Lucene search
K

59103 matches found

RedhatCVE
RedhatCVE
added 2025/10/21 12:23 a.m.11 views

CVE-2025-61417

Cross-Site Scripting XSS vulnerability exists in TastyIgniter 3.7.7, affecting the /admin/mediamanager component. Attackers can upload a malicious SVG file containing JavaScript code. When an administrator previews the file, the code executes in their browser context, allowing the attacker to...

8.8CVSS6.1AI score0.00546EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2025/10/21 12:0 a.m.5 views

Node.js Express DevMode Enabled

Node.js Express installed on the remote host is configured to operate in development mode devMode. While this environment can help speed up development of web applications, it can leak information about the underlying web applications as well as the installation of Express, Node.js. No source dat...

6.7AI score
Exploits0References1
CNNVD
CNNVD
added 2025/10/21 12:0 a.m.4 views

Moodle GeniAI plugin 安全漏洞

Moodle GeniAI plugin is a large modeling plugin for Moodle open source. A security vulnerability exists in Moodle GeniAI plugin version 2.3.6, which stems from an uncleaned JavaScript embedded in PDF files and could lead to a cross-site scripting attack...

8.9CVSS6AI score0.00282EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/10/21 12:0 a.m.3 views

CVE-2025-61255

Bank Locker Management System by PHPGurukul is affected by a Cross-Site Scripting XSS vulnerability via the /search parameter, where unsanitized input allows arbitrary HTML and JavaScript injection, potentially resulting in information disclosure and user redirection...

5.1AI score0.00224EPSS
Exploits0References2
CVE
CVE
added 2025/10/21 12:0 a.m.10 views

CVE-2025-61255

CVE-2025-61255 is a cross-site scripting (XSS) vulnerability affecting the Bank Locker Management System by PHPGurukul, exploitable through the /search parameter where unsanitized input allows arbitrary HTML/JavaScript injection. This can lead to information disclosure and user redirection. The i...

6.1CVSS5.1AI score0.00224EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2025/10/21 12:0 a.m.12 views

CVE-2025-60507

CVE-2025-60507 describes a cross-site scripting vulnerability in Moodle GeniAI plugin (local_geniai) version 2.3.6. An authenticated user with the Teacher role can upload a PDF containing embedded JavaScript. The system outputs a direct HTML link to the uploaded file without sanitization, enablin...

8.9CVSS5.9AI score0.00282EPSS
Exploits0References4
CVE
CVE
added 2025/10/21 12:0 a.m.38 views

CVE-2025-56800

The vulnerability CVE-2025-56800 affects Reolink Desktop Application version 8.18.12. Local authentication can be bypassed because lock screen logic runs in client-side JavaScript within the Electron bundle, exposing the password via a.settingsManager.lockScreenPassword. An attacker with local ac...

5.1CVSS6.3AI score0.00242EPSS
Exploits2References2Affected Software1
EUVD
EUVD
added 2025/10/21 12:0 a.m.12 views

EUVD-2025-35200

Cross site scripting vulnerability in Moodle GeniAI plugin localgeniai 2.3.6. An authenticated user with Teacher role can upload a PDF containing embedded JavaScript. The assistant outputs a direct HTML link to the uploaded file without sanitization. When other users including Students or...

8.9CVSS5.7AI score0.00282EPSS
Exploits0References7
CNNVD
CNNVD
added 2025/10/21 12:0 a.m.12 views

GI-DocGen Cross-Site Scripting Vulnerability

GI-DocGen is an open source document generation library for GNOME. GI-DocGen suffers from a cross-site scripting vulnerability that stems from susceptibility to cross-site scripting attacks that could lead to the execution of JavaScript code in a web environment...

6.1CVSS5.8AI score0.00337EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/21 12:0 a.m.4 views

EUVD-2025-35227

Reolink desktop application 8.18.12 contains a vulnerability in its local authentication mechanism. The application implements lock screen password logic entirely on the client side using JavaScript within an Electron resource file. Because the password is stored and returned via a modifiable...

5.1CVSS6.2AI score0.00242EPSS
Exploits2References2
Cvelist
Cvelist
added 2025/10/21 12:0 a.m.14 views

CVE-2025-60507

Cross site scripting vulnerability in Moodle GeniAI plugin localgeniai 2.3.6. An authenticated user with Teacher role can upload a PDF containing embedded JavaScript. The assistant outputs a direct HTML link to the uploaded file without sanitization. When other users including Students or...

8.9CVSS0.00282EPSS
Exploits0References4
Snyk
Snyk
added 2025/10/20 8:42 p.m.3 views

Cross-site Scripting (XSS)

Overview taguette is a Free and open source qualitative research tool Affected versions of this package are vulnerable to Cross-site Scripting XSS via the tag name, tag description, document name and document description. An attacker can execute arbitrary JavaScript code in the context of another...

5.4CVSS5.5AI score0.00161EPSS
Exploits0References2
OSV
OSV
added 2025/10/20 8:15 p.m.7 views

PYSEC-2025-188

Taguette is an open source qualitative research tool. An issue has been discovered in Taguette versions prior to 1.5.0. It was possible for a project member to put JavaScript in name or description fields which would run on project load. This issue has been patched in version 1.5.0...

5.4CVSS5.7AI score0.00161EPSS
Exploits0References2
PyPA
PyPA
added 2025/10/20 8:15 p.m.9 views

PYSEC-2025-188

Taguette is an open source qualitative research tool. An issue has been discovered in Taguette versions prior to 1.5.0. It was possible for a project member to put JavaScript in name or description fields which would run on project load. This issue has been patched in version 1.5.0...

5.4CVSS5.7AI score0.00161EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2025/10/20 8:15 p.m.4 views

CVE-2025-62528

Taguette is an open source qualitative research tool. An issue has been discovered in Taguette versions prior to 1.5.0. It was possible for a project member to put JavaScript in name or description fields which would run on project load. This issue has been patched in version 1.5.0...

5.4CVSS0.00161EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/20 8:3 p.m.3 views

EUVD-2025-35096

Taguette is an open source qualitative research tool. An issue has been discovered in Taguette versions prior to 1.5.0. It was possible for a project member to put JavaScript in name or description fields which would run on project load. This issue has been patched in version 1.5.0...

5.4CVSS6.2AI score0.00161EPSS
Exploits0References3
CVE
CVE
added 2025/10/20 8:3 p.m.13 views

CVE-2025-62528

CVE-2025-62528 affects Taguette

5.4CVSS6.3AI score0.00161EPSS
Exploits0References2Affected Software1
RedHat Linux
RedHat Linux
added 2025/10/20 7:14 p.m.4 views

thunderbird: firefox: Some non-writable Object properties could be modified

A flaw was found in Thunderbird and Firefox. The Mozilla Foundation's Security Advisory describes the following issue: There was a way to change the value of JavaScript Object properties that were supposed to be non-writeable...

6.5CVSS6.5AI score0.0021EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2025/10/20 7:6 p.m.4 views

thunderbird: firefox: Some non-writable Object properties could be modified

A flaw was found in Thunderbird and Firefox. The Mozilla Foundation's Security Advisory describes the following issue: There was a way to change the value of JavaScript Object properties that were supposed to be non-writeable...

6.5CVSS6.5AI score0.0021EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/20 3:33 p.m.6 views

EUVD-2025-31060

rollbar vulnerable to prototype pollution...

7.5CVSS6.3AI score0.00365EPSS
Exploits0References7
Rows per page
Query Builder