Lucene search
K

59143 matches found

OSV
OSV
added 2025/12/02 4:15 p.m.4 views

UBUNTU-CVE-2025-65187

A Stored Cross Site Scripting vulnerability exists in CiviCRM before v6.7 in the Accounting Batches field. An authenticated user can inject malicious JavaScript into this field and it executes whenever the page is viewed...

6.1CVSS5.8AI score0.00191EPSS
Exploits1References4
Veracode
Veracode
added 2025/12/02 10:21 a.m.7 views

Prototype Pollution

happy-dom is vulnerable to Prototype Pollution. The vulnerability is due to untrusted JavaScript running in the same isolate as the main application despite the --disallow-code-generation-from-strings flag, which allows an attacker to deploy prototype-pollution payloads to hijack critical...

9.4CVSS7AI score0.00318EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2025/12/02 10:16 a.m.9 views

CVE-2025-13873

Stored Cross-Site Scripting XSS in the survey-import feature of ObjectPlanet Opinio 7.26 rev12562 on web application allows an attacker to inject arbitrary JavaScript code, which executes in the browsing context of any visitor accessing the compromised survey...

5.4CVSS0.0017EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/02 9:56 a.m.4 views

EUVD-2025-200215

Stored Cross-Site Scripting XSS in the survey-import feature of ObjectPlanet Opinio 7.26 rev12562 on web application allows an attacker to inject arbitrary JavaScript code, which executes in the browsing context of any visitor accessing the compromised survey...

4.8CVSS5.1AI score0.0017EPSS
Exploits0References2
CVE
CVE
added 2025/12/02 9:56 a.m.11 views

CVE-2025-13873

ObjectPlanet Opinio 7.26 rev12562 is affected by a stored Cross-Site Scripting (XSS) in the survey-import feature. The vulnerability arises from the import path, allowing an attacker to inject JavaScript that executes in the browsing context of visitors accessing the compromised survey. No exploi...

5.4CVSS5.2AI score0.0017EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/02 7:22 a.m.4 views

CVE-2025-65944

Sentry-Javascript is an official Sentry SDKs for JavaScript. From version 10.11.0 to before 10.27.0, when a Node.js application using the Sentry SDK has sendDefaultPii: true it is possible to inadvertently send certain sensitive HTTP headers, including the Cookie header, to Sentry. Those headers...

5CVSS6.5AI score0.00298EPSS
Exploits0References1
Snyk
Snyk
added 2025/12/02 1:20 a.m.9 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via incomplete sanitization of certain SVG and MathML attributes, including xlink:href, math|href, as well as the attributeName attribute of SVG animation elements when it is bound to href or xlink:href. An...

8.7CVSS5.3AI score0.00377EPSS
Exploits1References2
OSV
OSV
added 2025/12/02 1:20 a.m.11 views

GHSA-V4HV-RGFQ-GP49 Angular Stored XSS Vulnerability via SVG Animation, SVG URL and MathML Attributes

A Stored Cross-Site Scripting XSS vulnerability has been identified in the Angular Template Compiler. It occurs because the compiler's internal security schema is incomplete, allowing attackers to bypass Angular's built-in security sanitization. Specifically, the schema fails to classify certain...

8.5CVSS7AI score0.00377EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2025/12/02 12:19 a.m.11 views

CVE-2025-63534

A cross-site scripting XSS vulnerability exists in the Blood Bank Management System 1.0 within the login.php component. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious JavaScript payloads into the msg and...

8.5CVSS5.8AI score0.00186EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/02 12:0 a.m.4 views

PT-2025-48755

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 143.0.7499.41 Description A type confusion issue exists in the V8 JavaScript engine used in Google Chrome. This flaw could allow a remote attacker to potentially exploit heap corruption through a specially craft...

10CVSS6.7AI score0.00386EPSS
Exploits0References19
Redos
Redos
added 2025/12/02 12:0 a.m.4 views

ROS-20251202-04

A vulnerability in the V8 JavaScript script handler of Google Chrome browser is related to reading outside the boundaries of the buffer. Exploitation of the vulnerability could allow an attacker acting remotely to impact the availability of protected information Vulnerability in the WebApp Instal...

4.3CVSS6.4AI score0.00174EPSS
Exploits1
CNNVD
CNNVD
added 2025/12/02 12:0 a.m.2 views

IDI Eikon Governalia 跨站脚本漏洞

IDI Eikon Governalia is an e-government and smart city software platform from the Spanish company IDI Eikon. A cross-site scripting vulnerability exists in IDI Eikon Governalia, which stems from reflective cross-site scripting and could lead to the execution of malicious JavaScript code...

6.1CVSS6.2AI score0.00161EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/02 12:0 a.m.4 views

PT-2025-48660

Name of the Vulnerable Software and Affected Versions ObjectPlanet Opinio versions 7.26 rev12562 Description A stored Cross-Site Scripting XSS issue exists in the survey-import feature of the web application. This allows an attacker to inject arbitrary JavaScript code that will execute within the...

5.4CVSS5.8AI score0.0017EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/12/02 12:0 a.m.4 views

ObjectPlanet Opinio 安全漏洞

ObjectPlanet Opinio is an online survey system from ObjectPlanet Norway. A security vulnerability exists in ObjectPlanet Opinio version 7.26 rev12562, which stems from the presence of stored cross-site scripting in the survey import function, which could allow an attacker to inject arbitrary...

5.4CVSS6AI score0.0017EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/02 12:0 a.m.4 views

PT-2025-48767

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 143.0.7499.41 Description A race condition existed in the v8 engine within Google Chrome. This could potentially allow a remote attacker to exploit heap corruption through a specially crafted HTML page. The...

7.6CVSS6.5AI score0.00187EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2025/12/02 12:0 a.m.4 views

PT-2025-48708

DeepSeek V3.2 has a Cross Site Scripting XSS vulnerability, which allows JavaScript execution through model-generated SVG content...

6.3AI score0.00218EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/12/02 12:0 a.m.6 views

CVE-2025-63872

DeepSeek V3.2 has a Cross Site Scripting XSS vulnerability, which allows JavaScript execution through model-generated SVG content...

0.00218EPSS
Exploits1References1
CVE
CVE
added 2025/12/02 12:0 a.m.10 views

CVE-2025-63872

DeepSeek V3.2 is affected by an XSS vulnerability that allows JavaScript execution through model-generated SVG content. The CVE-2025-63872 entry notes a network-based vulnerability with low exploit complexity and requiring user interaction , resulting in a Medium (6.1) base score per CVSS 3.1. Mu...

6.1CVSS6AI score0.00218EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/02 12:0 a.m.7 views

PT-2025-48754

Name of the Vulnerable Software and Affected Versions Aimeos GrapesJS CMS extension versions prior to 2021.10.8 Aimeos GrapesJS CMS extension versions prior to 2022.10.8 Aimeos GrapesJS CMS extension versions prior to 2023.10.8 Aimeos GrapesJS CMS extension versions prior to 2024.10.8 Aimeos...

7.6CVSS6AI score0.00238EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2025/12/02 12:0 a.m.3 views

CVE-2025-65187

A Stored Cross Site Scripting vulnerability exists in CiviCRM before v6.7 in the Accounting Batches field. An authenticated user can inject malicious JavaScript into this field and it executes whenever the page is viewed...

5.7AI score0.00191EPSS
Exploits1References2
Rows per page
Query Builder