Lucene search
K

59103 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/12/17 10:44 a.m.7 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition is vulnerable to Cross-site Scripting due to serialize-javascript

Summary serialize-javascript is used by IBM watsonx Orchestrate Developer Edition as part of wxo-chat image Vulnerability Details CVEID:CVE-2024-11831 DESCRIPTION: A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly...

5.4CVSS5.9AI score0.01006EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/17 8:7 a.m.4 views

CVE-2025-14284

A flaw was found in @tiptap/extension-link. This vulnerability allows an attacker to execute arbitrary JavaScript JS code via unsanitized user input when setting or toggling links, by injecting a javascript: Uniform Resource Locator URL payload. Mitigation Mitigation for this issue is either not...

6.1CVSS6.8AI score0.00302EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2025/12/17 8:7 a.m.6 views

CVE-2025-67641

Jenkins Coverage Plugin 2.3054.ve1ff7baa123b and earlier does not validate the configured coverage results ID when creating coverage results, only when submitting the job configuration through the UI, allowing attackers with Item/Configure permission to use a javascript: scheme URL as identifier ...

8CVSS6AI score0.00257EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2025/12/17 2:19 a.m.7 views

SUSE CVE-2017-18871

An issue was discovered in Mattermost Server before 4.5.0, 4.4.5, 4.3.4, and 4.2.2. It allows attackers to cause a denial of service application crash via an @ character before a JavaScript field name...

7.5CVSS6.8AI score0.01114EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/17 12:0 a.m.4 views

PT-2025-51949

Name of the Vulnerable Software and Affected Versions Textpattern CMS version 4.8.8 Description Textpattern CMS contains a stored cross-site scripting issue in the article excerpt field. Authenticated users can inject malicious scripts into the excerpt. When an article is viewed by other users, t...

5.4CVSS5.9AI score0.00255EPSS
Exploits1References7
Zero Day Initiative
Zero Day Initiative
added 2025/12/17 12:0 a.m.6 views

Apple Safari JavaScriptCore FTL DataView byteLength Property Handling Type Confusion Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the...

8.8CVSS6.9AI score0.32EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/17 12:0 a.m.4 views

UliCMS 跨站脚本漏洞

UliCMS is a content management system CMS open source by UliCMS. The system supports features such as access control and WYSIWYG editing. A cross-site scripting vulnerability exists in UliCMS version 2023.1, which stems from the fact that an attacker can upload a malicious SVG file with embedded...

6.1CVSS6AI score0.00304EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/12/17 12:0 a.m.3 views

PT-2025-51966

Name of the Vulnerable Software and Affected Versions PHPFusion version 9.10.30 Description The software contains a stored cross-site scripting issue in the file manager. Attackers can upload malicious SVG files containing embedded JavaScript. These files, when viewed, can execute arbitrary...

5.4CVSS6.2AI score0.00217EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2025/12/17 12:0 a.m.6 views

PT-2025-51981

Name of the Vulnerable Software and Affected Versions affected versions not specified Description A flaw exists in the file upload process within the bookmark and asset rendering pipeline. An attacker can upload a malicious SVG file containing JavaScript code. When an authenticated administrator...

8.2CVSS6.3AI score0.00256EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/12/17 12:0 a.m.6 views

PT-2025-51954

Name of the Vulnerable Software and Affected Versions Zenphoto version 1.6 Description The software contains a stored cross-site scripting issue in the user postal code field. This field is accessible through the 'admin-users.php' interface. When administrators view user information that includes...

5.1CVSS6.2AI score0.00272EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/12/17 12:0 a.m.4 views

CVE-2025-65233

Reflected cross-site scripting XSS in SLiMS slims9bulian before 9.6.0 via improper handling of $SERVER'PHPSELF' in index.php/sysconfig.inc.php, which allows remote attackers to execute arbitrary JavaScript in a victim's browser by supplying a crafted URL path...

5.9AI score0.00184EPSS
Exploits1References2
Redos
Redos
added 2025/12/17 12:0 a.m.5 views

ROS-20251217-7311

A vulnerability in the V8 JavaScript script handler of Google Chrome browser is related to incorrect security checks for standard elements. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using a specially crafted HTML page...

8.8CVSS6.5AI score0.00231EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2025/12/17 12:0 a.m.5 views

PT-2025-51944

Name of the Vulnerable Software and Affected Versions projectSend version r1605 Description The software contains a stored cross-site scripting issue. Authenticated administrators can inject malicious JavaScript through the custom assets configuration page. An attacker can create a JavaScript...

5.1CVSS6.2AI score0.00257EPSS
Exploits1References6
CNNVD
CNNVD
added 2025/12/17 12:0 a.m.2 views

ChurchCRM 跨站脚本漏洞

ChurchCRM is an open source church management system. ChurchCRM suffers from a cross-site scripting vulnerability that stems from insufficient cleanup and coding when storing user-entered HTML/JS, which can be exploited by an attacker to execute arbitrary Web script or HTML by injecting a crafted...

6.2CVSS5.9AI score0.0017EPSS
Exploits1References2
Redos
Redos
added 2025/12/17 12:0 a.m.8 views

ROS-20251217-7315

A vulnerability in the V8 JavaScript script handler of Google Chrome browser is related to data type mixing errors. Exploitation of the vulnerability could allow a remote attacker to affect the confidentiality, integrity and availability of protected information using a specially crafted HTML pag...

8.8CVSS6.4AI score0.00219EPSS
Exploits0
Redos
Redos
added 2025/12/17 12:0 a.m.7 views

ROS-20251217-7316

A vulnerability in the V8 JavaScript script handler of Google Chrome browser is related to data type mixing errors. Exploitation of the vulnerability could allow a remote attacker to affect the confidentiality, integrity and availability of protected information using a specially crafted HTML pag...

8.8CVSS6.4AI score0.00219EPSS
Exploits0
Redos
Redos
added 2025/12/17 12:0 a.m.5 views

ROS-20251217-7317

A vulnerability in the V8 JavaScript script handler of Google Chrome browser is related to data type mixing errors. Exploitation of the vulnerability could allow a remote attacker to affect the confidentiality, integrity and availability of protected information using a specially crafted HTML pag...

8.8CVSS6.4AI score0.00219EPSS
Exploits0
Redos
Redos
added 2025/12/17 12:0 a.m.5 views

ROS-20251217-7318

A vulnerability in the V8 JavaScript script handler of Google Chrome browser is related to data type mixing errors. Exploitation of the vulnerability could allow a remote attacker to affect the confidentiality, integrity and availability of protected information using a specially crafted HTML pag...

8.8CVSS6.4AI score0.00219EPSS
Exploits0
Redos
Redos
added 2025/12/17 12:0 a.m.6 views

ROS-20251217-7312

A vulnerability in the V8 JavaScript script handler of Google Chrome browser is related to data type mixing errors. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code using a specially crafted HTML page...

8.8CVSS7.5AI score0.04835EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2025/12/16 10:54 p.m.4 views

CVE-2025-14766

Out of bounds read and write in V8 in Google Chrome prior to 143.0.7499.147 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

6.7AI score0.0281EPSS
Exploits0References2
Rows per page
Query Builder