Lucene search
K

30 matches found

NVD
NVD
added 2026/07/07 7:16 p.m.8 views

CVE-2026-48950

Lack of escaping leads to an XSS vulnerability in the file management view of comtemplates...

8.4CVSS0.00147EPSS
Exploits0References1
CVE
CVE
added 2026/07/07 5:31 p.m.12 views

CVE-2026-48950

CVE-2026-48950 affects Joomla! Core via the file management view in com_templates. The root cause is lack of escaping, enabling an XSS vulnerability. Multiple sources (NVD, CVE lists, and Joomla security advisory) confirm an XSS in the core component with the vulnerable entry labeled for core/com...

8.4CVSS5.9AI score0.00147EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/07/07 5:30 p.m.35 views

CVE-2026-48953 Joomla! Core - [20260707] - XSS in the generic image output layout

Lack of escaping leads to an XSS vulnerability in the generic image output layout...

8.4CVSS0.00147EPSS
Exploits0References1
CVE
CVE
added 2026/07/07 5:30 p.m.14 views

CVE-2026-48953

CVE-2026-48953 affects Joomla! Core. The issue is an XSS in the generic image output layout caused by a lack of escaping in the rendering path. Affected software is Joomla! Core (security entry notes this under 2026-07-07). The root cause is input/output escaping not being applied when generating...

8.4CVSS5.9AI score0.00147EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.11 views

PT-2026-56226

Name of the Vulnerable Software and Affected Versions Joomla! Core affected versions not specified Description Lack of escaping in the generic image output layout leads to a Cross-Site Scripting XSS issue, where malicious scripts can be injected into web pages viewed by other users. Recommendatio...

8.4CVSS6AI score0.00147EPSS
Exploits0References5
OSV
OSV
added 2026/04/08 7:15 p.m.6 views

GHSA-7CM9-V848-CFH2 CI4MS has stored XSS via Unescaped Blacklist Note in Admin User List

Summary The blacklist ban note parameter in UserController::ajaxblackListpost is stored in the database without sanitization and rendered into an HTML data-note attribute without escaping. An admin with blacklist privileges can inject arbitrary JavaScript that executes in the browser of any other...

4.8CVSS6AI score0.0023EPSS
Exploits1References4
CVE
CVE
added 2026/04/01 9:3 a.m.27 views

CVE-2026-21632

Summary (CVE-2026-21632) : Joomla! Core suffers XSS due to lack of output escaping for article titles, enabling injected scripts in various article-title outputs. Connected sources confirm this affects Joomla core output paths and document titles, with multiple vendor references and CVSS-based as...

8.4CVSS5.8AI score0.0019EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-27429

Malicious code in bioql PyPI...

10CVSS6.5AI score0.00684EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/08/16 12:0 a.m.7 views

PT-2025-33528 · WordPress · Surbma | Recent Comments Shortcode

Name of the Vulnerable Software and Affected Versions: Surbma | Recent Comments Shortcode plugin for WordPress versions up to and including 2.0 Description: The Surbma | Recent Comments Shortcode plugin for WordPress is susceptible to Stored Cross-Site Scripting via the plugin's recent-comments...

6.4CVSS5.6AI score0.00226EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/05/23 6:37 a.m.9 views

CVE-2024-6017

The Music Request Manager WordPress plugin through 1.3 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

6.1CVSS5.6AI score0.00177EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:40 a.m.7 views

CVE-2023-0058

The Tiempo.com WordPress plugin through 0.1.2 does not have CSRF check when creating and editing its shortcode, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

6.1CVSS6AI score0.00237EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/17 9:2 p.m.6 views

CVE-2024-11719

The tarteaucitron-wp WordPress plugin before 0.3.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

6.1CVSS5.9AI score0.00149EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/05/15 8:6 p.m.15 views

CVE-2024-12282 WordPress连接微博 <= 2.5.6 - Stored XSS via CSRF

The WordPress连接微博 WordPress plugin through 2.5.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

0.00152EPSS
Exploits1References1
NVD
NVD
added 2025/04/09 6:15 a.m.28 views

CVE-2024-8243

The WordPress/Plugin Upgrade Time Out Plugin WordPress plugin through 1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

6.3CVSS0.00151EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 3:7 p.m.8 views

CVE-2020-36731

The Flexible Checkout Fields for WooCommerce plugin for WordPress is vulnerable to Unauthenticated Arbitrary Plugin Settings update, in addition to Stored Cross-Site Scripting in versions up to, and including, 2.3.1. This is due to missing authorization checks on the updateSettingsAction function...

7.2CVSS6AI score0.01342EPSS
Exploits1References1
NVD
NVD
added 2025/02/04 6:15 a.m.16 views

CVE-2024-13115

The WP Projects Portfolio with Client Testimonials WordPress plugin through 3.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

6.1CVSS0.00173EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/11/12 12:0 a.m.5 views

PT-2024-16376 · WordPress · Fat Rat Collect

Name of the Vulnerable Software and Affected Versions: Fat Rat Collect plugin for WordPress versions up to, and including, 2.7.3 Description: The issue is related to Reflected Cross-Site Scripting due to missing escaping on a URL. This allows unauthenticated attackers to inject arbitrary web...

6.1CVSS8.7AI score0.0048EPSS
Exploits0References5
Snyk
Snyk
added 2024/10/05 1:41 a.m.2 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS due to missing escaping of messages and parameters. Details Cross-site scripting or XSS is a code vulnerability that occurs when an attacker “injects” a malicious script into an otherwise trusted website. The...

6.9CVSS5.2AI score0.00387EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/08/20 12:0 a.m.5 views

Joomla! 安全漏洞

Joomla! is a free, open source content management system from Joomla! open source. A security vulnerability exists in Joomla! versions 4.0.0 through 4.4.6 and 5.0.0 through 5.1.2, which stems from a lack of escape mechanism in the email template functionality, resulting in cross-site scripting...

6.1CVSS6AI score0.00252EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/08/12 3:49 p.m.43 views

CVE-2024-42489 Pro Macros Remote Code Execution via Viewpdf and similar macros

Pro Macros provides XWiki rendering macros. Missing escaping in the Viewpdf macro allows any user with view right on the CKEditor.HTMLConverter page or edit or comment right on any page to perform remote code execution. Other macros like Viewppt are vulnerable to the same kind of attack. This...

10CVSS0.01063EPSS
Exploits0References3
Rows per page
Query Builder