Lucene search
K

59103 matches found

RedhatCVE
RedhatCVE
added 2025/10/22 6:18 p.m.8 views

CVE-2025-12031

HTTP Security Misconfiguration - Lacking Secure and HTTPOnly Attribute may allow reading the sensitive cookies from the javascript contextThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...

5.3CVSS7AI score0.0019EPSS
Exploits0References1
Snyk
Snyk
added 2025/10/22 3:51 p.m.5 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via improper handling of reserved data attributes in the Sanitizer::validateAttributes function. An attacker can execute arbitrary JavaScript in the context of the user's browser by injecting malicious scripts...

3.7CVSS5.5AI score0.00267EPSS
Exploits0References2
OSV
OSV
added 2025/10/22 9:15 a.m.6 views

CVE-2025-11952

Stored Cross-site Scripting XSS in Oct8ne Chatbot v2.3. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by injecting a malicious payload through the creation of a transcript that is sent by email. This vulnerability can be exploited to steal sensitive user...

6.1CVSS5.9AI score0.00177EPSS
Exploits0References1
CVE
CVE
added 2025/10/22 8:22 a.m.11 views

CVE-2025-11952

CVE-2025-11952 describes a stored XSS in Oct8ne Chatbot v2.3. The flaw arises from input validation failure when creating a mail transcript via /Records/SendSummaryMail, allowing injected JavaScript to run in a victim's browser. Impact stated: potential theft of sensitive data (e.g., session cook...

6.1CVSS5.9AI score0.00177EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2025/10/22 2:1 a.m.5 views

MAL-2025-48552 Malicious code in tailwindcss-awesomefont (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 85ee9e62f66e09344e931a1854ac52622771856fda95ece5f148374cc50b406b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/22 12:11 a.m.10 views

CVE-2025-60507

Cross site scripting vulnerability in Moodle GeniAI plugin localgeniai 2.3.6. An authenticated user with Teacher role can upload a PDF containing embedded JavaScript. The assistant outputs a direct HTML link to the uploaded file without sanitization. When other users including Students or...

8.9CVSS6.2AI score0.00282EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/22 12:11 a.m.7 views

CVE-2025-60506

Moodle PDF Annotator plugin v1.5 release 9 allows stored cross-site scripting XSS via the Public Comments feature. An attacker with a low-privileged account e.g., Student can inject arbitrary JavaScript payloads into a comment. When any other user Student, Teacher, or Admin views the annotated PD...

5.4CVSS5.9AI score0.00197EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/10/22 12:0 a.m.5 views

TencentOS Server 3: firefox (TSSA-2025:0792)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0792 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

9.8CVSS8.1AI score0.0053EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2025/10/21 9:33 p.m.8 views

Liferay Portal reflected cross-site scripting (XSS) vulnerability in the google_gaget

A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q3.0 through 2025.Q3.2, 2025.Q2.0 through 2025.Q2.12, 2025.Q1.0 through 2025.Q1.17, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13,...

6.9CVSS5.9AI score0.00224EPSS
Exploits0References6Affected Software1
RedhatCVE
RedhatCVE
added 2025/10/21 8:29 p.m.12 views

CVE-2025-62528

Taguette is an open source qualitative research tool. An issue has been discovered in Taguette versions prior to 1.5.0. It was possible for a project member to put JavaScript in name or description fields which would run on project load. This issue has been patched in version 1.5.0...

5.4CVSS6.7AI score0.00161EPSS
Exploits0References1
NVD
NVD
added 2025/10/21 7:21 p.m.3 views

CVE-2025-61255

Bank Locker Management System by PHPGurukul is affected by a Cross-Site Scripting XSS vulnerability via the /search parameter, where unsanitized input allows arbitrary HTML and JavaScript injection, potentially resulting in information disclosure and user redirection...

6.1CVSS0.00224EPSS
Exploits0References2
NVD
NVD
added 2025/10/21 7:21 p.m.5 views

CVE-2025-56800

Reolink desktop application 8.18.12 contains a vulnerability in its local authentication mechanism. The application implements lock screen password logic entirely on the client side using JavaScript within an Electron resource file. Because the password is stored and returned via a modifiable...

5.1CVSS0.00242EPSS
Exploits2References2
NVD
NVD
added 2025/10/21 6:15 p.m.11 views

CVE-2025-60507

Cross site scripting vulnerability in Moodle GeniAI plugin localgeniai 2.3.6. An authenticated user with Teacher role can upload a PDF containing embedded JavaScript. The assistant outputs a direct HTML link to the uploaded file without sanitization. When other users including Students or...

8.9CVSS0.00282EPSS
Exploits0References4
OSV
OSV
added 2025/10/21 6:15 p.m.4 views

CVE-2025-12031

HTTP Security Misconfiguration - Lacking Secure and HTTPOnly Attribute may allow reading the sensitive cookies from the javascript contextThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...

5.3CVSS5.8AI score0.0019EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/21 6:12 p.m.10 views

CVE-2025-62249

A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q3.0 through 2025.Q3.2, 2025.Q2.0 through 2025.Q2.12, 2025.Q1.0 through 2025.Q1.17, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13,...

6.9CVSS0.00224EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/21 6:12 p.m.1 views

CVE-2025-62249

A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q3.0 through 2025.Q3.2, 2025.Q2.0 through 2025.Q2.12, 2025.Q1.0 through 2025.Q1.17, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13,...

6.9CVSS5.5AI score0.00224EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/21 5:22 p.m.8 views

EUVD-2025-35196

HTTP Security Misconfiguration - Lacking Secure and HTTPOnly Attribute may allow reading the sensitive cookies from the javascript contextThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...

5.3CVSS6.4AI score0.0019EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/21 5:22 p.m.7 views

CVE-2025-12031 HTTP Security Misconfiguration - Lacking Secure and HTTPOnly Attribute

HTTP Security Misconfiguration - Lacking Secure and HTTPOnly Attribute may allow reading the sensitive cookies from the javascript contextThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...

5.3CVSS0.0019EPSS
Exploits0References1
CVE
CVE
added 2025/10/21 5:22 p.m.13 views

CVE-2025-12031

The CVE-2025-12031 entry covers Azure Access Technology BLU-IC2 and BLU-IC4 networked access controllers. The connected CNVD/RH/NVD records confirm a weakness caused by missing Secure and HttpOnly cookie attributes, enabling reading of sensitive cookies from a JavaScript context. Affected version...

5.3CVSS6.6AI score0.0019EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/10/21 6:16 a.m.2 views

EUVD-2025-35142

Malicious code in bcrypt-js-edge npm...

6.6AI score
Exploits0References1
Rows per page
Query Builder