Lucene search
K

5968 matches found

Cvelist
Cvelist
added 2025/03/20 10:8 a.m.10 views

CVE-2024-12374 Stored XSS in automatic1111/stable-diffusion-webui

A stored cross-site scripting XSS vulnerability exists in automatic1111/stable-diffusion-webui version git 82a973c. An attacker can upload an HTML file, which the application interprets as content-type application/html. If a victim accesses the malicious link, it will execute arbitrary JavaScript...

6.1CVSS0.00394EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/03/20 12:0 a.m.3 views

LLaVA 跨站请求伪造漏洞

LLaVA is an application by the individual developer Haotian Liu. A cross-site request forgery vulnerability exists in LLaVA v1.2.0, which stems from cross-site request forgery and could allow an attacker to upload malicious files and execute arbitrary JavaScript code...

6.1CVSS6.7AI score0.00199EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/03/20 12:0 a.m.7 views

CVE-2024-48591

Inflectra SpiraTeam 7.2.00 is vulnerable to Cross Site Scripting XSS. A specially crafted SVG file can be uploaded that will render and execute JavaScript upon direct viewing...

6.4AI score0.00418EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/03/20 12:0 a.m.4 views

PrivateGPT 跨站脚本漏洞

PrivateGPT is an AI project open-sourced by Zylon. A cross-site scripting vulnerability exists in PrivateGPT version v0.5.0, which stems from cross-site scripting during file uploads, which allows an attacker to upload a malicious SVG file and execute JavaScript when the victim clicks on the file...

6.1CVSS4.8AI score0.00329EPSS
Exploits1References1
CVE
CVE
added 2025/03/19 12:0 a.m.47 views

CVE-2024-55009

CVE-2024-55009 refers to a reflected XSS in AutoBib - Bibliographic collection management system (versions 3.1.140 and earlier). The vulnerability allows an attacker to cause arbitrary JavaScript execution in a victim’s browser by injecting a crafted payload into the WCE=topFrame&WCU= parameter. ...

6.1CVSS5.8AI score0.00396EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2025/03/19 12:0 a.m.25 views

CVE-2024-55009

A reflected cross-site scripting XSS vulnerability in AutoBib - Bibliographic collection management system 3.1.140 and earlier allows attackers to execute arbitrary Javascript in the context of a victim's browser via injecting a crafted payload into the WCE=topFrame&WCU= parameter...

0.00396EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/03/15 8:16 a.m.14 views

CVE-2025-25363

An authenticated stored cross-site scripting XSS vulnerability in The Plugin People Enterprise Mail Handler for Jira Data Center JEMH before v4.1.69-dc allows attackers with Administrator privileges to execute arbitrary Javascript in context of a user's browser via injecting a crafted payload int...

6.5CVSS5.4AI score0.00207EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/03/15 8:12 a.m.17 views

CVE-2025-28010

A cross-site scripting XSS vulnerability has been identified in MODX prior to 3.1.0. The vulnerability allows authenticated users to upload SVG files containing malicious JavaScript code as profile images, which gets executed in victims' browsers when viewing the profile image...

5.4CVSS5.5AI score0.00234EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/03/15 7:5 a.m.11 views

CVE-2025-27914

An issue was discovered in Zimbra Collaboration ZCS 9.0 and 10.0 and 10.1. A Reflected Cross-Site Scripting XSS vulnerability exists in the /h/rest endpoint, allowing authenticated attackers to inject and execute arbitrary JavaScript in a victim's session. Exploitation requires a valid auth token...

5.4CVSS5.1AI score0.00256EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/03/14 12:0 a.m.2 views

GLPI Inventory Plugin 跨站脚本漏洞

GLPI Inventory Plugin is an open source plugin for GLPI France. It is used to handle various types of tasks for GLPI agents. A cross-site scripting vulnerability exists in GLPI Inventory Plugin versions prior to 1.5.0, which stems from reflective cross-site scripting and could lead to the executi...

