Lucene search
K

59134 matches found

Cvelist
Cvelist
added 2025/12/11 9:38 p.m.22 views

CVE-2024-58297 PyroCMS v3.0.1 Stored Cross-Site Scripting via Admin Redirects

PyroCMS v3.0.1 contains a stored cross-site scripting vulnerability in the admin redirects configuration that allows attackers to inject malicious scripts. Attackers can insert a payload in the 'Redirect From' field to execute arbitrary JavaScript when administrators view the redirects page...

5.3CVSS0.0021EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/12/11 9:38 p.m.3 views

CVE-2024-58296 CE Phoenix v3.0.1 Stored Cross-Site Scripting via admin/currencies.php

CE Phoenix v3.0.1 contains a stored cross-site scripting vulnerability in the currencies administration panel that allows attackers to inject malicious scripts. Attackers can insert XSS payloads in the title field to execute arbitrary JavaScript when administrators view the currencies page...

5.3CVSS5.5AI score0.0031EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/12/11 7:1 p.m.12 views

CVE-2025-64869

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

5.4CVSS5.5AI score0.00167EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/11 7:1 p.m.7 views

CVE-2025-64601

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

5.4CVSS5.6AI score0.00205EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/11 7:1 p.m.12 views

CVE-2025-64852

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

5.4CVSS5.5AI score0.00167EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/11 7:1 p.m.9 views

CVE-2025-64557

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

5.4CVSS5.5AI score0.00205EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/11 7:0 p.m.10 views

CVE-2025-64593

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

5.4CVSS5.4AI score0.0017EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/11 7:0 p.m.3 views

CVE-2025-64580

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

5.4CVSS5.5AI score0.00205EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/11 6:30 p.m.6 views

EUVD-2025-202707

An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. They allow potential arbitrary code execution when processing crafted PDF files. The vulnerability stems from insufficient handling of memory allocation failures after assigning an extremely...

7.8CVSS7.8AI score0.00143EPSS
Exploits0References2
EUVD
EUVD
added 2025/12/11 6:30 p.m.4 views

EUVD-2025-202702

An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. A crafted PDF can use JavaScript to alter annotation content and subsequently clear the file's modification status via JavaScript interfaces. This circumvents digital signature verification b...

6.5CVSS7.3AI score0.0017EPSS
Exploits0References2
EUVD
EUVD
added 2025/12/11 6:30 p.m.4 views

EUVD-2025-202708

An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. When pages in a PDF are deleted via JavaScript, the application may fail to properly update internal states. Subsequent annotation management operations assume these states are valid, causing...

7.8CVSS7.7AI score0.00169EPSS
Exploits0References2
NVD
NVD
added 2025/12/11 4:16 p.m.4 views

CVE-2025-55307

An issue was discovered in Foxit PDF and Editor for Windows before 13.2 and 2025 before 2025.2. Opening a malicious PDF containing a crafted JavaScript call to search.query with a crafted cDIPath parameter e.g., "/" may cause an out-of-bounds read in internal path-parsing logic, potentially leadi...

3.3CVSS0.00147EPSS
Exploits0References1
NVD
NVD
added 2025/12/11 4:16 p.m.5 views

CVE-2025-55313

An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. They allow potential arbitrary code execution when processing crafted PDF files. The vulnerability stems from insufficient handling of memory allocation failures after assigning an extremely...

7.8CVSS0.00143EPSS
Exploits0References1
NVD
NVD
added 2025/12/11 4:16 p.m.6 views

CVE-2025-55312

An issue was discovered in Foxit PDF and Editor for Windows before 13.2 and 2025 before 2025.2. When pages in a PDF are deleted via JavaScript, the application may fail to properly update internal states. Subsequent annotation management operations assume these states are valid, causing dereferen...

7.8CVSS0.00126EPSS
Exploits0References1
OSV
OSV
added 2025/12/11 4:16 p.m.4 views

CVE-2025-55311

An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. A crafted PDF can use JavaScript to alter annotation content and subsequently clear the file's modification status via JavaScript interfaces. This circumvents digital signature verification b...

6.5CVSS5.8AI score0.0017EPSS
Exploits0References1
OSV
OSV
added 2025/12/11 4:16 p.m.7 views

CVE-2025-55314

An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. When pages in a PDF are deleted via JavaScript, the application may fail to properly update internal states. Subsequent annotation management operations assume these states are valid, causing...

7.8CVSS6AI score0.00169EPSS
Exploits0References1
NVD
NVD
added 2025/12/11 4:16 p.m.10 views

CVE-2025-55309

An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. A crafted PDF can contain JavaScript that attaches an OnBlur action on a form field that destroys an annotation. During user right-click interaction, the program's internal focus change...

6.7CVSS0.00115EPSS
Exploits0References1
NVD
NVD
added 2025/12/11 4:16 p.m.7 views

CVE-2025-55311

An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. A crafted PDF can use JavaScript to alter annotation content and subsequently clear the file's modification status via JavaScript interfaces. This circumvents digital signature verification b...

6.5CVSS0.0017EPSS
Exploits0References1
OSV
OSV
added 2025/12/11 4:16 p.m.3 views

CVE-2025-55312

An issue was discovered in Foxit PDF and Editor for Windows before 13.2 and 2025 before 2025.2. When pages in a PDF are deleted via JavaScript, the application may fail to properly update internal states. Subsequent annotation management operations assume these states are valid, causing dereferen...

7.8CVSS6.1AI score
Exploits0References1
NVD
NVD
added 2025/12/11 4:16 p.m.15 views

CVE-2025-55314

An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. When pages in a PDF are deleted via JavaScript, the application may fail to properly update internal states. Subsequent annotation management operations assume these states are valid, causing...

7.8CVSS0.00169EPSS
Exploits0References1
Rows per page
Query Builder