Lucene search
K

59099 matches found

NVD
NVD
added 2025/10/30 10:15 p.m.7 views

CVE-2024-13993

Nagios XI versions prior to 2024R1.1.2 are vulnerable to a reflected cross-site scripting XSS via the login page when accessed with older web browsers. Insufficient validation or escaping of user-supplied input reflected by the login page can allow an attacker to craft a malicious link that, when...

6.1CVSS0.00725EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/10/30 9:49 p.m.2 views

CVE-2011-10036 Nagios XI < 2011R1.9 XSS via backend_url JavaScript Link Handler

Nagios XI versions prior to 2011R1.9 are vulnerable to cross-site scripting XSS via the handling of the "backendurl" JavaScript link. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...

5.1CVSS5.8AI score0.00405EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/30 9:49 p.m.6 views

CVE-2011-10036 Nagios XI < 2011R1.9 XSS via backend_url JavaScript Link Handler

Nagios XI versions prior to 2011R1.9 are vulnerable to cross-site scripting XSS via the handling of the "backendurl" JavaScript link. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...

5.1CVSS0.00405EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/30 9:30 p.m.5 views

EUVD-2025-37194

Cross-site scripting XSS vulnerability in Zucchetti Ad Hoc Revolution 4.1 and earlier allows remote unauthenticated attackers to inject arbitrary JavaScript via the pHtmlSource parameter of the /ahrw/jsp/gsfrfeditorHTML.jsp endpoint...

5.8AI score0.00239EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/30 9:30 p.m.3 views

EUVD-2025-37193

Cross-site scripting XSS vulnerability in Zucchetti Ad Hoc Infinity 4.2 and earlier allows remote unauthenticated attackers to inject arbitrary JavaScript via the pHtmlSource parameter of the /ahi/jsp/gsfrfeditorHTML.jsp?pHtmlSource endpoint...

5.8AI score0.00239EPSS
Exploits0References3
NVD
NVD
added 2025/10/30 6:15 p.m.8 views

CVE-2025-64112

Statmatic is a Laravel and Git powered content management system CMS. Stored XSS vulnerabilities in Collections and Taxonomies allow authenticated users with content creation permissions to inject malicious JavaScript that executes when viewed by higher-privileged users. This vulnerability is fix...

8CVSS0.00279EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/10/30 5:38 p.m.3 views

Malicious code in epic-js-error-reporting (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2383bd02db4d187842b44f1880e2a0d88e02f54e8dff17c720e4f1f00138c520 The package epic-js-error-reporting was found to contain malicious code...

7AI score
Exploits0
vulnersOsv
vulnersOsv
added 2025/10/30 5:13 p.m.6 views

0pflow (>=0.1.0-dev.0de2bc6 <=0.1.0-dev.f5622ac), 10t-images-to-pdf (=1.0.3) +13552 more potentially affected by CVE-2025-64118 via tar (>=7.5.1 <=7.5.15)

tar NPM version =7.5.1, =0.1.0-dev.0de2bc6, =0.0.1, =3.1.2, =1.0.1, =4.11.0, =1.0.1, =1.31.1, =2.0.0, =0.1.0, =0.1.0, =1.7.0-beta.7, =0.1.0, =0.1.8 and more Source cves: CVE-2025-64118 Source advisory: SNYK:JS-TAR-13782958...

6.1CVSS6.4AI score0.00128EPSS
Exploits0
OSV
OSV
added 2025/10/30 5:8 p.m.4 views

GHSA-CF57-C578-7JVV Anubis vulnerable to possible XSS via redir parameter when using subrequest auth mode

Summary When using subrequest authentication, Anubis did not perform validation of the redirect URL and redirects user to any URL scheme. While most modern browsers do not allow a redirect to javascript: URLs, it could still trigger dangerous behavior in some cases. GET...

5.1CVSS6.9AI score0.00473EPSS
Exploits0References5
NVD
NVD
added 2025/10/30 2:15 p.m.7 views

CVE-2025-50739

iib0011 omni-tools v0.4.0 is vulnerable to remote code execution via unsafe JSON deserialization...

9.8CVSS0.00598EPSS
Exploits0References2
NVD
NVD
added 2025/10/30 11:15 a.m.51 views

CVE-2025-53883

A Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability allows attackers to run arbitrary javascript via a reflected XSS issue in the search fields.This issue affects Container suse/manager/5.0/x8664/server:latest: from ? before 5.0.28-150600.3.36.8; SUSE Manag...

