Lucene search
K

5968 matches found

NVD
NVD
added 2025/03/28 11:15 a.m.10 views

CVE-2025-2870

Reflected Cross-Site Scripting XSS vulnerability in version 1.0 of the Clinic Queuing System. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the page parameter in /patientside.php...

6.1CVSS0.00198EPSS
Exploits0References1
NVD
NVD
added 2025/03/28 11:15 a.m.12 views

CVE-2025-2868

Reflected Cross-Site Scripting XSS vulnerability in version 1.0 of the Clinic Queuing System. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the page parameter in /index.php...

6.1CVSS0.00198EPSS
Exploits0References1
CVE
CVE
added 2025/03/28 10:49 a.m.71 views

CVE-2025-2870

CVE-2025-2870 is a reflected Cross-Site Scripting (XSS) vulnerability in the Clinic Queuing System v1.0. The issue arises via the page parameter in /patient_side.php, enabling an attacker to induce the victim’s browser to execute injected JavaScript when the link is used. This is documented acros...

6.1CVSS6.1AI score0.00198EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/03/28 10:49 a.m.6 views

CVE-2025-2870 Reflected Cross-Site Scripting (XSS) vulnerability in Clinic Queuing System

Reflected Cross-Site Scripting XSS vulnerability in version 1.0 of the Clinic Queuing System. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the page parameter in /patientside.php...

4.8CVSS6.1AI score0.00198EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/28 10:49 a.m.14 views

CVE-2025-2870 Reflected Cross-Site Scripting (XSS) vulnerability in Clinic Queuing System

Reflected Cross-Site Scripting XSS vulnerability in version 1.0 of the Clinic Queuing System. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the page parameter in /patientside.php...

4.8CVSS0.00198EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/28 10:49 a.m.20 views

CVE-2025-2869 Reflected Cross-Site Scripting (XSS) vulnerability in Clinic Queuing System

Reflected Cross-Site Scripting XSS vulnerability in version 1.0 of the Clinic Queuing System. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the id parameter in /manageuser.php...

4.8CVSS0.00198EPSS
Exploits0References1
CVE
CVE
added 2025/03/28 10:49 a.m.48 views

CVE-2025-2869

CVE-2025-2869 is a reflected XSS vulnerability in Clinic Queuing System version 1.0. The issue arises from the id parameter in /manage_user.php, allowing an attacker to inject JavaScript that executes in a victim’s browser when the URL is viewed. Connected sources corroborate a reflective XSS pat...

6.1CVSS6.1AI score0.00198EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/03/28 10:49 a.m.7 views

CVE-2025-2869 Reflected Cross-Site Scripting (XSS) vulnerability in Clinic Queuing System

Reflected Cross-Site Scripting XSS vulnerability in version 1.0 of the Clinic Queuing System. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the id parameter in /manageuser.php...

4.8CVSS6.1AI score0.00198EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/28 10:48 a.m.20 views

CVE-2025-2868 Reflected Cross-Site Scripting (XSS) vulnerability in Clinic Queuing System

Reflected Cross-Site Scripting XSS vulnerability in version 1.0 of the Clinic Queuing System. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the page parameter in /index.php...

4.8CVSS0.00198EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/28 10:48 a.m.7 views

CVE-2025-2868 Reflected Cross-Site Scripting (XSS) vulnerability in Clinic Queuing System

Reflected Cross-Site Scripting XSS vulnerability in version 1.0 of the Clinic Queuing System. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the page parameter in /index.php...

4.8CVSS6.1AI score0.00198EPSS
Exploits0References1
CVE
CVE
added 2025/03/28 10:48 a.m.51 views

CVE-2025-2868

The CVE-2025-2868 entry describes a Reflected XSS in Clinic Queuing System version 1.0. The vulnerability allows an attacker to execute JavaScript in a victim’s browser by supplying a malicious URL to the page parameter in /index.php. Affected software is the Clinic Queuing System (v1.0). The pro...

6.1CVSS6.1AI score0.00198EPSS
Exploits0References1Affected Software1
Snyk
Snyk
added 2025/03/27 6:0 p.m.4 views

Cross-site Scripting (XSS)

Overview org.webjars.npm:vega-functions is a Custom functions for the Vega expression language. Affected versions of this package are vulnerable to Cross-site Scripting XSS through the RegExp.prototype@@replace method. An attacker can execute arbitrary JavaScript code by manipulating the input to...

6.1CVSS5.5AI score0.00477EPSS
Exploits0References2
NVD
NVD
added 2025/03/27 2:15 p.m.16 views

CVE-2025-27793

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. In Vega prior to version 5.32.0, corresponding to vega-functions prior to version 5.17.0, users running Vega/Vega-lite JSON definitions could run unexpected JavaScript code...

5.3CVSS0.00477EPSS
Exploits0References4
NVD
NVD
added 2025/03/27 2:15 p.m.17 views

CVE-2025-26619

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. In vega 5.30.0 and lower and in vega-functions 5.15.0 and lower , it was possible to call JavaScript functions from the Vega expression language that were not meant to be...

6.1CVSS0.00324EPSS
Exploits1References4
OSV
OSV
added 2025/03/27 2:7 p.m.14 views

CVE-2025-27793 Vega vulnerable to Cross-site Scripting via RegExp.prototype[@@replace]

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. In Vega prior to version 5.32.0, corresponding to vega-functions prior to version 5.17.0, users running Vega/Vega-lite JSON definitions could run unexpected JavaScript code...

5.3CVSS6.5AI score0.00477EPSS
Exploits0References6
CVE
CVE
added 2025/03/27 2:7 p.m.61 views

CVE-2025-27793

Vega (visualization grammar) and the related Vega-lite JSON workflow are affected by CVE-2025-27793. In Vega versions prior to 5.32.0 (and vega-functions prior to 5.17.0), processing Vega/Vega-lite JSON could cause execution of unintended JavaScript unless the library is used with the vega-interp...

5.3CVSS7AI score0.00477EPSS
Exploits0References4
NVD
NVD
added 2025/03/27 4:15 a.m.9 views

CVE-2025-31165

Cross-Site Scripting XSS vulnerability in the Logbug module of NightWolf Penetration Testing Platform 1.2.2 allows attackers to execute JavaScript through the markdown editor feature...

6.9CVSS0.00332EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/27 4:0 a.m.2 views

CVE-2025-31165 Cross Site Scripting in NightWolf Penetration Platform

Cross-Site Scripting XSS vulnerability in the Logbug module of NightWolf Penetration Testing Platform 1.2.2 allows attackers to execute JavaScript through the markdown editor feature...

6.9CVSS5.6AI score0.00332EPSS
Exploits0References1
CVE
CVE
added 2025/03/27 4:0 a.m.51 views

CVE-2025-31165

CVE-2025-31165 is an XSS vulnerability in the Logbug module of NightWolf Penetration Testing Platform 1.2.2 , specifically through the markdown editor feature . The description states that attackers can execute JavaScript via this editor. The CVSS metrics included indicate a base score of 6.9 (Me...

6.9CVSS5.7AI score0.00332EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/27 4:0 a.m.15 views

CVE-2025-31165 Cross Site Scripting in NightWolf Penetration Platform

Cross-Site Scripting XSS vulnerability in the Logbug module of NightWolf Penetration Testing Platform 1.2.2 allows attackers to execute JavaScript through the markdown editor feature...

6.9CVSS0.00332EPSS
Exploits0References1
Rows per page
Query Builder