Lucene search
K

5968 matches found

RedhatCVE
RedhatCVE
added 2025/05/07 6:25 p.m.6 views

CVE-2025-4318

The AWS Amplify Studio UI component property expressions in the aws-amplify/amplify-codegen-ui package lack input validation. This could potentially allow an authenticated user who has access to create or modify components to run arbitrary JavaScript code during the component rendering and build...

9.5CVSS7AI score0.01003EPSS
Exploits0References1
NVD
NVD
added 2025/05/07 6:15 p.m.13 views

CVE-2025-46824

The Discourse Code Review Plugin allows users to review GitHub commits on Discourse. Prior to commit eed3a80, an attacker can execute arbitrary JavaScript on users' browsers by posting links to malicious GitHub commits. This problem is patched in commit eed3a80 of the discourse-code-review plugin...

3.1CVSS0.00267EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/05/07 12:0 a.m.5 views

PT-2025-20284 · Discourse · Discourse Code Review Plugin

Name of the Vulnerable Software and Affected Versions: Discourse Code Review Plugin versions prior to commit eed3a80 Description: The issue allows an attacker to execute arbitrary JavaScript on users' browsers by posting links to malicious GitHub commits. This is a problem with the Discourse Code...

3.1CVSS7AI score0.00267EPSS
Exploits0References10
Github Security Blog
Github Security Blog
added 2025/05/05 8:40 p.m.64 views

league/commonmark contains a XSS vulnerability in Attributes extension

Summary Cross-site scripting XSS vulnerability in the Attributes extension of the league/commonmark library versions 1.5.0 through 2.6.x allows remote attackers to insert malicious JavaScript calls into HTML. Details The league/commonmark library provides configuration options such as htmlinput:...

6.4CVSS5.3AI score0.00287EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2025/05/05 7:15 p.m.13 views

CVE-2025-4318

The AWS Amplify Studio UI component property expressions in the aws-amplify/amplify-codegen-ui package lack input validation. This could potentially allow an authenticated user who has access to create or modify components to run arbitrary JavaScript code during the component rendering and build...

9.5CVSS0.01003EPSS
Exploits0References5
OSV
OSV
added 2025/05/05 6:50 p.m.8 views

CVE-2025-46719 Open WebUI vulnerable to stored XSS via unescaped markdown token in MarkdownTokens.svelte leading to full account takeover and RCE via functions

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.6.6, a vulnerability in the way certain html tags in chat messages are rendered allows attackers to inject JavaScript code into a chat transcript. The JavaScript code will be...

6.4CVSS6.8AI score0.00431EPSS
Exploits1References5
OSV
OSV
added 2025/05/05 6:45 p.m.9 views

CVE-2025-46571 Open WebUI vulnerable to limited stored XSS vila uploaded html file

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.6.6, low privileged users can upload HTML files which contain JavaScript code via the /api/v1/files/ backend endpoint. This endpoint returns a file id, which can be used to open t...

6.3CVSS6.9AI score0.00288EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/05/05 12:0 a.m.3 views

Amplify Codegen UI 安全漏洞

Amplify Codegen UI is an AWS Amplify open source React component generated for use in the AWS Amplify project. A security vulnerability exists in Amplify Codegen UI that stems from a lack of input validation for AWS Amplify Studio UI component property expressions, which could lead to the executi...

9.5CVSS8.7AI score0.01003EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/03 2:48 p.m.23 views

CVE-2024-11390

Unrestricted upload of a file with dangerous type in Kibana can lead to arbitrary JavaScript execution in a victim’s browser XSS via crafted HTML and JavaScript files. The attacker must have access to the Synthetics app AND/OR have access to write to the synthetics indices...

5.4CVSS6.6AI score0.0027EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/02 9:16 p.m.21 views

CVE-2022-27562

Unsafe default file type filter policy in HCL Domino Volt allows upload of .html file and execution of unsafe JavaScript in deployed applications...

4.6CVSS7.1AI score0.00218EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/02 9:16 p.m.17 views

CVE-2022-42449

Unsafe default file type filter policy in HCL Domino Volt allows upload of .html file and execution of unsafe JavaScript in deployed applications...

4.6CVSS7.1AI score0.00218EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/02 7:20 p.m.26 views

CVE-2025-46558

XWiki Contrib's Syntax Markdown allows importing Markdown content into wiki pages and creating wiki content in Markdown. In versions starting from 8.2 to before 8.9, the Markdown syntax is vulnerable to cross-site scripting XSS through HTML. In particular, using Markdown syntax, it's possible for...

9CVSS5.9AI score0.00392EPSS
Exploits1References1
NVD
NVD
added 2025/05/02 6:15 a.m.49 views

CVE-2025-47201

In Intrexx Portal Server before 12.0.4, multiple Velocity-Scripts are susceptible to the execution of unrequested JavaScript code in HTML, aka XSS...

5.4CVSS0.00186EPSS
Exploits0References1
CVE
CVE
added 2025/05/02 12:0 a.m.65 views

CVE-2025-47201

CVE-2025-47201 affects Intrexx Portal Server prior to 12.0.4. The issue stems from multiple Velocity-Scripts that may execute unrequested JavaScript in HTML, enabling a cross-site scripting (XSS) condition. Exploitation details are not provided in the documents. Remediation: update to version 12....

5.4CVSS7.2AI score0.00186EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/05/02 12:0 a.m.10 views

CVE-2025-47201

In Intrexx Portal Server before 12.0.4, multiple Velocity-Scripts are susceptible to the execution of unrequested JavaScript code in HTML, aka XSS...

4.4CVSS7.1AI score0.00186EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/05/02 12:0 a.m.20 views

RabbitMQ < 3.13.8 / 4.0.x < 4.0.3 XSS (GHSA-g58g-82mw-9m3p)

RabbitMQ is a messaging and streaming broker. Versions prior to 4.0.3 are vulnerable to a sophisticated attack that could modify virtual host name on disk and then make it unrecoverable with other on disk file modifications can lead to arbitrary JavaScript code execution in the browsers of...

6.1CVSS6.8AI score0.00203EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/01 4:18 p.m.19 views

CVE-2025-40616

Reflected Cross-Site Scripting XSS vulnerability in Bookgy. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the "IDRESERVA" parameter in /bkgimprimircomprobante.php...

5.1CVSS5.9AI score0.00194EPSS
Exploits0References3
NVD
NVD
added 2025/05/01 2:15 p.m.7 views

CVE-2024-11390

Unrestricted upload of a file with dangerous type in Kibana can lead to arbitrary JavaScript execution in a victim’s browser XSS via crafted HTML and JavaScript files. The attacker must have access to the Synthetics app AND/OR have access to write to the synthetics indices...

5.4CVSS0.0027EPSS
Exploits0References1
OSV
OSV
added 2025/05/01 2:15 p.m.3 views

CVE-2024-11390

Unrestricted upload of a file with dangerous type in Kibana can lead to arbitrary JavaScript execution in a victim’s browser XSS via crafted HTML and JavaScript files. The attacker must have access to the Synthetics app AND/OR have access to write to the synthetics indices...

5.4CVSS6.9AI score
Exploits0References1
CVE
CVE
added 2025/05/01 1:11 p.m.52 views

CVE-2024-11390

Kibana is affected by CVE-2024-11390: an Unrestricted Upload of a File with a Dangerous Type can lead to arbitrary JavaScript execution (XSS) in a victim’s browser via crafted HTML/JavaScript files. This requires access to the Synthetics app or write access to synthetics indices. Affected version...

5.4CVSS5.5AI score0.0027EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder