Lucene search
K

59129 matches found

Positive Technologies
Positive Technologies
added 2025/12/05 12:0 a.m.5 views

PT-2025-49303

TUUI is a desktop MCP client designed as a tool unitary utility integration. Prior to 1.3.4, a critical Remote Code Execution RCE vulnerability exists in Tuui due to an unsafe Cross-Site Scripting XSS flaw in the Markdown rendering component. Tuui allows the execution of arbitrary JavaScript with...

8.9CVSS7.2AI score0.00429EPSS
Exploits0References4
NVD
NVD
added 2025/12/04 11:15 p.m.8 views

CVE-2025-66561

SysReptor is a fully customizable pentest reporting platform. Prior to 2025.102, there is a Stored Cross-Site Scripting XSS vulnerability allows authenticated users to execute malicious JavaScript in the context of other logged-in users by uploading malicious JavaScript files in the web UI. This...

7.3CVSS0.00157EPSS
Exploits0References1
NVD
NVD
added 2025/12/04 11:15 p.m.8 views

CVE-2025-66563

Monkeytype is a minimalistic and customizable typing test. In 25.49.0 and earlier, there is improper handling of user input which allows an attacker to execute malicious javascript on anyone viewing a malicious quote submission. quote.text and quote.source are user input, and they're inserted...

7.1CVSS0.00196EPSS
Exploits1References2
CVE
CVE
added 2025/12/04 10:34 p.m.13 views

CVE-2025-66563

Monkeytype (versions prior to 25.49.0) is affected by a stored XSS due to improper handling of user input in quote.text and quote.source, which are inserted into the DOM and rendered if HTML tags are present. The vulnerability can allow an attacker to execute JavaScript for users viewing a malici...

7.1CVSS6.5AI score0.00196EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2025/12/04 10:34 p.m.20 views

CVE-2025-66563 Monkeytype vulnerable to stored XSS in approve quotes page

Monkeytype is a minimalistic and customizable typing test. In 25.49.0 and earlier, there is improper handling of user input which allows an attacker to execute malicious javascript on anyone viewing a malicious quote submission. quote.text and quote.source are user input, and they're inserted...

7.1CVSS0.00196EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/12/04 10:27 p.m.3 views

CVE-2025-66561 SysReptor Vulnerable to an Authenticated Stored Cross-Site Scripting (XSS)

SysReptor is a fully customizable pentest reporting platform. Prior to 2025.102, there is a Stored Cross-Site Scripting XSS vulnerability allows authenticated users to execute malicious JavaScript in the context of other logged-in users by uploading malicious JavaScript files in the web UI. This...

7.3CVSS5.1AI score0.00157EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/04 10:27 p.m.22 views

CVE-2025-66561 SysReptor Vulnerable to an Authenticated Stored Cross-Site Scripting (XSS)

SysReptor is a fully customizable pentest reporting platform. Prior to 2025.102, there is a Stored Cross-Site Scripting XSS vulnerability allows authenticated users to execute malicious JavaScript in the context of other logged-in users by uploading malicious JavaScript files in the web UI. This...

7.3CVSS0.00157EPSS
Exploits0References1
CVE
CVE
added 2025/12/04 10:27 p.m.14 views

CVE-2025-66561

CVE-2025-66561 affects SysReptor (Syslifters) prior to version 2025.102, exposing an authenticated Stored Cross-Site Scripting (XSS) vulnerability. An attacker can upload malicious JavaScript in the web UI, and execute it in the context of other logged-in users. The issue is fixed in 2025.102. Ex...

7.3CVSS5.1AI score0.00157EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2025/12/04 10:27 p.m.9 views

CVE-2025-66561 SysReptor Vulnerable to an Authenticated Stored Cross-Site Scripting (XSS)

SysReptor is a fully customizable pentest reporting platform. Prior to 2025.102, there is a Stored Cross-Site Scripting XSS vulnerability allows authenticated users to execute malicious JavaScript in the context of other logged-in users by uploading malicious JavaScript files in the web UI. This...

