Lucene search
K

5968 matches found

Cvelist
Cvelist
added 2025/04/08 8:3 p.m.13 views

CVE-2025-30292 ColdFusion | Cross-site Scripting (Reflected XSS) (CWE-79)

ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's...

6.1CVSS0.12031EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/08 2:27 p.m.21 views

CVE-2025-22465

Reflected XSS in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote unauthenticated attacker to execute arbitrary javascript in a victim's browser. Unlikely user interaction is required...

6.1CVSS0.00625EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/04/07 4:46 p.m.13 views

tarteaucitron.js allows url scheme injection via unfiltered inputs

A vulnerability was identified in tarteaucitron.js, allowing a user with high privileges access to the site's source code or a CMS plugin to enter a URL containing an insecure scheme such as javascript:alert. Before the fix, URL validation was insufficient, which could allow arbitrary JavaScript...

4.8CVSS7.3AI score0.00307EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2025/04/07 2:52 p.m.9 views

CVE-2025-31476 tarteaucitron.js allows url scheme injection via unfiltered inputs

tarteaucitron.js is a compliant and accessible cookie banner. A vulnerability was identified in tarteaucitron.js, allowing a user with high privileges access to the site's source code or a CMS plugin to enter a URL containing an insecure scheme such as javascript:alert. Before the fix, URL...

4.8CVSS0.00307EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/04/07 2:52 p.m.9 views

CVE-2025-31476 tarteaucitron.js allows url scheme injection via unfiltered inputs

tarteaucitron.js is a compliant and accessible cookie banner. A vulnerability was identified in tarteaucitron.js, allowing a user with high privileges access to the site's source code or a CMS plugin to enter a URL containing an insecure scheme such as javascript:alert. Before the fix, URL...

4.8CVSS7AI score0.00307EPSS
Exploits0References2
CVE
CVE
added 2025/04/07 2:52 p.m.70 views

CVE-2025-31476

Summary: CVE-2025-31476 affects tarteaucitron.js. A vulnerability caused by insufficient URL validation allowed a user with high privileges to insert URLs with insecure schemes (e.g., javascript:alert()) that could lead to arbitrary JavaScript execution when a link is clicked. The issue enables e...

4.8CVSS7AI score0.00307EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2025/04/07 2:52 p.m.6 views

CVE-2025-31476 tarteaucitron.js allows url scheme injection via unfiltered inputs

tarteaucitron.js is a compliant and accessible cookie banner. A vulnerability was identified in tarteaucitron.js, allowing a user with high privileges access to the site's source code or a CMS plugin to enter a URL containing an insecure scheme such as javascript:alert. Before the fix, URL...

4.8CVSS6.8AI score0.00307EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/04/07 12:0 a.m.3 views

PT-2025-15240 · Unknown · Tarteaucitron.Js

Name of the Vulnerable Software and Affected Versions: tarteaucitron.js versions prior to 1.20.1 Description: A vulnerability was identified in tarteaucitron.js, allowing a user with high privileges to enter a URL containing an insecure scheme, such as javascript:alert. Insufficient URL validatio...

4.8CVSS6.2AI score0.00307EPSS
Exploits0References11
CNNVD
CNNVD
added 2025/04/07 12:0 a.m.2 views

tarteaucitron.js 跨站脚本漏洞

tarteaucitron.js is a cookie manager for the Amauri CHAMPEAUX individual developer. A cross-site scripting vulnerability exists in tarteaucitron.js that stems from insufficient URL validation and could lead to arbitrary JavaScript execution...

4.8CVSS6AI score0.00307EPSS
Exploits0References3
OSV
OSV
added 2025/04/04 2:9 p.m.9 views

GHSA-CQ88-842X-2JHP Miniflux Media Proxy vulnerable to Stored Cross-site Scripting due to improper Content-Security-Policy configuration

Summary Due to a weak Content Security Policy on the /proxy/ route, an attacker can bypass the CSP of the media proxy and execute cross-site scripting when opening external images in a new tab/window. Impact A malicious feed added to Miniflux can execute arbitrary JavaScript in the user's browser...

4.8CVSS6.9AI score0.00357EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/04/03 12:0 a.m.4 views

pgAdmin 安全漏洞

pgAdmin is pgAdmin open source an open source management and development platform for the open source database PostgreSQL. A security vulnerability exists in pgAdmin 9.1 and earlier versions, which stems from a cross-site scripting attack that could result in arbitrary HTML or JavaScript executio...

