Lucene search
+L

369 matches found

RedhatCVE
RedhatCVE
added 2026/04/16 7:22 p.m.8 views

CVE-2026-34161

Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, a Stored Cross-Site Scripting XSS vulnerability exists in the social post attachment upload functionality, where an authenticated user can upload a malicious HTML file containing JavaScript via the...

5.4CVSS6AI score0.00219EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/16 2:14 a.m.7 views

CVE-2026-6311

An uninitialized use flaw was found in the Accessibility component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=498201025...

9CVSS5.7AI score0.00273EPSS
Exploits0References5
NVD
NVD
added 2026/04/14 9:16 p.m.7 views

CVE-2026-34161

Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, a Stored Cross-Site Scripting XSS vulnerability exists in the social post attachment upload functionality, where an authenticated user can upload a malicious HTML file containing JavaScript via the...

5.4CVSS0.00219EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/14 3:30 p.m.5 views

EUVD-2026-22273

A maliciously crafted HTML payload in a component name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read loc...

7.1CVSS6.1AI score0.00204EPSS
Exploits0References4
Snyk
Snyk
added 2026/04/10 3:34 p.m.5 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the email notification rendering process. An attacker can inject arbitrary HTML content, such as phishing links or tracking images, by crafting malicious task titles that are embedded in notification emails...

5.4CVSS5.3AI score0.00195EPSS
Exploits1References2
NVD
NVD
added 2026/03/27 2:16 p.m.5 views

CVE-2026-32859

ByteDance DeerFlow versions prior to commit 5dbb362 contain a stored cross-site scripting vulnerability in the artifacts API that allows attackers to execute arbitrary scripts by uploading malicious HTML or script content as artifacts. Attackers can store malicious content that executes in the...

5.4CVSS0.00196EPSS
Exploits0References3
CVE
CVE
added 2026/03/27 1:41 p.m.14 views

CVE-2026-32859

ByteDance Deer-Flow is affected by a stored XSS in the artifacts API for versions prior to commit 5dbb362. An attacker can upload malicious HTML/script content as artifacts, causing the browser to execute scripts when users view artifacts, potentially leading to session compromise and credential ...

5.4CVSS5.9AI score0.00196EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/19 10:46 p.m.23 views

CVE-2026-32721 LuCI luci-mod-network: Possible XSS attack in WiFi scan on Joining Wireless Client modal

LuCI is the OpenWrt Configuration Interface. Versions prior to both 24.10.5 and 25.12.0, contain a stored XSS vulnerability in the wireless scan modal, where SSID values from scan results are rendered as raw HTML without any sanitization. The wireless.js file in the luci-mod-network package passe...

8.6CVSS0.00239EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/18 7:34 a.m.5 views

CVE-2026-22322 Stored Cross‑Site Scripting in Link Aggregation Name Handling

A stored cross‑site scripting XSS vulnerability in the Link Aggregation configuration interface allows an unauthenticated remote attacker to create a trunk entry containing malicious HTML/JavaScript code. When the affected page is viewed, the injected script executes in the context of the victim’...

7.1CVSS5.8AI score0.00253EPSS
Exploits0References1
Trellix
Trellix
added 2026/03/11 12:0 a.m.32 views

The Anatomy of HTML Attachment Phishing

The Anatomy of HTML Attachment Phishing: One Code, Many Variants By Niranjan Hegde and Sijo Jacob · June 14, 2023 This blog was also written by Mathanraj Thangaraju Introduction Phishing is the malevolent practise of pretending to be a reliable entity in electronic communication to steal sensitiv...

7.4AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/03/10 9:51 p.m.3 views

CVE-2026-31833

Umbraco is an ASP.NET CMS. From 16.2.0 to before 16.5.1 and 17.2.2, An authenticated backoffice user with access to Settings can inject malicious HTML into property type descriptions. Due to an overly permissive attributeNameCheck configuration /.+/ in the UFM DOMPurify instance, event handler...

6.7CVSS5.8AI score0.0026EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/28 1:54 a.m.7 views

CVE-2026-28274

Initiative is a self-hosted project management platform. Versions of the application prior to 0.32.4 are vulnerable to Stored Cross-Site Scripting XSS in the document upload functionality. Any user with upload permissions within the "Initiatives" section can upload a malicious .html or .htm file ...

8.7CVSS6.1AI score0.00551EPSS
Exploits1References1
CVE
CVE
added 2026/02/19 10:36 p.m.17 views

CVE-2025-13671

OpenText Web Site Management Server contains a CSRF vulnerability (CVE-2025-13671) affecting versions 16.7.0 and 16.7.1. An active user with a session could be induced to perform unintended changes via a page containing malicious HTML, effectively exploiting CSRF. CVSS v4.0 vectors: Network attac...

6.5CVSS5.5AI score0.0015EPSS
Exploits1References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2026/02/16 12:0 a.m.3 views

The vulnerability of the Fenced Frames privacy function in Google Chrome allows a hacker to replace the user interface.

The vulnerability of the Fenced Frames privacy function in Google Chrome relates to information representation errors in the user interface. Exploiting this vulnerability could allow a malicious actor to replace the user interface with a specially created HTML page...

7.8CVSS6.6AI score0.00225EPSS
Exploits0References6Affected Software3
ATTACKERKB
ATTACKERKB
added 2026/02/11 8:37 p.m.6 views

CVE-2020-37178

KeePass Password Safe versions before 2.44 contain a denial of service vulnerability in the help system's HTML handling. Attackers can trigger the vulnerability by dragging and dropping malicious HTML files into the help area, potentially causing application instability or crash...

7.5CVSS5.5AI score0.00282EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/11 8:37 p.m.3 views

CVE-2020-37178 KeePass 2.44 - Denial of Service (PoC)

KeePass Password Safe versions before 2.44 contain a denial of service vulnerability in the help system's HTML handling. Attackers can trigger the vulnerability by dragging and dropping malicious HTML files into the help area, potentially causing application instability or crash...

7.5CVSS5.5AI score0.00282EPSS
Exploits0References3
CVE
CVE
added 2026/02/11 11:4 a.m.49 views

CVE-2026-1282

GitLab CVE-2026-1282 affects GitLab CE/EE: versions before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 are vulnerable. An authenticated user could inject malicious content into project labels titles. Remediation is provided via patch releases: 18.6.6, 18.7.4, and 18.8.4. The CVSS data indi...

5.4CVSS5.5AI score0.00162EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/06 12:0 a.m.10 views

PT-2026-6814

Name of the Vulnerable Software and Affected Versions Business Live Chat Software version 1.0 Description The software contains a cross-site request forgery condition that permits attackers to alter user account roles without needing to authenticate. An attacker can create a malicious HTML form t...

5.3CVSS5.3AI score0.00181EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/02/03 10:1 p.m.3 views

CVE-2020-37091

Maian Support Helpdesk 4.3 contains a cross-site request forgery vulnerability that allows attackers to create administrative accounts without authentication. Attackers can craft malicious HTML forms to add admin users and upload PHP files with unrestricted file upload capabilities through the FA...

5.3CVSS5.2AI score0.0015EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/01/30 10:7 p.m.5 views

CVE-2020-37046

Sistem Informasi Pengumuman Kelulusan Online 1.0 contains a cross-site request forgery vulnerability that allows attackers to add unauthorized admin users through the tambahuser.php endpoint. Attackers can craft a malicious HTML form to submit admin credentials and create new administrative...

5.3CVSS5.8AI score0.00179EPSS
Exploits0References4
Rows per page
Query Builder