Lucene search
K

59098 matches found

OSV
OSV
added 2025/12/17 11:15 p.m.4 views

CVE-2023-53910

WBCE CMS 1.6.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by inserting script tags into page content through the WYSIWYG editor. Attackers can submit POST requests to /wbce/modules/wysiwyg/save.php with malicious script...

5.4CVSS6AI score
Exploits0References3
OSV
OSV
added 2025/12/17 11:15 p.m.6 views

CVE-2023-53906

projectSend r1605 contains a stored cross-site scripting vulnerability that allows authenticated administrators to inject malicious JavaScript through the custom assets configuration page. Attackers can craft a JavaScript payload in the custom assets section that will execute when other users loa...

4.8CVSS5.9AI score
Exploits0References3
CVE
CVE
added 2025/12/17 10:44 p.m.9 views

CVE-2023-53928

PHPFusion 9.10.30 is affected by a stored cross-site scripting vulnerability in the file manager, allowing attackers to upload SVGs with embedded JavaScript. When such SVGs are viewed, they can execute client-side code that may steal session information or perform other user-side actions. The vul...

6.1CVSS6AI score0.00217EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2025/12/17 10:44 p.m.20 views

CVE-2023-53927 PHPJabbers Simple CMS 5.0 Stored Cross-Site Scripting via Section Creation

PHPJabbers Simple CMS 5.0 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through section name parameters. Attackers can create sections with embedded JavaScript payloads that will execute when administrators view the sections,...

5.4CVSS0.00233EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/12/17 10:44 p.m.3 views

CVE-2023-53928 PHPFusion 9.10.30 Stored Cross-Site Scripting via File Manager Upload

PHPFusion 9.10.30 contains a stored cross-site scripting vulnerability in the file manager that allows attackers to upload malicious SVG files with embedded JavaScript. Attackers can upload SVG files with script tags that execute arbitrary JavaScript when viewed, potentially stealing user session...

5.4CVSS6AI score0.00217EPSS
Exploits1References3
CVE
CVE
added 2025/12/17 10:44 p.m.12 views

CVE-2023-53927

The CVE-2023-53927 issue affects PHPJabbers Simple CMS 5.0. It is a stored cross-site scripting vulnerability in the section name parameter, allowing authenticated attackers to insert JavaScript payloads that execute when administrators view sections. The risk is described as client-side code exe...

5.4CVSS6.2AI score0.00233EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2025/12/17 10:44 p.m.20 views

CVE-2023-53925 UliCMS 2023.1 Stored Cross-Site Scripting via SVG File Upload

UliCMS 2023.1 contains a stored cross-site scripting vulnerability that allows attackers to upload malicious SVG files with embedded JavaScript. Attackers can upload crafted SVG files through the file management interface that execute arbitrary scripts when viewed by other users...

6.1CVSS0.00304EPSS
Exploits1References3
CVE
CVE
added 2025/12/17 10:44 p.m.7 views

CVE-2023-53906

CVE-2023-53906 (projectSend r1605) is a stored cross-site scripting vulnerability where authenticated administrators can inject JavaScript via the custom assets configuration page. A payload placed in the custom assets section executes when other users load the affected page, enabling persistent ...

5.1CVSS5.7AI score0.00257EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2025/12/17 10:16 p.m.6 views

CVE-2025-68401

ChurchCRM is an open-source church management system. Prior to version 6.0.0, the application stores user-supplied HTML/JS without sufficient sanitization/encoding. When other users later view this content, attacker-controlled JavaScript executes in their browser stored XSS. In affected contexts...

6.2CVSS0.0017EPSS
Exploits1References1
OSV
OSV
added 2025/12/17 8:15 p.m.7 views

CVE-2025-65233

Reflected cross-site scripting XSS in SLiMS slims9bulian before 9.6.0 via improper handling of $SERVER'PHPSELF' in index.php/sysconfig.inc.php, which allows remote attackers to execute arbitrary JavaScript in a victim's browser by supplying a crafted URL path...