9.3CVSS0.00268EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/30 10:50 a.m.20 views

CVE-2025-53883 spacewalk-java has various XSS issues on search page

A Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability allows attackers to run arbitrary javascript via a reflected XSS issue in the search fields.This issue affects Container suse/manager/5.0/x8664/server:latest: from ? before 5.0.28-150600.3.36.8; SUSE Manag...

9.3CVSS0.00268EPSS
Exploits0References1
Hacker One
Hacker One
added 2025/10/30 2:36 a.m.10 views

Revive Adserver: Stored-XSS in Banner Name field

Version: ==revive-adserver 6.0.0== Summary: A stored Cross-Site Scripting XSS vulnerability exists in the Banner → Name field. An attacker can create or edit a banner with a malicious payload in the Name field; that payload is stored and later executed in the browser of users who were added to th...

5.4CVSS5.2AI score0.0038EPSS
Exploits1
Packet Storm
Packet Storm
added 2025/10/30 12:0 a.m.127 views

📄 LEPTON 7.4.0 Cross Site Scripting

LEPTON version 7.4.0 suffers from a persistent cross site scripting vulnerability. Exploit Title: LEPTON 7.4.0 - Stored Cross-Site Scripting XSS Exploit Author: tmrswrr / Hulya KARABAG Vendor Homepage: https://lepton-cms.org/ Software Link:...

6.4AI score
Exploits0
Packet Storm
Packet Storm
added 2025/10/30 12:0 a.m.177 views

📄 WBCE CMS 1.6.4 Cross Site Scripting

WBCE CMS version 1.6.4 suffers from a persistent cross site scripting vulnerability. Exploit Title: WBCE CMS 1.6.4 - Stored Cross-Site Scripting XSS Date: 2025-10-29 Exploit Author: Chokri Hammedi Vendor Homepage: https://wbce.org/ Software Link: https://github.com/WBCE/WBCECMS/releases/tag/v1.6....

6.4AI score
Exploits0
Vulnrichment
Vulnrichment
added 2025/10/30 12:0 a.m.1 views

CVE-2025-52179

Cross-site scripting XSS vulnerability in Zucchetti Ad Hoc Revolution 4.1 and earlier allows remote unauthenticated attackers to inject arbitrary JavaScript via the pHtmlSource parameter of the /ahrw/jsp/gsfrfeditorHTML.jsp endpoint...

6AI score0.00239EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/10/30 12:0 a.m.5 views

SUSE多款产品 安全漏洞

SUSE Manager and SUSE Manager Server are both products of SUSE Germany.SUSE Manager is a Linux server management system. The system provides automated software management, system configuration, and monitoring.SUSE Manager Server is an infrastructure management solution designed to simplify and...

9.3CVSS6AI score0.00268EPSS
Exploits0References1
CVE
CVE
added 2025/10/30 12:0 a.m.16 views

CVE-2025-52179

CVE-2025-52179 is an XSS vulnerability in Zucchetti Ad Hoc Revolution 4.1 and earlier. It allows remote unauthenticated attackers to inject arbitrary JavaScript via the pHtmlSource parameter of the /ahrw/jsp/gsfr_feditorHTML.jsp endpoint. Affected software: Zucchetti Ad Hoc Revolution up to versi...

6.1CVSS6AI score0.00239EPSS
Exploits0References2
CVE
CVE
added 2025/10/30 12:0 a.m.16 views

CVE-2025-52180

Summary: CVE-2025-52180 is a cross-site scripting (XSS) flaw in Zucchetti Ad Hoc Infinity 4.2 and earlier. The issue arises from an unvalidated pHtmlSource parameter at the endpoint /ahi/jsp/gsfr_feditorHTML.jsp?pHtmlSource, enabling remote, unauthenticated attackers to inject arbitrary JavaScrip...

6.1CVSS6AI score0.00239EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2025/10/30 12:0 a.m.6 views

PT-2025-44398

Name of the Vulnerable Software and Affected Versions Container suse/manager versions prior to 5.0.28-150600.3.36.8 SUSE Manager Server LTS 4.3 versions prior to 4.3.88-150400.3.113.5 Description An Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS issue exists, allowing...

9.3CVSS5.9AI score0.00268EPSS
Exploits0References7
Rows per page
Query Builder