Lucene search
K

377 matches found

Patchstack
Patchstack
added 2026/02/03 11:31 p.m.6 views

WordPress WP Content Permission plugin <= 1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'ohmem-message' Parameter vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via 'ohmem-message' Parameter vulnerability discovered by 0x34rth in WordPress Plugin WP Content Permission versions = 1.2...

4.4CVSS5.3AI score0.00264EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/31 9:14 p.m.7 views

CVE-2026-1700

A weakness has been identified in projectworlds House Rental and Property Listing 1.0. This vulnerability affects unknown code of the file /app/sms.php. This manipulation of the argument Message causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made...

5.4CVSS4.5AI score0.00228EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/01/30 5:2 p.m.6 views

CVE-2026-1700

A weakness has been identified in projectworlds House Rental and Property Listing 1.0. This vulnerability affects unknown code of the file /app/sms.php. This manipulation of the argument Message causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made...

5.1CVSS4.5AI score0.00228EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2026/01/30 5:2 p.m.8 views

EUVD-2026-5012

A weakness has been identified in projectworlds House Rental and Property Listing 1.0. This vulnerability affects unknown code of the file /app/sms.php. This manipulation of the argument Message causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made...

5.1CVSS4.5AI score0.00228EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/01/30 5:2 p.m.35 views

CVE-2026-1700 projectworlds House Rental and Property Listing sms.php cross site scripting

A weakness has been identified in projectworlds House Rental and Property Listing 1.0. This vulnerability affects unknown code of the file /app/sms.php. This manipulation of the argument Message causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made...

5.1CVSS0.00228EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/01/30 12:0 a.m.6 views

Projectworlds House Rental and Property Listing: Code Injection Vulnerability

Projectworlds House Rental and Property Listing is an open-source housing rental and property listing system developed by Projectworlds. Version 1.0 of Projectworlds House Rental and Property Listing contains a code injection vulnerability, which stems from incorrect handling of the parameter...

5.4CVSS5.7AI score0.00228EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/01/24 9:15 a.m.8 views

CVE-2025-15522

The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the automatordiscordusermapping shortcode in all versions up to, and including, 6.10.0.2 due to insufficient input sanitization and output...

6.4CVSS5.8AI score0.00259EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/23 4:34 a.m.29 views

CVE-2025-15522 Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin <= 6.10.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the automatordiscordusermapping shortcode in all versions up to, and including, 6.10.0.2 due to insufficient input sanitization and output...

6.4CVSS0.00259EPSS
Exploits0References4
CVE
CVE
added 2026/01/23 4:34 a.m.23 views

CVE-2025-15522

CVE-2025-15522 : Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin for WordPress is vulnerable to a stored cross-site scripting (XSS) via the shortcode automator_discord_user_mapping in all versions up to 6.10.0.2. The issue arises from insufficient input saniti...

6.4CVSS5.8AI score0.00259EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/09 12:30 p.m.6 views

CVE-2023-40819

ID4Portais in version V.2022.837.002a returns message parameter unsanitized in the response, resulting in a HTML Injection vulnerability...

6.1CVSS7.1AI score0.00294EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:29 p.m.4 views

CVE-2023-40519

A cross-site scripting XSS vulnerability in the bpk-common/auth/login/index.html login portal in Broadpeak Centralized Accounts Management Auth Agent 01.01.00.19219575ee9195b0, 01.01.01.30097902fd999e76, and 00.12.01.95655881254b459 allows remote attackers to inject arbitrary web script or HTML v...

6.1CVSS5.7AI score0.00368EPSS
Exploits0References1
NVD
NVD
added 2026/01/08 12:15 a.m.5 views

CVE-2019-25277

FaceSentry Access Control System 6.4.8 contains a cross-site scripting vulnerability in the 'msg' parameter of pluginInstall.php that allows attackers to inject malicious scripts. Attackers can exploit the unvalidated input to execute arbitrary JavaScript in victim browsers, potentially stealing...

6.1CVSS0.00278EPSS
Exploits2References4
CNNVD
CNNVD
added 2025/12/29 12:0 a.m.3 views

Advaya Softech GEMS ERP Portal 代码注入漏洞

Advaya Softech GEMS ERP Portal is an enterprise resource planning ERP portal system from Advaya Softech India that provides enterprise-level business process management, financial management, and supply chain integration capabilities. A code injection vulnerability exists in Advaya Softech GEMS E...

6.1CVSS4.8AI score0.00307EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/12/23 7:35 p.m.2 views

CVE-2021-47716 Orangescrum 1.8.0 Cross-Site Scripting via Authenticated Endpoints

Orangescrum 1.8.0 contains multiple cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts through various input parameters. Attackers can exploit parameters like 'projid', 'CSmessage', and 'name' to execute arbitrary JavaScript code in victim's browse...

5.4CVSS6.3AI score0.00194EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/12/23 12:0 a.m.5 views

OrangeScrum 跨站脚本漏洞

Orangescrum is a project and task management software tool that also provides productivity tools for work organization and team collaboration. A cross-site scripting vulnerability exists in Orangescrum, which stems from insufficient validation of parameter inputs such as projid, CSmessage, and...

5.4CVSS5.9AI score0.00194EPSS
Exploits1References4
NVD
NVD
added 2025/12/22 7:15 p.m.3 views

CVE-2024-25814

MyNET up to v26.05 was discovered to contain a reflected cross-site scripting XSS vulnerability via the msg parameter...

6.1CVSS0.00185EPSS
Exploits1References2
CVE
CVE
added 2025/12/22 12:0 a.m.10 views

CVE-2024-25814

CVE-2024-25814 affects MyNET up to v26.05. The issue is a reflected cross-site scripting (XSS) vulnerability exploitable via the msg parameter. The Red Hat/EU ENISA/CNNVD and CVE entries corroborate the same description: vulnerable version range is prior to 26.05, with the root cause being reflec...

6.1CVSS5.7AI score0.00185EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2025/12/22 12:0 a.m.6 views

AIRC MyNET 安全漏洞

AIRC MyNET is a specialized online management system from AIRC Portugal. A security vulnerability exists in AIRC MyNET v26.05 and earlier versions, which stems from a reflected cross-site scripting issue with the msg parameter...

6.1CVSS6.1AI score0.00185EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/12/14 5:3 a.m.5 views

CVE-2025-12076

The Social Media Auto Publish plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PostMessage parameter in all versions up to, and including, 3.6.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS5.6AI score0.00205EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/13 3:59 a.m.6 views

CVE-2025-12834

The Accept Stripe Payments Using Contact Form 7 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'failuremessage' parameter in versions up to, and including, 3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

6.1CVSS5.6AI score0.00204EPSS
Exploits0References1
Rows per page
Query Builder