Lucene search
K

59098 matches found

Veracode
Veracode
added 2025/12/15 5:47 a.m.5 views

Cross-site Scripting (XSS)

Vuetify is vulnerable to Cross-site Scripting XSS. The vulnerability is due to unsanitized HTML being assigned to the innerHTML of the VDatePicker title via the title-date-format property, which allows an attacker to inject and execute arbitrary JavaScript in the victim’s browser...

6.3CVSS5.9AI score0.00163EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/15 12:0 a.m.4 views

PT-2025-51288

Name of the Vulnerable Software and Affected Versions Jorani version 1.0.3 Description The software contains a reflected cross-site scripting issue in the language parameter. An attacker can inject malicious scripts by crafting XSS payloads within this parameter, potentially enabling the executio...

5.1CVSS6.1AI score0.003EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/12/15 12:0 a.m.4 views

PT-2025-51309

Name of the Vulnerable Software and Affected Versions Blackcat CMS version 1.4 Description Blackcat CMS version 1.4 has a stored cross-site scripting issue. Authenticated users can inject malicious scripts into page content. Attackers can insert JavaScript payloads in the page modification...

5.4CVSS5.9AI score0.00205EPSS
Exploits1References6
Cvelist
Cvelist
added 2025/12/15 12:0 a.m.26 views

CVE-2025-65778

An issue was discovered in Wekan The Open Source kanban board system up to version 18.15, fixed in 18.16. Uploaded attachments can be served with attacker-controlled Content-Type text/html, allowing execution of attacker-supplied HTML/JS in the application's origin and enabling session/token thef...

0.00317EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/12/15 12:0 a.m.2 views

CVE-2025-65778

An issue was discovered in Wekan The Open Source kanban board system up to version 18.15, fixed in 18.16. Uploaded attachments can be served with attacker-controlled Content-Type text/html, allowing execution of attacker-supplied HTML/JS in the application's origin and enabling session/token thef...

6.7AI score0.00317EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/15 12:0 a.m.6 views

PT-2025-51298

Name of the Vulnerable Software and Affected Versions Lucee version 5.4.2.17 Description An authenticated attacker can inject malicious scripts through parameters in the administrative interface. This allows for the execution of arbitrary JavaScript in a victim’s browser session via crafted...

4.8CVSS5.9AI score0.00311EPSS
Exploits0References6
CNVD
CNVD
added 2025/12/15 12:0 a.m.3 views

Adobe Experience Manager Cross-Site Scripting Vulnerability

Adobe Experience Manager is enterprise-grade content management software CMS from Adobe for building, managing, and deploying digital experiences such as websites, mobile apps, digital assets, and forms. Adobe Experience Manager suffers from a cross-site scripting vulnerability that stems from a...

5.4CVSS5.8AI score0.00205EPSS
Exploits0References1
CNVD
CNVD
added 2025/12/15 12:0 a.m.2 views

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2026-0493967)

Adobe Experience Manager is enterprise-grade content management software CMS from Adobe for building, managing, and deploying digital experiences such as websites, mobile apps, digital assets, and forms. Adobe Experience Manager suffers from a cross-site scripting vulnerability that stems from a...

9.3CVSS5.8AI score0.00396EPSS
Exploits0References1
CNVD
CNVD
added 2025/12/15 12:0 a.m.3 views

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2026-0494065)

Adobe Experience Manager is enterprise-grade content management software CMS from Adobe for building, managing, and deploying digital experiences such as websites, mobile apps, digital assets, and forms. Adobe Experience Manager suffers from a cross-site scripting vulnerability that stems from a...

9.3CVSS5.8AI score0.00698EPSS
Exploits0References1
CNVD
CNVD
added 2025/12/15 12:0 a.m.4 views

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2026-00691)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

5.4CVSS6.2AI score0.00205EPSS
Exploits0References1
CNVD
CNVD
added 2025/12/15 12:0 a.m.4 views

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2026-00688)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

5.4CVSS6.2AI score0.0017EPSS
Exploits0References1
CNVD
CNVD
added 2025/12/15 12:0 a.m.6 views

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2026-00687)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

5.4CVSS6.2AI score0.0017EPSS
Exploits0References1
CNVD
CNVD
added 2025/12/15 12:0 a.m.3 views

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2026-00684)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

5.4CVSS6.2AI score0.0017EPSS
Exploits0References1
CNVD
CNVD
added 2025/12/15 12:0 a.m.2 views

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2026-00681)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

5.4CVSS6.2AI score0.00205EPSS
Exploits0References1
CNVD
CNVD
added 2025/12/15 12:0 a.m.3 views

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2026-00680)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

5.4CVSS6AI score0.00205EPSS
Exploits0References1
CNVD
CNVD
added 2025/12/15 12:0 a.m.2 views

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2026-00679)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

5.4CVSS6AI score0.00205EPSS
Exploits0References1
CNVD
CNVD
added 2025/12/15 12:0 a.m.4 views

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2026-00678)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

5.4CVSS6AI score0.00205EPSS
Exploits0References1
CVE
CVE
added 2025/12/15 12:0 a.m.13 views

CVE-2025-65778

CVE-2025-65778 affects Wekan (The Open Source Kanban Board) up to version 18.15; fixed in 18.16. Vulnerability arises when uploaded attachments are served with attacker-controlled Content-Type (text/html), permitting execution of attacker-supplied HTML/JS within the application's origin and enabl...

8.1CVSS6.7AI score0.00317EPSS
Exploits0References4Affected Software1
Packet Storm News
Packet Storm News
added 2025/12/15 12:0 a.m.6 views

From Obfuscated to Obvious: A Comprehensive JavaScript Deobfuscation Tool for Security Analysis

JavaScript's widespread adoption has made it an attractive target for malicious attackers who employ sophisticated obfuscation techniques to conceal harmful code. Current deobfuscation tools suffer from critical limitations that severely restrict their practical effectiveness. Existing tools...

7.4AI score
Exploits0
Positive Technologies
Positive Technologies
added 2025/12/15 12:0 a.m.5 views

PT-2025-51302

Name of the Vulnerable Software and Affected Versions Webedition CMS version 2.9.8.8 Description Webedition CMS version 2.9.8.8 contains a stored cross-site scripting issue. Authenticated users can upload malicious SVG files containing JavaScript through the media upload feature. When these craft...

5.4CVSS6.1AI score0.0023EPSS
Exploits1References7
Rows per page
Query Builder