Lucene search
K

5968 matches found

Cvelist
Cvelist
added 2025/05/01 1:11 p.m.11 views

CVE-2024-11390 Kibana Unrestricted Upload of File with Dangerous Type Can Lead to XSS

Unrestricted upload of a file with dangerous type in Kibana can lead to arbitrary JavaScript execution in a victim’s browser XSS via crafted HTML and JavaScript files. The attacker must have access to the Synthetics app AND/OR have access to write to the synthetics indices...

5.4CVSS0.0027EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/01 5:12 a.m.23 views

CVE-2025-46338

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to version 2.21.0, an improper input handling vulnerability in the /api/upload endpoint allows an attacker to perform a reflected cross-site scripting XSS attack by submitting malicious payloads in the libraryId field. The...

6.9CVSS6AI score0.00292EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/05/01 12:0 a.m.4 views

PT-2025-18389 · Elastic · Kibana

Name of the Vulnerable Software and Affected Versions: Kibana affected versions not specified Description: The issue allows for the unrestricted upload of files with dangerous types, potentially leading to arbitrary JavaScript execution in a victim's browser, resulting in a cross-site scripting X...

5.4CVSS5.3AI score0.0027EPSS
Exploits0References6
NVD
NVD
added 2025/04/30 9:15 p.m.23 views

CVE-2022-42449

Unsafe default file type filter policy in HCL Domino Volt allows upload of .html file and execution of unsafe JavaScript in deployed applications...

5.4CVSS0.00218EPSS
Exploits0References1
NVD
NVD
added 2025/04/30 9:15 p.m.16 views

CVE-2022-27562

Unsafe default file type filter policy in HCL Domino Volt allows upload of .html file and execution of unsafe JavaScript in deployed applications...

5.4CVSS0.00218EPSS
Exploits0References1
OSV
OSV
added 2025/04/30 9:15 p.m.7 views

CVE-2022-27562

Unsafe default file type filter policy in HCL Domino Volt allows upload of .html file and execution of unsafe JavaScript in deployed applications...

5.4CVSS5.9AI score0.00218EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/30 9:1 p.m.23 views

CVE-2022-42449 HCL Domino Volt is affected by an unrestricted upload of a dangerous file type

Unsafe default file type filter policy in HCL Domino Volt allows upload of .html file and execution of unsafe JavaScript in deployed applications...

4.6CVSS0.00218EPSS
Exploits0References1
CVE
CVE
added 2025/04/30 9:1 p.m.53 views

CVE-2022-42449

CVE-2022-42449 affects HCL Domino Volt. The root cause is an unsafe default file-type filtering policy that allows uploading .html files, enabling execution of unsafe JavaScript in deployed applications. Documents consistently describe the issue but do not provide a confirmed patch version or rem...

5.4CVSS7.2AI score0.00218EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/04/30 8:54 p.m.19 views

CVE-2022-27562 HCL Domino Volt is affected by an unrestricted upload of a dangerous file type

Unsafe default file type filter policy in HCL Domino Volt allows upload of .html file and execution of unsafe JavaScript in deployed applications...

4.6CVSS0.00218EPSS
Exploits0References1
CVE
CVE
added 2025/04/30 8:54 p.m.57 views

CVE-2022-27562

CVE-2022-27562 is reported across multiple sources as a vulnerability in HCL Domino Volt caused by an unsafe default file-type filtering policy. This policy allows uploading of .html files and the execution of unsafe JavaScript in deployed applications, without publicly documented a fix in the co...

5.4CVSS5AI score0.00218EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2025/04/30 7:15 p.m.43 views

CVE-2025-46558

XWiki Contrib's Syntax Markdown allows importing Markdown content into wiki pages and creating wiki content in Markdown. In versions starting from 8.2 to before 8.9, the Markdown syntax is vulnerable to cross-site scripting XSS through HTML. In particular, using Markdown syntax, it's possible for...

9CVSS0.00392EPSS
Exploits1References3
OSV
OSV
added 2025/04/30 4:53 p.m.25 views

GHSA-8G2J-RHFH-HQ3R org.xwiki.contrib.markdown:syntax-markdown-commonmark12 vulnerable to XSS via Markdown content

Impact The Markdown syntax is vulnerable to XSS through HTML. In particular, using Markdown syntax, it's possible for any user to embed Javascript code that will then be executed on the browser of any other user visiting either the document or the comment that contains it. In the instance that th...

9CVSS6.1AI score0.00392EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/04/30 12:0 a.m.6 views

PT-2025-18331 · Hcl · Hcl Domino Volt

Name of the Vulnerable Software and Affected Versions: HCL Domino Volt affected versions not specified Description: The issue concerns an unsafe default file type filter policy that allows the upload of .html files, leading to the execution of unsafe JavaScript in deployed applications. This coul...

4.6CVSS6.2AI score0.00218EPSS
Exploits0References5
NVD
NVD
added 2025/04/29 4:15 p.m.13 views

CVE-2025-40616

Reflected Cross-Site Scripting XSS vulnerability in Bookgy. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the "IDRESERVA" parameter in /bkgimprimircomprobante.php...

6.1CVSS0.00194EPSS
Exploits0References1
NVD
NVD
added 2025/04/29 4:15 p.m.15 views

CVE-2025-40615

Reflected Cross-Site Scripting XSS vulnerability in Bookgy. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the "TEXTO" parameter in /api/apiajustes.php...

6.1CVSS0.00194EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/29 3:40 p.m.8 views

CVE-2025-40616 Reflected Cross-Site Scripting (XSS) vulnerability in Bookgy

Reflected Cross-Site Scripting XSS vulnerability in Bookgy. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the "IDRESERVA" parameter in /bkgimprimircomprobante.php...

5.1CVSS5.6AI score0.00194EPSS
Exploits0References1
CVE
CVE
added 2025/04/29 3:40 p.m.54 views

CVE-2025-40616

Bookgy’s CVE-2025-40616 is a reflected XSS in the IDRESERVA parameter of /bkg_imprimir_comprobante.php. The vulnerability arises from unsanitized input reflected in the response, allowing an attacker to execute JavaScript in the victim’s browser. Connected sources confirm the issue but do not spe...

6.1CVSS5.6AI score0.00194EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/04/29 3:40 p.m.19 views

CVE-2025-40615 Reflected Cross-Site Scripting (XSS) vulnerability in Bookgy

Reflected Cross-Site Scripting XSS vulnerability in Bookgy. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the "TEXTO" parameter in /api/apiajustes.php...

5.1CVSS0.00194EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/29 3:40 p.m.9 views

CVE-2025-40615 Reflected Cross-Site Scripting (XSS) vulnerability in Bookgy

Reflected Cross-Site Scripting XSS vulnerability in Bookgy. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the "TEXTO" parameter in /api/apiajustes.php...

5.1CVSS5.6AI score0.00194EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/04/29 2:49 p.m.21 views

YesWiki Stored XSS Vulnerability in Comments

Summary A stored cross-site scripting XSS vulnerability was discovered in the application’s comments feature. This issue allows a malicious actor to inject JavaScript payloads that are stored and later executed in the browser of any user viewing the affected comment. The XSS occurs because the...

6.3CVSS5AI score0.00276EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder