Lucene search
+L

210 matches found

nvd
nvd
added 3 days ago3 views

CVE-2026-57380

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in hupe13 Extensions for Leaflet Map extensions-leaflet-map allows DOM-Based XSS.This issue affects Extensions for Leaflet Map: from n/a through = 5.1...

7.1CVSS0.0018EPSS
Exploits0References1
cvelist
cvelist
added 3 days ago28 views

CVE-2026-57380 WordPress Extensions for Leaflet Map plugin <= 5.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in hupe13 Extensions for Leaflet Map extensions-leaflet-map allows DOM-Based XSS.This issue affects Extensions for Leaflet Map: from n/a through = 5.1...

7.1CVSS0.0018EPSS
Exploits0References1
cve
cve
added 3 days ago5 views

CVE-2026-57380

The CVE-2026-57380 entry concerns WordPress Extensions for Leaflet Map (extensions-leaflet-map) with versions up to and including 5.1. It describes an improper neutralization of user input during web page generation, enabling DOM-based cross-site scripting (XSS). Affected component: the Extension...

7.1CVSS6.1AI score0.0018EPSS
Exploits0References1
patchstack
patchstack
added 2026/07/07 2:31 p.m.6 views

WordPress Extensions for Leaflet Map plugin <= 5.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by manop55555 in WordPress Plugin Extensions for Leaflet Map versions = 5.1...

7.1CVSS5.9AI score0.0018EPSS
Exploits0Affected Software1
osv
osv
added 2026/07/02 5:51 p.m.4 views

GHSA-4H7G-5542-V3FC mediawiki/maps has stored XSS through the overlays parameter in the display_map parser function

Summary Stored XSS through wikitext can be performed by inserting malicious HTML into the overlays parameter of the displaymap parser function when using the leaflet service. Details The maps extension doesn't escape overlay names before passing them to leaflet. Leaflet then inserts them as HTML:...

8.6CVSS5.8AI score
Exploits0References2
redhatcve
redhatcve
added 2026/06/05 7:35 p.m.11 views

CVE-2026-5451

The Extensions for Leaflet Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'elevation-track' shortcode in all versions up to, and including, 4.14. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible f...

6.4CVSS5.7AI score0.00201EPSS
Exploits0References1
osv
osv
added 2026/05/19 12:0 a.m.10 views

MAL-2026-4042 Malicious code in @antv/l7-leaflet (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

5.8AI score
Exploits0References5
ossf
ossf
added 2026/05/19 12:0 a.m.15 views

Malicious code in @antv/l7-leaflet (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

5.8AI score
Exploits0References5
nessus
nessus
added 2026/04/15 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2025-69993

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Leaflet versions up to and including 1.9.4 are vulnerable to Cross-Site Scripting XSS via the bindPopup method. This method renders user-supplied input as raw...

6.1CVSS6.1AI score0.00191EPSS
Exploits2References3
redhatcve
redhatcve
added 2026/04/14 6:19 p.m.6 views

CVE-2025-69993

A flaw was found in Leaflet. This Cross-Site Scripting XSS vulnerability exists in the bindPopup method, which fails to sanitize user-supplied input. A remote attacker can exploit this by injecting malicious JavaScript code into map popups. When a victim views an affected map, the injected script...

6.1CVSS5.8AI score0.00191EPSS
Exploits2References5
vulnersosv
vulnersosv
added 2026/04/14 4:15 p.m.22 views

2gis-maps (>=2.2.4 <=4.0.12), 2ndlogiccomponents (>=1.1.0 <=1.5.0) +3087 more potentially affected by CVE-2025-69993 via leaflet (>=0.5.1 <=2.0.0-alpha.1)

leaflet NPM version =0.5.1, =2.2.4, =1.1.0, =1.0.44, =5.4.0-pre.1, =5.4.0-pre.1, =0.0.1, =1.6.1, =1.0.0, =4.0.0, =0.1.0, =0.0.2, =1.0.0, =2.0.1 and more Source cves: CVE-2025-69993 Source advisory: SNYK:JS-LEAFLET-16427276...