6.1CVSS6.2AI score0.00184EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/12/17 6:2 p.m.7 views

CVE-2023-53895

PimpMyLog 1.7.14 contains an improper access control vulnerability that allows remote attackers to create admin accounts without authorization through the configuration endpoint. Attackers can exploit the unsanitized username field to inject malicious JavaScript, create a hidden backdoor account,...

9.8CVSS6.6AI score0.00567EPSS
Exploits1References1
OSV
OSV
added 2025/12/17 3:48 p.m.4 views

CLSA-2025-1765986482 webkit2gtk3: Fix of 4 CVEs

CVE-2025-13502: fix out of bounds read and integer underflow by adding bounds checking and validating message delimiters - CVE-2025-43430: fix bbq jit compiler writing to wrong stack slots in wasm try/catch blocks - CVE-2025-43421: fix memory handling issues that cause unexpected process crashes...

8.8CVSS6AI score0.00956EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/17 2:44 p.m.5 views

CVE-2025-43529

A flaw was found in webkitgtk where when processing a maliciously crafted web content a use-after-free type of weaknesses may be triggered leading to a remote code execution in the client machine. Mitigation To mitigate this issue, avoid processing untrusted web content. Additionally, disabling t...

8.8CVSS7.7AI score0.08439EPSS
Exploits8References4
SUSE Linux
SUSE Linux
added 2025/12/17 11:10 a.m.5 views

Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 140.6.0 ESR bsc1254551. MFSA 2025-94 CVE-2025-14321: use-after-free in the WebRTC: Signaling component. CVE-2025-14322: sandbox escape due to incorrect boundary conditions in the Graphics:...

8.8CVSS7.7AI score0.00498EPSS
Exploits2References22
OSV
OSV
added 2025/12/17 11:9 a.m.4 views

SUSE-SU-2025:4424-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 140.6.0 ESR bsc1254551. - MFSA 2025-94 CVE-2025-14321: use-after-free in the WebRTC: Signaling component. CVE-2025-14322: sandbox escape due to incorrect boundary conditions in the Graphics:...

9.8CVSS6.9AI score0.00498EPSS
Exploits2References12
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/17 10:44 a.m.7 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition is vulnerable to Cross-site Scripting due to serialize-javascript

Summary serialize-javascript is used by IBM watsonx Orchestrate Developer Edition as part of wxo-chat image Vulnerability Details CVEID:CVE-2024-11831 DESCRIPTION: A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly...

5.4CVSS5.9AI score0.01006EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/17 8:7 a.m.4 views

CVE-2025-14284

A flaw was found in @tiptap/extension-link. This vulnerability allows an attacker to execute arbitrary JavaScript JS code via unsanitized user input when setting or toggling links, by injecting a javascript: Uniform Resource Locator URL payload. Mitigation Mitigation for this issue is either not...

6.1CVSS6.8AI score0.00302EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2025/12/17 8:7 a.m.6 views

CVE-2025-67641

Jenkins Coverage Plugin 2.3054.ve1ff7baa123b and earlier does not validate the configured coverage results ID when creating coverage results, only when submitting the job configuration through the UI, allowing attackers with Item/Configure permission to use a javascript: scheme URL as identifier ...

8CVSS6AI score0.00257EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2025/12/17 2:19 a.m.7 views

SUSE CVE-2017-18871

An issue was discovered in Mattermost Server before 4.5.0, 4.4.5, 4.3.4, and 4.2.2. It allows attackers to cause a denial of service application crash via an @ character before a JavaScript field name...

7.5CVSS6.8AI score0.01114EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/17 12:0 a.m.4 views

PT-2025-51949

Name of the Vulnerable Software and Affected Versions Textpattern CMS version 4.8.8 Description Textpattern CMS contains a stored cross-site scripting issue in the article excerpt field. Authenticated users can inject malicious scripts into the excerpt. When an article is viewed by other users, t...

5.4CVSS5.9AI score0.00255EPSS
Exploits1References7
Rows per page
Query Builder