6.5CVSS6.2AI score0.00316EPSS
Exploits0References4
NVD
NVD
added 2025/03/13 6:15 p.m.14 views

CVE-2025-25363

An authenticated stored cross-site scripting XSS vulnerability in The Plugin People Enterprise Mail Handler for Jira Data Center JEMH before v4.1.69-dc allows attackers with Administrator privileges to execute arbitrary Javascript in context of a user's browser via injecting a crafted payload int...

6.5CVSS0.00207EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2025/03/13 6:57 a.m.6 views

firefox: Unexpected GC during RegExp bailout processing

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: It was possible to interrupt the processing of a RegExp bailout and run additional JavaScript, potentially triggering garbage collection when the engine was not expecting it...

6.5CVSS7.3AI score0.00433EPSS
Exploits0References7
CNNVD
CNNVD
added 2025/03/13 12:0 a.m.1 views

MODX Revolution 安全漏洞

MODX Revolution is an open source PHP-based content management system CMS from MODX USA. The system supports online collaboration, search engine optimization SEO and more. A security vulnerability exists in MODX Revolution versions prior to 3.1.0, which originates from the fact that an...

5.4CVSS6.5AI score0.00234EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2025/03/12 12:0 a.m.20 views

The vulnerability of the pdf.js library on the MFlash secure data exchange platform, related to the lack of protective measures for website structures, allows attackers to execute arbitrary JavaScript code.

The vulnerability of the pdf.js library on the MFlash secure data exchange platform is related to the lack of protective measures for the web page structure. Exploiting this vulnerability could allow an attacker to execute arbitrary JavaScript code remotely...

9CVSS5.9AI score
Exploits0Affected Software1
CVE
CVE
added 2025/03/12 12:0 a.m.148 views

CVE-2025-27915

The CVE-2025-27915 issue affects Zimbra Collaboration (ZCS) Classic Web Client, where insufficient sanitization of HTML in ICS files enables stored XSS when viewing an email with a crafted ICS entry. The underlying flaw allows embedded JavaScript to execute via an ontoggle event inside a tag, en...

5.4CVSS5.2AI score0.04241EPSS
In wildExploits1References6Affected Software1
Cvelist
Cvelist
added 2025/03/12 12:0 a.m.17 views

CVE-2025-27915

An issue was discovered in Zimbra Collaboration ZCS 9.0 and 10.0 and 10.1. A stored cross-site scripting XSS vulnerability exists in the Classic Web Client due to insufficient sanitization of HTML content in ICS files. When a user views an e-mail message containing a malicious ICS entry, its...

0.04241EPSS
Exploits1References4
NVD
NVD
added 2025/03/11 8:15 p.m.15 views

CVE-2025-25929

A reflected cross-site scripting XSS vulnerability in the component /legacyui/quickReportServlet of Openmrs 2.4.3 Build 0ff0ed allows attackers to execute arbitrary JavaScript in the context of a user's browser via a crafted payload injected into the reportType parameter...

5.4CVSS0.00298EPSS
Exploits1References1
OSV
OSV
added 2025/03/11 8:15 p.m.4 views

CVE-2025-25929

A reflected cross-site scripting XSS vulnerability in the component /legacyui/quickReportServlet of Openmrs 2.4.3 Build 0ff0ed allows attackers to execute arbitrary JavaScript in the context of a user's browser via a crafted payload injected into the reportType parameter...

5.4CVSS5.5AI score0.00298EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/03/11 12:0 a.m.13 views

CVE-2025-25929

A reflected cross-site scripting XSS vulnerability in the component /legacyui/quickReportServlet of Openmrs 2.4.3 Build 0ff0ed allows attackers to execute arbitrary JavaScript in the context of a user's browser via a crafted payload injected into the reportType parameter...

0.00298EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/03/11 12:0 a.m.7 views

CVE-2025-25929

A reflected cross-site scripting XSS vulnerability in the component /legacyui/quickReportServlet of Openmrs 2.4.3 Build 0ff0ed allows attackers to execute arbitrary JavaScript in the context of a user's browser via a crafted payload injected into the reportType parameter...

6AI score0.00298EPSS
Exploits1References1
Rows per page
Query Builder