Lucene search
K

59102 matches found

EUVD
EUVD
added 2025/10/23 9:31 p.m.4 views

EUVD-2025-35718

Hashicorp Vault and Vault Enterprise vulnerable to a denial of service when processing JSON...

7.5CVSS6.3AI score0.00517EPSS
Exploits0References4
OSV
OSV
added 2025/10/23 9:31 p.m.4 views

GHSA-WVV5-5G6X-HP7J MCMS reflected cross-site scripting (XSS) vulnerability

A reflected cross-site scripting XSS vulnerability in MCMS v6.0.1 allows attackers to execute arbitrary Javascript in the context of a user's browser via a crafted payload...

6.1CVSS6AI score0.00223EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/23 9:31 p.m.4 views

EUVD-2025-35713

MCMS reflected cross-site scripting XSS vulnerability...

6.1CVSS5.3AI score0.00223EPSS
Exploits0References5
Snyk
Snyk
added 2025/10/23 9:31 p.m.3 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper input sanitization. An attacker can execute arbitrary JavaScript code in the context of a user's browser by tricking a user into clicking a crafted link or submitting a malicious payload. Details...

6.1CVSS5.3AI score0.00223EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/10/23 9:31 p.m.7 views

MCMS reflected cross-site scripting (XSS) vulnerability

A reflected cross-site scripting XSS vulnerability in MCMS v6.0.1 allows attackers to execute arbitrary Javascript in the context of a user's browser via a crafted payload...

6.1CVSS6AI score0.00223EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2025/10/23 8:31 p.m.7 views

EUVD-2025-35708

rollbar vulnerable to Prototype Pollution in merge...

5.9CVSS6.4AI score0.00358EPSS
Exploits0References6
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/23 8:18 p.m.4 views

Security Bulletin: multiple vulerability in IBM Spectrum Symphony with Node.js

Summary multiple vulerability in IBM Spectrum Symphony with Node.js Vulnerability Details CVEID:CVE-2024-27982 DESCRIPTION: The team has identified a critical vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling...

8.2CVSS7.7AI score0.87211EPSS
Exploits1Affected Software1
OSV
OSV
added 2025/10/23 7:46 p.m.2 views

MAL-2025-48869 Malicious code in skiko-wasm-js (npm)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/10/23 7:16 p.m.4 views

CVE-2025-62248

A reflected cross-site scripting XSS vulnerability, resulting from a regression, has been identified in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.9, 2025.Q1.0 through 2025.Q1.16, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through...

4.8CVSS6AI score0.00216EPSS
Exploits0References1
OSV
OSV
added 2025/10/23 7:15 p.m.3 views

CVE-2025-60837

A reflected cross-site scripting XSS vulnerability in MCMS v6.0.1 allows attackers to execute arbitrary Javascript in the context of a user's browser via a crafted payload...

6.1CVSS5.9AI score0.00223EPSS
Exploits0References3
OSV
OSV
added 2025/10/23 10:15 a.m.7 views

CVE-2025-9981

QuickCMS is vulnerable to multiple Stored XSS in slider editor functionality sliders-form. Malicious attacker with admin privileges can inject arbitrary HTML and JS into website, which will be rendered/executed on every page. By default admin user is not able to add JavaScript into the website. T...

4.8CVSS5.8AI score0.00176EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/23 9:37 a.m.3 views

CVE-2025-9981 Multiple Stored XSS in QuickCMS

QuickCMS is vulnerable to multiple Stored XSS in slider editor functionality sliders-form. Malicious attacker with admin privileges can inject arbitrary HTML and JS into website, which will be rendered/executed on every page. By default admin user is not able to add JavaScript into the website. T...

4.8CVSS5.9AI score0.00176EPSS
Exploits0References2
CVE
CVE
added 2025/10/23 9:37 a.m.13 views

CVE-2025-9980

CVE-2025-9980 describes a Stored XSS vulnerability in QuickCMS, specifically in the page editor (pages-form). The issue allows a malicious actor with admin privileges to inject arbitrary HTML/JavaScript that is rendered/executed when visiting the edited page. The public material notes that only v...

4.8CVSS6AI score0.00176EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2025/10/23 12:0 a.m.4 views

Open Solution QuickCMS 跨站脚本漏洞

Open Solution QuickCMS is an Open Solution open source content management system. A cross-site scripting vulnerability exists in Open Solution QuickCMS version 6.8, which stems from multiple stored cross-site scripting vulnerabilities in the slider editor feature, which could lead to the injectio...

4.8CVSS6.3AI score0.00176EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/10/23 12:0 a.m.5 views

MingSoft MCMS 安全漏洞

MingSoft MCMS is a complete open source J2ee system from China's MingFei MingSoft. A security vulnerability exists in MingSoft MCMS version v6.0.1, which originates from reflective cross-site scripting and could lead to an attacker executing arbitrary Javascript in a user's browser environment...

6.1CVSS5.9AI score0.00223EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/10/23 12:0 a.m.4 views

PT-2025-43542

Name of the Vulnerable Software and Affected Versions MCMS version 6.0.1 Description A reflected cross-site scripting XSS issue exists in MCMS version 6.0.1. This allows attackers to execute arbitrary Javascript in the context of a user’s browser through a crafted payload. The attack vector...

6.1CVSS5.8AI score0.00223EPSS
Exploits0References13
CVE
CVE
added 2025/10/23 12:0 a.m.10 views

CVE-2025-60837

MCMS v6.0.1 is affected by a reflected XSS vulnerability (CVE-2025-60837). The issue enables an attacker to execute arbitrary JavaScript in a user’s browser via a crafted payload. The CVE entry lists CVSS v3.1 base metrics: AV:N, AC:L, PR:N, UI:R, S:C, C:L, I:L, A:N, with a base score of 6.1 (Med...

6.1CVSS5.6AI score0.00223EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2025/10/22 9:31 p.m.2 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the definition parameter of the Dynamic Data Mapping portlet. An authenticated attacker can execute arbitrary JavaScript code in the context of a user's browser by crafting a malicious request and tricking a...

4.8CVSS5.2AI score0.00216EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2025/10/22 7:56 p.m.4 views

thunderbird: firefox: Some non-writable Object properties could be modified

A flaw was found in Thunderbird and Firefox. The Mozilla Foundation's Security Advisory describes the following issue: There was a way to change the value of JavaScript Object properties that were supposed to be non-writeable...

6.5CVSS6.5AI score0.0021EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/10/22 6:18 p.m.8 views

CVE-2025-12031

HTTP Security Misconfiguration - Lacking Secure and HTTPOnly Attribute may allow reading the sensitive cookies from the javascript contextThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...

5.3CVSS7AI score0.0019EPSS
Exploits0References1
Rows per page
Query Builder