Lucene search
K

14 matches found

NVD
NVD
added yesterday5 views

CVE-2026-12536

The Avada Fusion Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Module Title’ parameter in all versions up to, and including, 3.15.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS
Exploits0References2
Cvelist
Cvelist
added yesterday28 views

CVE-2026-12536 Avada Builder <= 3.15.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Module Title

The Avada Fusion Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Module Title’ parameter in all versions up to, and including, 3.15.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS
Exploits0References2
CVE
CVE
added yesterday5 views

CVE-2026-12536

CVE-2026-12536 : A Stored Cross-Site Scripting flaw in the Avada (Fusion) Builder plugin for WordPress affects all versions up to 3.15.5. It arises from insufficient input sanitization and output escaping in the Module Title parameter. An authenticated attacker with Contributor-level access or hi...

6.4CVSS6.2AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/02/04 12:0 a.m.6 views

Dotnetnuke < 9.13.10 / 10.0.x < 10.02.00 Stored XSS via Module Title (CVE-2026-24838)

According to its self-reported version, the instance of Dotnetnuke running on the remote web server is prior to 9.13.10 or 10.0.x prior to 10.02.00. It is, therefore, affected by a vulnerability. - DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft...

9.1CVSS5.9AI score0.00188EPSS
Exploits0References2
Snyk
Snyk
added 2026/01/28 9:34 p.m.5 views

Cross-site Scripting (XSS)

Overview DotNetNuke.Core is a references provider to the DotNetNuke.dll to develop extensions for the DNN Platform. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the Module Title. An attacker can execute arbitrary scripts in the context of affected users by...

9.1CVSS6AI score0.00188EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/01/28 9:34 p.m.21 views

DotNetNuke.Core Vulnerable to Stored XSS via Module Title

Module title supports richtext which could include scripts that would execute in certain scenarios...

9.1CVSS5.9AI score0.00188EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/01/28 9:34 p.m.3 views

GHSA-W9PF-H6M6-V89H DotNetNuke.Core Vulnerable to Stored XSS via Module Title

Module title supports richtext which could include scripts that would execute in certain scenarios...

9.1CVSS5.9AI score0.00188EPSS
Exploits0References5
NVD
NVD
added 2026/01/28 1:16 a.m.10 views

CVE-2026-24838

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to versions 9.13.10 and 10.2.0, module title supports richtext which could include scripts that would execute in certain scenarios. Versions 9.13.10 and 10.2.0 contain a fix for the iss...

9.1CVSS0.00188EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/27 11:58 p.m.28 views

CVE-2026-24838 DotNetNuke.Core Vulnerable to Stored XSS via Module Title

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to versions 9.13.10 and 10.2.0, module title supports richtext which could include scripts that would execute in certain scenarios. Versions 9.13.10 and 10.2.0 contain a fix for the iss...

9.1CVSS0.00188EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/27 11:58 p.m.2 views

CVE-2026-24838 DotNetNuke.Core Vulnerable to Stored XSS via Module Title

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to versions 9.13.10 and 10.2.0, module title supports richtext which could include scripts that would execute in certain scenarios. Versions 9.13.10 and 10.2.0 contain a fix for the iss...

9.1CVSS5.9AI score0.00188EPSS
Exploits0References1
OSV
OSV
added 2026/01/27 11:58 p.m.8 views

CVE-2026-24838 DotNetNuke.Core Vulnerable to Stored XSS via Module Title

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to versions 9.13.10 and 10.2.0, module title supports richtext which could include scripts that would execute in certain scenarios. Versions 9.13.10 and 10.2.0 contain a fix for the iss...

9.1CVSS5.9AI score0.00188EPSS
Exploits0References3
CVE
CVE
added 2026/01/27 11:58 p.m.38 views

CVE-2026-24838

CVE-2026-24838 affects DotNetNuke (DNN) where the module title’s richtext can execute scripts, enabling a stored XSS condition. Affected versions are prior to 9.13.10 and 10.2.0; versions 9.13.10 and 10.2.0 contain a fix. The issue is triggered via the module title field and could execute in cert...

9.1CVSS5.9AI score0.00188EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2025/09/23 12:0 a.m.5 views

DNN 跨站脚本漏洞

DNN also known as DotNetNuke is a set of American DNN company by Microsoft support, based on the ASP.NET platform of open source content management system CMS. The system is easy to install, scalable, feature-rich and so on. A cross-site scripting vulnerability exists in DNN versions prior to...

4.8CVSS5.5AI score0.00171EPSS
Exploits0References2
NVD
NVD
added 2006/12/31 5:0 a.m.23 views

CVE-2006-6832

Cross-site scripting XSS vulnerability in Joomla! before 1.0.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to poll.php or the module title...

4.3CVSS5.8AI score0.01263EPSS
Exploits0References7
Rows per page
Query Builder