9.1CVSS8.6AI score0.00302EPSS
Exploits0References2
OSV
OSV
added 2025/04/02 5:25 p.m.3 views

GHSA-MQQG-XJHJ-WFGW Stored XSS in Miniflux when opening a broken image due to unescaped ServerError in proxy handler

Impact Since v2.0.25, Miniflux will automatically proxy images served over HTTP to prevent mixed content errors. When an outbound request made by the Go HTTP client fails, the html.ServerError is returned unescaped without the expected Content Security Policy header added to valid responses. By...

4.8CVSS7.6AI score0.00586EPSS
Exploits0References9
Github Security Blog
Github Security Blog
added 2025/04/02 5:25 p.m.17 views

Stored XSS in Miniflux when opening a broken image due to unescaped ServerError in proxy handler

Impact Since v2.0.25, Miniflux will automatically proxy images served over HTTP to prevent mixed content errors. When an outbound request made by the Go HTTP client fails, the html.ServerError is returned unescaped without the expected Content Security Policy header added to valid responses. By...

5.4CVSS7.6AI score0.00586EPSS
Exploits0References9Affected Software1
AlpineLinux
AlpineLinux
added 2025/04/02 7:15 a.m.4 views

CVE-2024-45699

The endpoint /zabbix.php?action=export.valuemaps suffers from a Cross-Site Scripting vulnerability via the backurl parameter. This is caused by the reflection of user-supplied data without appropriate HTML escaping or output encoding. As a result, a JavaScript payload may be injected into the abo...

7.5CVSS6.4AI score0.00327EPSS
Exploits0References2
Exploit DB
Exploit DB
added 2025/04/02 12:0 a.m.292 views

Elaine's Realtime CRM Automation 6.18.17 - Reflected XSS

Exploit Title: Elaine's Realtime CRM Automation 6.18.17 - Reflected XSS Date: 09/2024 Exploit Author: Haythem Arfaoui CBTW Team Vendor Homepage: https://www.elaine.io/ Software Link: https://www.elaine.io/en/products/elaine-marketing-automation/ Version: 6.18.17 and below Tested on: Windows, Linu...

6.1CVSS6.4AI score0.01121EPSS
Exploits3
Tenable Nessus
Tenable Nessus
added 2025/04/01 12:0 a.m.12 views

Amazon Linux 2 : firefox (ALASFIREFOX-2025-036)

The version of firefox installed on the remote host is prior to 128.8.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2FIREFOX-2025-036 advisory. Requests initiated through reader mode did not properly omit cookies with a SameSite attribute. This vulnerability...

8.1CVSS8AI score0.00644EPSS
Exploits2References22
OSV
OSV
added 2025/03/31 7:15 a.m.3 views

CVE-2025-3019

KNIME Business Hub is affected by several cross-site scripting vulnerabilities in its web pages. If a user clicks on a malicious link or opens a malicious web page, arbitrary Java Script may be executed with this user's permissions. This can lead to information loss and/or modification of existin...

7.2CVSS5.8AI score0.00253EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/31 6:49 a.m.15 views

CVE-2025-3019 Cross-site scripting vulnerabilities in KNIME Business Hub web pages

KNIME Business Hub is affected by several cross-site scripting vulnerabilities in its web pages. If a user clicks on a malicious link or opens a malicious web page, arbitrary Java Script may be executed with this user's permissions. This can lead to information loss and/or modification of existin...

5.3CVSS0.00253EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/03/28 6:24 p.m.10 views

CVE-2025-27405

Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. A vulnerability in versions prior to 2.11.5 and 2.12.13 allows an attacker to craft a URL that, once visited by any user, allows to embed arbitrary Javascript into Icinga Web and to act on behalf of tha...

7.6CVSS7.2AI score0.00306EPSS
Exploits0References1
NVD
NVD
added 2025/03/28 11:15 a.m.6 views

CVE-2025-2869

Reflected Cross-Site Scripting XSS vulnerability in version 1.0 of the Clinic Queuing System. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the id parameter in /manageuser.php...

6.1CVSS0.00198EPSS
Exploits0References1
Rows per page
Query Builder