6.1CVSS5.7AI score0.00191EPSS
Exploits2
vulnersosv
vulnersosv
added 2026/04/14 4:15 p.m.7 views

de.digitalcollections:iiif-bookshelf-webapp (>=2.6.2 <=3.1.0), de.digitalcollections:iiif-server-demo (>=2.1.3 <=4.0.6) +25 more potentially affected by CVE-2025-69993 via org.webjars.npm:leaflet (>=0.7.7 <=2.0.0-alpha.1)

org.webjars.npm:leaflet MAVEN version =0.7.7, =2.6.2, =2.1.3, =0.9.0, =1.0.3, =2.0.0 - org.webjars.npm:github-com-commenthol-leaflet-rastercoords =1.0.2 - org.webjars.npm:github-com-jseppi-Leaflet-MakiMarkers =3.1.0 - org.webjars.npm:github-com-michaz-graphhopper-maps =0.0.1 -...

6.1CVSS5.4AI score0.00191EPSS
Exploits2
snyk
snyk
added 2026/04/14 4:15 p.m.14 views

Cross-site Scripting (XSS)

Overview leaflet is a JavaScript library for mobile-friendly interactive maps Affected versions of this package are vulnerable to Cross-site Scripting XSS via the bindPopup method. An attacker can execute arbitrary JavaScript code in the context of a user's browser session by injecting malicious...

6.1CVSS5.9AI score0.00191EPSS
Exploits2References2
snyk
snyk
added 2026/04/14 4:15 p.m.10 views

Cross-site Scripting (XSS)

Overview org.webjars.npm:leaflet is a JavaScript library for mobile-friendly interactive maps Affected versions of this package are vulnerable to Cross-site Scripting XSS via the bindPopup method. An attacker can execute arbitrary JavaScript code in the context of a user's browser session by...

6.1CVSS5.9AI score0.00191EPSS
Exploits2References2
euvd
euvd
added 2026/04/14 3:30 p.m.5 views

EUVD-2025-209449

Leaflet versions up to and including 1.9.4 are vulnerable to Cross-Site Scripting XSS via the bindPopup method. This method renders user-supplied input as raw HTML without sanitization, allowing attackers to inject arbitrary JavaScript code through event handler attributes e.g., . When a victim...

6.1CVSS5.9AI score0.00191EPSS
Exploits2References3
nvd
nvd
added 2026/04/14 3:16 p.m.4 views

CVE-2025-69993

Leaflet versions up to and including 1.9.4 are vulnerable to Cross-Site Scripting XSS via the bindPopup method. This method renders user-supplied input as raw HTML without sanitization, allowing attackers to inject arbitrary JavaScript code through event handler attributes e.g., . When a victim...

6.1CVSS0.00191EPSS
Exploits2References2
osv
osv
added 2026/04/14 3:16 p.m.5 views

DEBIAN-CVE-2025-69993

Leaflet versions up to and including 1.9.4 are vulnerable to Cross-Site Scripting XSS via the bindPopup method. This method renders user-supplied input as raw HTML without sanitization, allowing attackers to inject arbitrary JavaScript code through event handler attributes e.g., . When a victim...

6.1CVSS5.5AI score0.00191EPSS
Exploits2References1
ubuntucve
ubuntucve
added 2026/04/14 3:16 p.m.7 views

CVE-2025-69993

Leaflet versions up to and including 1.9.4 are vulnerable to Cross-Site Scripting XSS via the bindPopup method. This method renders user-supplied input as raw HTML without sanitization, allowing attackers to inject arbitrary JavaScript code through event handler attributes e.g., . When a victim...

6.1CVSS5.9AI score0.00191EPSS
Exploits2References3
osv
osv
added 2026/04/14 3:16 p.m.8 views

UBUNTU-CVE-2025-69993

Leaflet versions up to and including 1.9.4 are vulnerable to Cross-Site Scripting XSS via the bindPopup method. This method renders user-supplied input as raw HTML without sanitization, allowing attackers to inject arbitrary JavaScript code through event handler attributes e.g., . When a victim...

6.1CVSS5.9AI score0.00191EPSS
Exploits2References4
githubexploit
githubexploit
added 2026/04/14 9:31 a.m.137 views

Exploit for CVE-2025-69993

Leaflet XSS POC Proof of Concept for CVE-2025-69993 — XSS vul...

5.8AI score0.00191EPSS
Exploits2
Rows per page
Query Builder