Lucene search
K

59137 matches found

Kaspersky
Kaspersky
added 2025/10/14 12:0 a.m.4 views

KLA89242 Multiple vulnerabilities in Mozilla Thunderbird

Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, obtain sensitive information, bypass security restrictions, perform cross-site scripting attack. Below is a complete list of...

9.8CVSS7.8AI score0.00465EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/10/14 12:0 a.m.9 views

PT-2025-41968

Name of the Vulnerable Software and Affected Versions Home Assistant versions 2025.1.0 through 2025.10.1 Description Home Assistant is home automation software that prioritizes local control and privacy. The energy dashboard is susceptible to stored cross-site scripting. An authenticated user can...

5.3CVSS6.1AI score0.00519EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2025/10/13 10:11 p.m.10 views

LibreNMS is vulnerable to Reflected-XSS in `report_this` function

Summary Reflected-XSS in reportthis function in librenms/includes/functions.php Details Recently, it was discovered that the reportthis function had improper filtering htmlentities function was incorrectly used in a href environment, which caused the projectissues parameter to trigger an XSS...

6.9CVSS6.6AI score0.00226EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2025/10/13 12:31 p.m.2 views

GHSA-GXP8-M5RQ-3M38 QGIS QWC2 Cross-Site Scripting vulnerability

Cross-Site Scripting vulnerability in attribute table in QGIS QWC2 2025.08.14 allows an authorized attacker to plant arbitrary JavaScript code in the page...

6.9CVSS6.5AI score0.00401EPSS
Exploits0References3
The Hacker News
The Hacker News
added 2025/10/13 11:50 a.m.8 views

Why Unmonitored JavaScript Is Your Biggest Holiday Security Risk

Think your WAF has you covered? Think again. This holiday season, unmonitored JavaScript is a critical oversight allowing attackers to steal payment data while your WAF and intrusion detection systems see nothing. With the 2025 shopping season weeks away, visibility gaps must close now. Get the...

6.8AI score
Exploits0
Veracode
Veracode
added 2025/10/13 10:22 a.m.9 views

Remote Code Execution

Flowise is vulnerable toRemote Code Execution. The vulnerability is due to unsafe evaluation of user-supplied configuration in the convertToValidJSONString function executing the mcpServerConfig input as JavaScript, An attackers can use this to execute arbitrary Node.js code to run commands or...

10CVSS8AI score0.90183EPSS
Exploits21References10Affected Software1
NVD
NVD
added 2025/10/13 10:15 a.m.2 views

CVE-2025-11184

Cross-site scripting vulnerability in QGIS QWC2 Registration GUI =v2025.03.31 allows an authorized attacker to plant arbitrary JavaScript code in the page...

6.9CVSS0.00398EPSS
Exploits0References1
Snyk
Snyk
added 2025/10/13 9:41 a.m.2 views

Cross-site Scripting (XSS)

Overview qwc2 is a QGIS Web Client Affected versions of this package are vulnerable to Cross-site Scripting XSS via multiple components, including ServiceInfoWindow, SearchBox, LayerInfoWindow, and others. An attacker can execute arbitrary JavaScript code in the context of the user's browser by...

6.9CVSS5.4AI score0.00401EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/10/13 9:20 a.m.7 views

CVE-2025-11184 Cross-Site Scripting Vulnerability in QWC2 Registration GUI

Cross-site scripting vulnerability in QGIS QWC2 Registration GUI =v2025.03.31 allows an authorized attacker to plant arbitrary JavaScript code in the page...

6.9CVSS0.00398EPSS
Exploits0References1
CVE
CVE
added 2025/10/13 9:20 a.m.8 views

CVE-2025-11184

CVE-2025-11184 affects QGIS QWC2 Registration GUI up to version 2025.03.31. It enables an authorized attacker to inject arbitrary JavaScript (XSS) into the page, with potential impact to Confidentiality (High) and Integrity (Low) per CVSS. Remediation: upgrade to a version later than 2025.03.31 (...

6.9CVSS6.4AI score0.00398EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/13 9:17 a.m.1 views

CVE-2025-11183 Cross-Site Scripting Vulnerability in QWC2

Cross-Site Scripting vulnerability in attribute table in QGIS QWC2 2025.08.14 allows an authorized attacker to plant arbitrary JavaScript code in the page...

6.9CVSS6.1AI score0.00401EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/13 9:17 a.m.8 views

CVE-2025-11183 Cross-Site Scripting Vulnerability in QWC2

Cross-Site Scripting vulnerability in attribute table in QGIS QWC2 2025.08.14 allows an authorized attacker to plant arbitrary JavaScript code in the page...

6.9CVSS0.00401EPSS
Exploits0References1
CVE
CVE
added 2025/10/13 9:17 a.m.15 views

CVE-2025-11183

CVE-2025-11183. QGIS QWC2’s attribute table is vulnerable to Cross-Site Scripting (XSS) due to improper handling of user input, allowing an authorized attacker to inject and execute arbitrary JavaScript in the user’s browser. Affected version: QWC2

6.9CVSS6.1AI score0.00401EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/13 5:29 a.m.25 views

CVE-2025-61319

ReNgine thru 2.2.0 is vulnerable to a Stored Cross-Site Scripting XSS vulnerability in the Vulnerabilities module. When scanning a target with an XSS payload, the unsanitized payload is rendered in the ReNgine web UI, resulting in arbitrary JavaScript execution in the victim's browser. This can b...

6.1CVSS5.2AI score0.0026EPSS
Exploits1References1
CNVD
CNVD
added 2025/10/13 12:0 a.m.2 views

AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23553)

AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...

6.1CVSS6.5AI score0.00181EPSS
Exploits0References1
CNVD
CNVD
added 2025/10/13 12:0 a.m.2 views

AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23556)

AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...

6.1CVSS6.5AI score0.00181EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/13 12:0 a.m.2 views

QGIS QWC2 Registration GUI 安全漏洞

The QGIS QWC2 Registration GUI is an optional application of the Web Front End Client Framework from the QGIS organization. A security vulnerability exists in QGIS QWC2 Registration GUI v2025.03.31 and earlier versions, which originates from an authorized attacker who can plant arbitrary JavaScri...

6.9CVSS6.2AI score0.00398EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/13 12:0 a.m.3 views

QGIS QWC2 安全漏洞

QGIS QWC2 is a web front-end client framework from the QGIS organization. A security vulnerability exists in QGIS QWC2 versions prior to 2025.08.14, which stems from a cross-site scripting vulnerability in the attribute table that could lead to an authorized attacker planting arbitrary JavaScript...

6.9CVSS6AI score0.00401EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/10/13 12:0 a.m.5 views

PT-2025-41780

Name of the Vulnerable Software and Affected Versions QGIS QWC2 Registration GUI versions through 2025.03.31 Description A cross-site scripting issue exists in QGIS QWC2 Registration GUI. An authorized attacker can inject arbitrary JavaScript code into the page. Recommendations Update QGIS QWC2...

6.9CVSS6.1AI score0.00398EPSS
Exploits0References3
CNVD
CNVD
added 2025/10/13 12:0 a.m.3 views

AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23550)

AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...

6.1CVSS6.5AI score0.00181EPSS
Exploits0References1
Rows per page
Query Builder