Lucene search
K

7 matches found

RedhatCVE
RedhatCVE
added 2026/04/11 1:21 a.m.6 views

CVE-2026-35403

LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. From 15.10 to before 27.0.3 and 28.0.1, there is a potential for a cross-site scripting attack in the surveyaccounts module if a user provid...

6.5CVSS5.7AI score0.0017EPSS
Exploits0References1
NVD
NVD
added 2026/04/08 7:25 p.m.12 views

CVE-2026-35403

LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. From 15.10 to before 27.0.3 and 28.0.1, there is a potential for a cross-site scripting attack in the surveyaccounts module if a user provid...

6.5CVSS0.0017EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/08 6:27 p.m.22 views

CVE-2026-35403 LORIS has potential cross-site scripting in survey_accounts module

LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. From 15.10 to before 27.0.3 and 28.0.1, there is a potential for a cross-site scripting attack in the surveyaccounts module if a user provid...

6.5CVSS0.0017EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/08 6:27 p.m.3 views

CVE-2026-35403 LORIS has potential cross-site scripting in survey_accounts module

LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. From 15.10 to before 27.0.3 and 28.0.1, there is a potential for a cross-site scripting attack in the surveyaccounts module if a user provid...

6.5CVSS5.7AI score0.0017EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/08 6:27 p.m.6 views

EUVD-2026-20578

LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. From 15.10 to before 27.0.3 and 28.0.1, there is a potential for a cross-site scripting attack in the surveyaccounts module if a user provid...

6.5CVSS5.8AI score0.0017EPSS
Exploits0References1
CVE
CVE
added 2026/04/08 6:27 p.m.17 views

CVE-2026-35403

LORIS (Longitudinal Online Research and Imaging System) is affected by a cross-site scripting (XSS) vulnerability in the survey_accounts module. From version 15.10 up to (but not including) 27.0.3 and 28.0.1, a user-provided invalid visit label can trigger XSS because the response payload is JSON...

6.5CVSS5.8AI score0.0017EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.11 views

PT-2026-31429

LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. From 15.10 to before 27.0.3 and 28.0.1, there is a potential for a cross-site scripting attack in the survey accounts module if a user...

6.5CVSS5.8AI score0.0017EPSS
Exploits0References2
Rows per page
Query Builder