XSS in the latest demo version of the Cradle eCommerce platform. User-controlled input is insecurely reflected in the HTML output in the endpoint /product/. Exploitation of this vulnerability would allow an attacker to execute arbitrary JavaScript code...

5.1CVSS6AI score0.00318EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/11 2:26 p.m.32 views

CVE-2026-3319 Multiple vulnerabilities in Cradle e-commerce

Reflected Cross-Site Scripting XSS in the latest demo version of the Cradle eCommerce platform. User-controlled input is insecurely reflected in the HTML output in the endpoint /collection/. Exploitation of this vulnerability would allow an attacker to execute arbitrary JavaScript code...

5.1CVSS0.00318EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.10 views

PT-2026-39619

Reflected Cross-Site Scripting XSS in the latest demo version of the Cradle eCommerce platform. User-controlled input is insecurely reflected in the HTML output in the endpoint /product/. Exploitation of this vulnerability would allow an attacker to execute arbitrary JavaScript code...

5.1CVSS6AI score0.00318EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.8 views

Cradle eCommerce 跨站脚本漏洞

Cradle eCommerce is an e-commerce platform developed by Cradle Corporation, which integrates content management and online shopping features. Cradle eCommerce has a cross-site scripting vulnerability. This vulnerability arises from insecurely reflecting user-controlled inputs at endpoints/product...

5.1CVSS5.9AI score0.00318EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.12 views

Cradle eCommerce 跨站脚本漏洞

Cradle eCommerce is an e-commerce platform developed by Cradle Corporation, which integrates content management and online shopping features. Cradle eCommerce has a cross-site scripting vulnerability. This vulnerability arises from insecurely reflecting user-controlled inputs in HTML output,...

5.1CVSS5.9AI score0.00318EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.12 views

PT-2026-39618

Reflected Cross-Site Scripting XSS in the latest demo version of the Cradle eCommerce platform. User-controlled input is insecurely reflected in the HTML output in the endpoint /collection/. Exploitation of this vulnerability would allow an attacker to execute arbitrary JavaScript code...

5.1CVSS6AI score0.00318EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/07 7:34 p.m.11 views

FacturaScripts vulnerable to Reflected Cross-Site Scripting (XSS) via Cookie Manipulation

Summary A Reflected Cross-Site Scripting XSS vulnerability exists in the fsNick cookie parameter. The application reflects the cookie's value directly into the HTML without sanitization. Details The fsNick cookie is rendered into the DOM without encoding. While the server does reject the modified...

3.9CVSS5.9AI score0.00104EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder