Lucene search
K

5968 matches found

Snyk
Snyk
added 2025/04/29 2:38 p.m.4 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the showUploadForm method, any malicious unauthenticated user can create a link that can be clicked on in the victim context to perform arbitrary actions. An attacker can execute arbitrary JavaScript code by...

7.6CVSS5.6AI score0.00582EPSS
Exploits1References2
CVE
CVE
added 2025/04/29 11:36 a.m.74 views

CVE-2025-3929

CVE-2025-3929 concerns the MDaemon Email Server (versions 25.0.1 and below). The issue is a stored XSS vulnerability where an attacker can send a specially crafted HTML email containing JavaScript in an img tag. When viewed in a webmail client, this could execute arbitrary JavaScript in the user’...

6.1CVSS5.9AI score0.00474EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/04/29 4:34 a.m.9 views

CVE-2025-46338 Audiobookshelf Vulnerable to Cross-Site-Scripting Reflected via POST Request in /api/upload

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to version 2.21.0, an improper input handling vulnerability in the /api/upload endpoint allows an attacker to perform a reflected cross-site scripting XSS attack by submitting malicious payloads in the libraryId field. The...

6.9CVSS5.8AI score0.00292EPSS
Exploits1References2
OSV
OSV
added 2025/04/29 4:34 a.m.7 views

CVE-2025-46338 Audiobookshelf Vulnerable to Cross-Site-Scripting Reflected via POST Request in /api/upload

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to version 2.21.0, an improper input handling vulnerability in the /api/upload endpoint allows an attacker to perform a reflected cross-site scripting XSS attack by submitting malicious payloads in the libraryId field. The...

6.9CVSS6.1AI score0.00292EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/04/29 12:0 a.m.8 views

PT-2025-18174 · Bookgy · Bookgy

Name of the Vulnerable Software and Affected Versions: Bookgy affected versions not specified Description: A Reflected Cross-Site Scripting XSS issue exists, allowing an attacker to execute JavaScript code in a victim's browser. This is achieved by sending a malicious URL through the IDRESERVA...

5.1CVSS5.6AI score0.00194EPSS
Exploits0References5
NVD
NVD
added 2025/04/28 3:15 a.m.11 views

CVE-2025-3706

The eHRMS from 104 Corporation has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks...

6.1CVSS0.00262EPSS
Exploits0References2
CVE
CVE
added 2025/04/28 2:39 a.m.58 views

CVE-2025-3706

Summary: CVE-2025-3706 affects the eHRMS from 104 Corporation. The vulnerability is a Reflected Cross-Site Scripting flaw that enables unauthenticated remote attackers to execute arbitrary JavaScript in a user’s browser via phishing attacks. Affected software: eHRMS (V202412 and prior versions me...

6.1CVSS6.4AI score0.00262EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/04/26 6:7 a.m.7 views

CVE-2025-29526

A Cross-Site Scripting XSS vulnerability in the search function of Q4 Inc Investor Relations Platform v5.147.1.2 allows attackers to execute arbitrary Javascript via injecting a crafted payload into the SearchTerm parameter...

6.1CVSS6.1AI score0.00202EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/04/26 12:7 a.m.7 views

CVE-2025-32951

Jmix is a set of libraries and tools to speed up Spring Boot data-centric application development. In versions 1.0.0 to 1.6.1 and 2.0.0 to 2.3.4, the input parameter, which consists of a file path and name, can be manipulated to return the Content-Type header with text/html if the name part ends...

6.4CVSS6.8AI score0.00291EPSS
Exploits0References1
NVD
NVD
added 2025/04/24 9:15 p.m.19 views

CVE-2022-44760

Unsafe default file type filter policy in HCL Leap allows execution of unsafe JavaScript in deployed applications...

4.6CVSS0.00218EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/24 8:37 p.m.7 views

CVE-2022-44760 HCL Leap is affected by an unrestricted upload of file with dangerous type vulnerability

Unsafe default file type filter policy in HCL Leap allows execution of unsafe JavaScript in deployed applications...

4.6CVSS7.3AI score0.00218EPSS
Exploits0References1
CVE
CVE
added 2025/04/24 8:37 p.m.54 views

CVE-2022-44760

CVE-2022-44760 concerns HCL Leap where an unsafe default file type filter policy in Leap permits execution of unsafe JavaScript in deployed applications. The root cause listed is the default file type filtering policy, leading to potential unsafe script execution. Documented impacts indicate unsa...

4.6CVSS4.9AI score0.00218EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2025/04/23 5:16 p.m.7 views

CVE-2025-29526

A Cross-Site Scripting XSS vulnerability in the search function of Q4 Inc Investor Relations Platform v5.147.1.2 allows attackers to execute arbitrary Javascript via injecting a crafted payload into the SearchTerm parameter...

6.1CVSS0.00202EPSS
Exploits0References2
CVE
CVE
added 2025/04/23 11:36 a.m.138 views

CVE-2025-2703

CVE-2025-2703 affects Grafana’s built-in XY Chart plugin through a DOM XSS flaw. The advisory text states that a user with Editor permissions can modify a panel to execute arbitrary JavaScript, indicating that the vulnerability stems from client-side script handling in the chart component and cou...

6.8CVSS6.5AI score0.10611EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/04/23 11:36 a.m.8 views

CVE-2025-2703

The built-in XY Chart plugin is vulnerable to a DOM XSS vulnerability. A user with Editor permissions is able to modify such a panel in order to make it execute arbitrary JavaScript...

6.8CVSS6.5AI score0.10611EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/04/23 11:36 a.m.57 views

CVE-2025-2703

The built-in XY Chart plugin is vulnerable to a DOM XSS vulnerability. A user with Editor permissions is able to modify such a panel in order to make it execute arbitrary JavaScript...

6.8CVSS0.10611EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2025/04/23 10:11 a.m.6 views

firefox: thunderbird: Use-after-free triggered by XSLTProcessor

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: JavaScript code running while transforming a document with the XSLTProcessor could lead to a use-after-free...

6.5CVSS6.8AI score0.00767EPSS
Exploits1References10
Cvelist
Cvelist
added 2025/04/23 12:0 a.m.9 views

CVE-2025-29526

A Cross-Site Scripting XSS vulnerability in the search function of Q4 Inc Investor Relations Platform v5.147.1.2 allows attackers to execute arbitrary Javascript via injecting a crafted payload into the SearchTerm parameter...

0.00202EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/04/23 12:0 a.m.6 views

CVE-2025-29526

A Cross-Site Scripting XSS vulnerability in the search function of Q4 Inc Investor Relations Platform v5.147.1.2 allows attackers to execute arbitrary Javascript via injecting a crafted payload into the SearchTerm parameter...

6AI score0.00202EPSS
Exploits0References2
NVD
NVD
added 2025/04/22 6:16 p.m.10 views

CVE-2025-32960

The CUBA REST API add-on performs operations on data and entities. Prior to version 7.2.7, the input parameter, which consists of a file path and name, can be manipulated to return the Content-Type header with text/html if the name part ends with .html. This could allow malicious JavaScript code ...

6.4CVSS0.00262EPSS
Exploits0References5
Rows per page
Query Builder