Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2026/03/27 2:25 p.m.9 views

CVE-2021-27517

Foxit PDF SDK For Web through 7.5.0 allows XSS. There is arbitrary JavaScript code execution in the browser if a victim uploads a malicious PDF document containing embedded JavaScript code that abuses app.alert in the Acrobat JavaScript API...

6.1CVSS7.4AI score0.0077EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/20 9:56 a.m.12 views

CVE-2025-8349 Cross-Site Scripting (XSS) stored in Tawk Live Chat

Cross-site Scripting XSS stored vulnerability in Tawk Live Chat. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by uploading a malicious PDF with JavaScript payload through the chatbot. The PDF is stored by the application and subsequently displayed witho...

5.3CVSS0.00486EPSS
Exploits0References1
OSV
OSV
added 2025/03/20 10:11 a.m.9 views

CVE-2024-12871 Stored Cross-site Scripting (XSS) in infiniflow/ragflow

An XSS vulnerability in infiniflow/ragflow version 0.12.0 allows an attacker to upload a malicious PDF file to the knowledge base. When the file is viewed within Ragflow, the payload is executed in the context of the user's browser. This can lead to session hijacking, data exfiltration, or...

5.4CVSS6.1AI score0.00359EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/03/20 10:11 a.m.9 views

CVE-2024-12871 Stored Cross-site Scripting (XSS) in infiniflow/ragflow

An XSS vulnerability in infiniflow/ragflow version 0.12.0 allows an attacker to upload a malicious PDF file to the knowledge base. When the file is viewed within Ragflow, the payload is executed in the context of the user's browser. This can lead to session hijacking, data exfiltration, or...

5.4CVSS5.3AI score0.00359EPSS
Exploits1References1
OSV
OSV
added 2020/11/05 5:15 p.m.3 views

CVE-2020-26505

A Stored Cross-Site Scripting XSS vulnerability in the “Marmind” web application with version 4.1.141.0 allows an attacker to inject code that will later be executed by legitimate users when they open the assets containing the JavaScript code. This would allow an attacker to perform unauthorized...

6.1CVSS6.4AI score0.007EPSS
Exploits1References2
Rows per page
Query Builder