7.3CVSS5.3AI score0.00157EPSS
Exploits0References3
EUVD
EUVD
added 2025/12/04 9:31 p.m.3 views

EUVD-2025-201270

WEBIGniter 28.7.23 contains a cross-site scripting vulnerability in the user creation process that allows unauthenticated attackers to execute malicious JavaScript code, enabling potential XSS attacks...

5.3CVSS5.5AI score0.00347EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/12/04 8:40 p.m.0 views

CVE-2023-53735 WEBIGniter 28.7.23 Cross-Site Scripting (XSS) in User Creation Process

WEBIGniter 28.7.23 contains a cross-site scripting vulnerability in the user creation process that allows unauthenticated attackers to execute malicious JavaScript code, enabling potential XSS attacks...

5.3CVSS5.6AI score0.00347EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/12/04 8:40 p.m.23 views

CVE-2023-53735 WEBIGniter 28.7.23 Cross-Site Scripting (XSS) in User Creation Process

WEBIGniter 28.7.23 contains a cross-site scripting vulnerability in the user creation process that allows unauthenticated attackers to execute malicious JavaScript code, enabling potential XSS attacks...

5.3CVSS0.00347EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/12/04 7:22 p.m.6 views

CVE-2025-66468

The Aimeos GrapesJS CMS extension provides page editor for creating content pages based on extensible components. Prior to 2021.10.8, 2022.10.8, 2023.10.8, 2024.10.8, and 2025.10.8, Javascript code can be injected by malicious editors for a stored XSS attack if the standard Content Security Polic...

7.6CVSS6.3AI score0.00238EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/04 5:16 p.m.13 views

CVE-2025-20385

In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.6, 10.0.2503.7, and 9.3.2411.117, a user who holds a role with a high privilege capability adminallobjects could craft a malicious payload through the href attribute of an anch...

4.8CVSS6.9AI score0.00232EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2025/12/04 1:7 p.m.178 views

Exploit for CVE-2025-55182

CVE-2025-55182 some notes template: py !/usr/bin/env py...

10CVSS6.8AI score0.99562EPSS
Exploits372
Veracode
Veracode
added 2025/12/04 5:58 a.m.6 views

Cross-site Scripting

webreinvent/vaahcms is vulnerable to Cross-Site Scripting. The vulnerability is due to improper sanitization in the storeAvatar upload method of UserBase.php, where crafted input can be stored and later executed in a user’s browser, allowing a remote attacker to run arbitrary JavaScript code...

6.1CVSS7.1AI score0.00273EPSS
Exploits2References4Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/04 12:0 a.m.4 views

PT-2025-49130

WEBIGniter 28.7.23 contains a cross-site scripting vulnerability in the user creation process that allows unauthenticated attackers to execute malicious JavaScript code, enabling potential XSS attacks...

5.3CVSS6AI score0.00347EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/12/04 12:0 a.m.4 views

PT-2025-49098

A stored cross-site scripting XSS vulnerability was discovered in Seafile Community Edition prior to version 13.0.12. When Seafile is configured with the Golang file server, an attacker can upload a crafted SVG file containing malicious JavaScript and share it using a public link. Opening the lin...

5.9AI score0.00186EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/12/04 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2025-66453

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rhino is an open-source implementation of JavaScript written entirely in Java. Prior to 1.8.1, 1.7.15.1, and 1.7.14.1, when an application passed an attacker...

7.5CVSS7.2AI score0.00231EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/12/04 12:0 a.m.3 views

Seafile Community Edition 安全漏洞

Seafile Community Edition is a document collaboration platform from China's Haiwen Huzhi Seafile Company. A security vulnerability exists in Seafile Community Edition versions prior to 13.0.12, which stems from a stored cross-site scripting attack that could lead to malicious JavaScript execution...

6.1CVSS5.9AI score0.00186EPSS
Exploits0References2
Rows per page
Query Builder