Lucene search
K

5968 matches found

Veracode
Veracode
added 2025/03/27 2:47 a.m.9 views

Cross-site Scripting (XSS)

AgentScope is vulnerable to Cross-site scripting XSS. The vulnerability is due to improper handling of user input, where the run ID is rendered as HTML without proper sanitization, allowing an attacker to execute arbitrary JavaScript in the user's browser...

6.1CVSS7AI score0.00389EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2025/03/27 12:0 a.m.2 views

NightWolf Penetration Testing Platform 跨站脚本漏洞

NightWolf Penetration Testing Platform is an open source cybersecurity testing tool from NightWolf designed for red teams and penetration testers for vulnerability exploitation, elevation of privilege and lateral movement testing. A security vulnerability exists in NightWolf Penetration Testing...

6.9CVSS7.4AI score0.00332EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/03/27 12:0 a.m.3 views

Vega 安全漏洞

Vega is a Javscript-based software from the Vega team that can be used to create interactive visual displays. The software can describe data visualizations using JSON format and generate interactive views using HTML5 Canvas or SVG. A security vulnerability exists in Vega versions prior to 5.32.0...

5.3CVSS6.3AI score0.00477EPSS
Exploits0References2
OSV
OSV
added 2025/03/26 4:15 p.m.1 views

UBUNTU-CVE-2025-27405

Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. A vulnerability in versions prior to 2.11.5 and 2.12.13 allows an attacker to craft a URL that, once visited by any user, allows to embed arbitrary Javascript into Icinga Web and to act on behalf of tha...

7.6CVSS5.9AI score0.00306EPSS
Exploits0References4
OSV
OSV
added 2025/03/25 11:15 p.m.12 views

AZL-59276 CVE-2025-30219 affecting package rabbitmq-server for versions less than 3.11.24-3

RabbitMQ is a messaging and streaming broker. Versions prior to 4.0.3 are vulnerable to a sophisticated attack that could modify virtual host name on disk and then make it unrecoverable with other on disk file modifications can lead to arbitrary JavaScript code execution in the browsers of...

6.1CVSS6.3AI score0.00203EPSS
Exploits0References1
CVE
CVE
added 2025/03/25 10:55 p.m.175 views

CVE-2025-30219

CVE-2025-30219 describes an XSS in RabbitMQ management UI where an unescaped virtual host name in an error message could allow script execution. Public advisories show patches for Open Source RabbitMQ 4.0.3 and Tanzu RabbitMQ 4.0.3, and 3.13.8. OpenSUSE/SUSE advisories (SUSE-SU-2025:01466-1; SUSE...

6.1CVSS6.7AI score0.00203EPSS
Exploits0References1
OSV
OSV
added 2025/03/25 10:55 p.m.11 views

CVE-2025-30219 RabbitMQ has XSS Vulnerability in an Error Message in Management UI

RabbitMQ is a messaging and streaming broker. Versions prior to 4.0.3 are vulnerable to a sophisticated attack that could modify virtual host name on disk and then make it unrecoverable with other on disk file modifications can lead to arbitrary JavaScript code execution in the browsers of...

6.1CVSS6.2AI score0.00203EPSS
Exploits0References3
NVD
NVD
added 2025/03/24 3:15 p.m.17 views

CVE-2024-55279

Uguu through 1.8.9 allows Cross Site Scripting XSS via JavaScript in XML files...

6CVSS0.00263EPSS
Exploits1References2
Hacker One
Hacker One
added 2025/03/23 2:27 p.m.7 views

U.S. Dept Of Defense: XSS on ███

A reflected Cross-Site Scripting XSS vulnerability was discovered on the search functionality of the affected system. The vulnerability was triggered by entering a crafted input in the search field. The impact of this vulnerability was the potential execution of arbitrary JavaScript code in the...

6.1AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/03/22 1:22 p.m.10 views

CVE-2024-7044

A Stored Cross-Site Scripting XSS vulnerability exists in the chat file upload functionality of open-webui/open-webui version 0.3.8. An attacker can inject malicious content into a file, which, when accessed by a victim through a URL or shared chat, executes JavaScript in the victim's browser. Th...

