Lucene search
K

59102 matches found

CNVD
CNVD
added 2025/12/15 12:0 a.m.4 views

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2026-00678)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

5.4CVSS6AI score0.00205EPSS
Exploits0References1
CVE
CVE
added 2025/12/15 12:0 a.m.13 views

CVE-2025-65778

CVE-2025-65778 affects Wekan (The Open Source Kanban Board) up to version 18.15; fixed in 18.16. Vulnerability arises when uploaded attachments are served with attacker-controlled Content-Type (text/html), permitting execution of attacker-supplied HTML/JS within the application's origin and enabl...

8.1CVSS6.7AI score0.00317EPSS
Exploits0References4Affected Software1
Packet Storm News
Packet Storm News
added 2025/12/15 12:0 a.m.6 views

From Obfuscated to Obvious: A Comprehensive JavaScript Deobfuscation Tool for Security Analysis

JavaScript's widespread adoption has made it an attractive target for malicious attackers who employ sophisticated obfuscation techniques to conceal harmful code. Current deobfuscation tools suffer from critical limitations that severely restrict their practical effectiveness. Existing tools...

7.4AI score
Exploits0
Positive Technologies
Positive Technologies
added 2025/12/15 12:0 a.m.5 views

PT-2025-51302

Name of the Vulnerable Software and Affected Versions Webedition CMS version 2.9.8.8 Description Webedition CMS version 2.9.8.8 contains a stored cross-site scripting issue. Authenticated users can upload malicious SVG files containing JavaScript through the media upload feature. When these craft...

5.4CVSS6.1AI score0.0023EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2025/12/15 12:0 a.m.4 views

CVE-2025-66843

grav before v1.7.49.5 has a Stored Cross-Site Scripting Stored XSS vulnerability in the page editing functionality. An authenticated low-privileged user with permission to edit content can inject malicious JavaScript payloads into editable fields. The payload is stored on the server and later...

5.2AI score0.00136EPSS
Exploits1References1
CNVD
CNVD
added 2025/12/15 12:0 a.m.3 views

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2026-00682)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

5.4CVSS6.2AI score0.00167EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/13 8:41 p.m.8 views

CVE-2025-67750

Lightning Flow Scanner provides a A CLI plugin, VS Code Extension and GitHub Action for analysis and optimization of Salesforce Flows. Versions 6.10.5 and below allow a maliciously crafted flow metadata file to cause arbitrary JavaScript execution during scanning. The APIVersion rule uses new...

8.4CVSS7.1AI score0.00166EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/13 8:2 p.m.5 views

CVE-2025-66453

Rhino is an open-source implementation of JavaScript written entirely in Java. Prior to 1.8.1, 1.7.15.1, and 1.7.14.1, when an application passed an attacker controlled float poing number into the toFixed function, it might lead to high CPU consumption and a potential Denial of Service. Small...

6.9CVSS6.7AI score0.00231EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/13 8:16 a.m.27 views

CVE-2025-36748 Stored Cross-Site Scripting (XSS) vulnerability in Growatt ShineLan-X

ShineLan-X contains a stored cross site scripting XSS vulnerability in the local configuration web server. The JavaScript code snippet can be inserted in the communication module’s settings center. This may allow attackers to force a legitimate user’s browser’s JavaScript engine to run malicious...

8.4CVSS0.00132EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/13 8:7 a.m.5 views

CVE-2025-67731

Servify Express is a Node.js package to start an Express server and log the port it's running on. Prior to 1.2, the Express server used express.json without a size limit, which could allow attackers to send extremely large request bodies. This can cause excessive memory usage, degraded performanc...

8.7CVSS6.7AI score0.00346EPSS
Exploits0References1
Veracode
Veracode
added 2025/12/13 7:54 a.m.10 views

Cross-site Scripting (XSS)

prosemirrortohtml is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper escaping of HTML attribute values, which allows an attacker to inject and execute arbitrary JavaScript code through crafted input...

7.6CVSS6.1AI score0.00192EPSS
Exploits0References4Affected Software1
Veracode
Veracode
added 2025/12/13 7:39 a.m.8 views

Code Injection

Open WebUI is vulnerable to a code injection vulnerability. The vulnerability is due to improper handling of Server-Sent Event SSE execute events in the Direct Connections feature, which allows an attacker controlling a malicious external model server to inject and execute arbitrary JavaScript in...

8CVSS6.3AI score0.07767EPSS
Exploits1References3Affected Software2
Veracode
Veracode
added 2025/12/13 6:46 a.m.8 views

Self Cross-Site Scripting (Self-XSS)

privatebin/privatebin is vulnerable to self cross-site scripting Self-XSS. The vulnerability is due to improper handling and reflection of HTML content in filenames via the drag-and-drop helper, which allows an attacker to trick a macOS or Linux user into attaching a maliciously crafted file and...

5.4CVSS5.8AI score0.00107EPSS
Exploits1References3Affected Software1
Veracode
Veracode
added 2025/12/13 5:25 a.m.7 views

Stored Cross-Site Scripting (XSS)

Jenkins AnchorChain Plugin is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper validation of URL schemes when generating links from workspace content, allowing attackers to inject javascript: URLs that execute malicious scripts in the Jenkins user interface...

6.5CVSS5.9AI score0.00274EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2025/12/13 5:15 a.m.5 views

Reflected Cross-site Scripting (XSS)

com.liferay.portal, com.liferay.portal.impl are vulnerable to reflected cross-site scripting XSS. The vulnerability is due to improper input validation in the googlegadget component, which allows a remote unauthenticated attacker to inject and execute malicious JavaScript in a victim’s browser...

6.9CVSS6.6AI score0.00224EPSS
Exploits0References6Affected Software1
Veracode
Veracode
added 2025/12/13 5:7 a.m.6 views

Cross-site Scripting (XSS)

Jenkins Coverage Plugin is vulnerable to a stored Cross-Site Scripting. The vulnerability is caused by missing validation of the coverage results ID when configured via the REST API, allowing attackers with Item/Configure permission to inject a javascript: URL that executes in users’ browsers...

8CVSS5.9AI score0.00257EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/13 3:59 a.m.6 views

CVE-2025-13866

The Flow-Flow Social Feed Stream plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the flowflowsocialauth AJAX action in versions 3.0.0 to 4.7.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, ...

6.4CVSS5.6AI score0.00209EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/13 12:0 a.m.7 views

PT-2025-51099

ShineLan-X contains a stored cross site scripting XSS vulnerability in the Plant Name field. A HTML payload will be displayed on the plant management page via a direct post. This may allow attackers to force a legitimate user’s browser’s JavaScript engine to run malicious code...

8.5CVSS5.6AI score0.00136EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/12 10:17 p.m.4 views

CVE-2024-58304

SPA-CART CMS 1.9.0.3 contains a stored cross-site scripting vulnerability in the product description parameter that allows authenticated administrators to inject malicious scripts. Attackers can submit JavaScript payloads through the 'descr' parameter in the product edit form to execute arbitrary...

7.5CVSS6.6AI score0.00415EPSS
Exploits0References1
NVD
NVD
added 2025/12/12 9:15 p.m.3 views

CVE-2025-67750

Lightning Flow Scanner provides a A CLI plugin, VS Code Extension and GitHub Action for analysis and optimization of Salesforce Flows. Versions 6.10.5 and below allow a maliciously crafted flow metadata file to cause arbitrary JavaScript execution during scanning. The APIVersion rule uses new...

8.4CVSS0.00166EPSS
Exploits0References3
Rows per page
Query Builder