Lucene search
+L

369 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 9:34 a.m.12 views

CVE-2024-22213

Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. In affected versions users could be tricked into executing malicious code that would execute in their browser via HTML sent as a comment. It is recommended that the...

5.4CVSS6.9AI score0.00505EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:25 a.m.10 views

CVE-2024-0243

With the following crawler configuration: python from bs4 import BeautifulSoup as Soup url = "https://example.com" loader = RecursiveUrlLoader url=url, maxdepth=2, extractor=lambda x: Soupx, "html.parser".text docs = loader.load An attacker in control of the contents of https://example.com could...

8.1CVSS7.8AI score0.00517EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:43 a.m.5 views

CVE-2023-20205

Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager EPNM could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface on an affected device...

5.4CVSS5.7AI score0.00358EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:23 p.m.11 views

CVE-2021-24619

The Per page add to head WordPress plugin through 1.4.4 does not properly sanitise one of its setting, allowing malicious HTML to be inserted by high privilege users even when the unfilteredhtml capability is disallowed, which could lead to Cross-Site Scripting issues...

4.8CVSS5.9AI score0.00617EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:34 a.m.10 views

CVE-2019-15614

Missing sanitization in the iOS App 2.24.4 causes an XSS when opening malicious HTML files...

5.4CVSS5.6AI score0.00783EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:43 a.m.8 views

CVE-2019-17324

ClipSoft REXPERT 1.0.0.527 and earlier version allows directory traversal by issuing a special HTTP POST request with ../ characters. This could lead to create malicious HTML file, because they can inject a content with crafted template. User interaction is required to exploit this vulnerability ...

6.5CVSS6.6AI score0.01212EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:13 a.m.7 views

CVE-2019-1010054

Dolibarr 7.0.0 is affected by: Cross Site Request Forgery CSRF. The impact is: allow malitious html to change user password, disable users and disable password encryptation. The component is: Function User password change, user disable and password encryptation. The attack vector is: admin access...

8.8CVSS7AI score0.02186EPSS
Exploits1References1
Snyk
Snyk
added 2025/05/14 6:43 p.m.7 views

Information Exposure

Overview org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Information Exposure via the Loader component. An attacker can leak sensitive cross-origin data by crafting...

5.1CVSS6.7AI score0.05438EPSS
Exploits2References2
Veracode
Veracode
added 2025/05/13 7:44 p.m.9 views

Cross-site Scripting (XSS)

org.graylog2:graylog2-server is vulnerable to Cross-site Scripting XSS. The vulnerability is due to insecure input handling due to the ability to inject and submit malicious HTML forms via the Event Definition Remediation Step field, which can result in session cookie theft under specific...

8CVSS6.2AI score0.00229EPSS
Exploits0References3Affected Software1
Hacker One
Hacker One
added 2025/04/28 11:26 a.m.1043 views

Dust: Stored XSS in File Upload Leads to Privilege Escalation and Full Workspace Takeover

A stored cross-site scripting XSS vulnerability was discovered in the Dust platform's file upload functionality. An attacker could upload a malicious HTML file to a conversation. When another user, including an admin, visited the uploaded file, JavaScript was executed in their authenticated brows...

5.4AI score
Exploits0
Securelist
Securelist
added 2025/04/21 8:0 a.m.21 views

Phishing attacks leveraging HTML code inside SVG files

With each passing year, phishing attacks feature more and more elaborate techniques designed to trick users and evade security measures. Attackers employ deceptive URL redirection tactics, such as appending malicious website addresses to seemingly safe links, embed links in PDFs, and send HTML...

6.9AI score
Exploits0
Snyk
Snyk
added 2025/03/31 3:30 a.m.2 views

Cross-site Scripting (XSS)

Overview concrete5/concrete5 is a concrete5 open source CMS. Affected versions of this package are vulnerable to Cross-site Scripting XSS through the Save function. An attacker with page editing privileges can inject malicious HTML content by manipulating the content argument. Details Cross-site...

4.8CVSS5.3AI score
Exploits0References2
Packet Storm
Packet Storm
added 2025/03/27 12:0 a.m.255 views

Geovision GV-ASManager 6.1.10 Cross Site Request Forgery

Geovision GV-ASManager versions 6.1.10 and below suffer from a cross site request forgery vulnerability. CVE-2024-56901 CVE-2024-56901 - A Cross-Site Request Forgery CSRF vulnerability in Geovision GV-ASManager web application with the version 6.1.1.0 or less that allows attackers to arbitrarily...

8.8CVSS6.7AI score0.23232EPSS
Exploits5
RedhatCVE
RedhatCVE
added 2025/03/22 12:44 p.m.10 views

CVE-2024-8400

A stored cross-site scripting XSS vulnerability exists in the latest version of gaizhenbiao/chuanhuchatgpt. The vulnerability allows an attacker to upload a malicious HTML file containing JavaScript code, which is then executed when the file is accessed. This can lead to the execution of arbitrar...

5.4CVSS5.5AI score0.00378EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/03/20 10:11 a.m.22 views

CVE-2024-8400 Stored XSS in gaizhenbiao/chuanhuchatgpt

A stored cross-site scripting XSS vulnerability exists in the latest version of gaizhenbiao/chuanhuchatgpt. The vulnerability allows an attacker to upload a malicious HTML file containing JavaScript code, which is then executed when the file is accessed. This can lead to the execution of arbitrar...

5.4CVSS0.00378EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/03/20 10:11 a.m.7 views

CVE-2024-8400 Stored XSS in gaizhenbiao/chuanhuchatgpt

A stored cross-site scripting XSS vulnerability exists in the latest version of gaizhenbiao/chuanhuchatgpt. The vulnerability allows an attacker to upload a malicious HTML file containing JavaScript code, which is then executed when the file is accessed. This can lead to the execution of arbitrar...

5.4CVSS5.3AI score0.00378EPSS
Exploits1References2
CVE
CVE
added 2025/03/20 10:11 a.m.52 views

CVE-2024-8400

CVE-2024-8400 is a stored cross-site scripting vulnerability in gaizhenbiao/chuanhuchatgpt. The issue stems from lack of proper filtering/escaping when a user uploads an HTML file that contains JavaScript, which is then executed when the file is accessed. This enables arbitrary JavaScript executi...

5.4CVSS5.3AI score0.00378EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2025/03/20 10:11 a.m.11 views

CVE-2024-8400 Stored XSS in gaizhenbiao/chuanhuchatgpt

A stored cross-site scripting XSS vulnerability exists in the latest version of gaizhenbiao/chuanhuchatgpt. The vulnerability allows an attacker to upload a malicious HTML file containing JavaScript code, which is then executed when the file is accessed. This can lead to the execution of arbitrar...

5.4CVSS6AI score0.00378EPSS
Exploits1References4
CVE
CVE
added 2025/03/20 10:11 a.m.55 views

CVE-2024-7806

CVE-2024-7806 affects open-webui/open-webui ≤ 0.3.8. A CSRF flaw (lax SameSite cookies, no CSRF tokens) enables remote code execution by non-admin users when a victim visits a crafted page, potentially modifying a pipeline’s Python code and running arbitrary commands with the victim’s privileges....

8.8CVSS8.5AI score0.00444EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2025/03/20 10:8 a.m.42 views

CVE-2024-11441

CVE-2024-11441 affects Serge (open source web interface for chatting via llama.cpp) at version 0.9.0. The issue is a stored XSS caused by improper neutralization of input during web page generation in the chat prompt. An attacker can send a crafted message containing malicious HTML/JavaScript, wh...

6.1CVSS6AI score0.00368EPSS
Exploits0References1
Rows per page
Query Builder