8.9CVSS5.8AI score0.00477EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/03/22 12:44 p.m.10 views

CVE-2024-8400

A stored cross-site scripting XSS vulnerability exists in the latest version of gaizhenbiao/chuanhuchatgpt. The vulnerability allows an attacker to upload a malicious HTML file containing JavaScript code, which is then executed when the file is accessed. This can lead to the execution of arbitrar...

5.4CVSS5.5AI score0.00378EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/03/22 12:44 p.m.29 views

CVE-2024-8556

A stored cross-site scripting XSS vulnerability exists in modelscope/agentscope, as of the latest commit 21161fe on the main branch. The vulnerability occurs in the view for inspecting detailed run information, where a user-controllable string run ID is appended and rendered as HTML. This allows ...

6.1CVSS5.6AI score0.00389EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/03/22 11:33 a.m.10 views

CVE-2024-4023

A stored cross-site scripting XSS vulnerability exists in flatpressblog/flatpress version 1.3. When a user uploads a file with a .xsig extension and directly accesses this file, the server responds with a Content-type of application/octet-stream, leading to the file being processed as an HTML fil...

8.1CVSS5.6AI score0.00746EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/03/22 11:16 a.m.9 views

CVE-2024-8101

A stored cross-site scripting XSS vulnerability exists in the Text Explorer component of aimhubio/aim version 3.23.0. The vulnerability arises due to the use of dangerouslySetInnerHTML without proper sanitization, allowing arbitrary JavaScript execution when rendering tracked texts. This can be...

7.2CVSS5.5AI score0.00401EPSS
Exploits1References1
OSV
OSV
added 2025/03/20 3:15 p.m.3 views

CVE-2024-48591

Inflectra SpiraTeam 7.2.00 is vulnerable to Cross Site Scripting XSS. A specially crafted SVG file can be uploaded that will render and execute JavaScript upon direct viewing...

6.1CVSS5.8AI score0.00418EPSS
Exploits0References1
Snyk
Snyk
added 2025/03/20 12:32 p.m.3 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the search functionality. An attacker can execute arbitrary JavaScript code by injecting malicious scripts into user inputs. This can lead to unauthorized actions such as stealing session cookies, redirectin...

6.1CVSS5.5AI score0.00491EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2025/03/20 12:32 p.m.11 views

AgentScope stored cross-site scripting (XSS) vulnerability

A stored cross-site scripting XSS vulnerability exists in modelscope/agentscope, as of the latest commit 21161fe on the main branch. The vulnerability occurs in the view for inspecting detailed run information, where a user-controllable string run ID is appended and rendered as HTML. This allows ...

6.1CVSS5.6AI score0.00389EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2025/03/20 10:15 a.m.4 views

CVE-2024-9311

A Cross-Site Request Forgery CSRF vulnerability in haotian-liu/llava v1.2.0 LLaVA-1.6 allows an attacker to upload files with malicious content without authentication or user interaction. The uploaded file is stored in a predictable path, enabling the attacker to execute arbitrary JavaScript code...

6.1CVSS6AI score0.00199EPSS
Exploits1References1
NVD
NVD
added 2025/03/20 10:15 a.m.17 views

CVE-2024-8556

A stored cross-site scripting XSS vulnerability exists in modelscope/agentscope, as of the latest commit 21161fe on the main branch. The vulnerability occurs in the view for inspecting detailed run information, where a user-controllable string run ID is appended and rendered as HTML. This allows ...

6.1CVSS0.00389EPSS
Exploits1References1
OSV
OSV
added 2025/03/20 10:15 a.m.4 views

CVE-2024-8556

A stored cross-site scripting XSS vulnerability exists in modelscope/agentscope, as of the latest commit 21161fe on the main branch. The vulnerability occurs in the view for inspecting detailed run information, where a user-controllable string run ID is appended and rendered as HTML. This allows ...

6.1CVSS6AI score
Exploits0References1
Rows per page
Query Builder