Lucene search
+L

26 matches found

euvd
euvd
added 2026/06/24 6:32 p.m.7 views

EUVD-2026-38803

A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the MultiSelectDialog component...

4.8CVSS5.8AI score0.00239EPSS
Exploits0References3
nvd
nvd
added 2026/06/24 4:16 p.m.11 views

CVE-2026-50708

A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the MultiSelectDialog component...

4.8CVSS0.00239EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/06/24 2:58 p.m.4 views

CVE-2026-50708

A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the MultiSelectDialog component...

4.8CVSS5.8AI score0.00239EPSS
Exploits0References3
cvelist
cvelist
added 2026/06/24 2:58 p.m.33 views

CVE-2026-50708 Frappe Framework 17.0.0-dev - Stored XSS in Multi Select Dialog result rendering

A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the MultiSelectDialog component...

4.8CVSS0.00239EPSS
Exploits0References2
cve
cve
added 2026/06/24 2:58 p.m.13 views

CVE-2026-50708

CVE-2026-50708 affects Frappe Framework 17.0.0-dev, with a Stored XSS in the MultiSelectDialog component caused by improper neutralization of user-controlled input. The CVSS v4.0 base score is 4.8 (Medium), with network attack vector, low privileges required, and user interaction required. The im...

4.8CVSS5.8AI score0.00239EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/06/24 12:0 a.m.13 views

PT-2026-51831

Name of the Vulnerable Software and Affected Versions Frappe Framework version 17.0.0-dev Description A Stored Cross-Site Scripting XSS issue occurs due to improper neutralization of user-controlled input within the MultiSelectDialog component. Stored XSS is a type of vulnerability where a...

4.8CVSS6AI score0.00239EPSS
Exploits0References7
euvd
euvd
added 2025/10/03 8:7 p.m.19 views

EUVD-2022-1972

Malicious code in bioql PyPI...

6.1CVSS6.5AI score0.01104EPSS
Exploits0References11
nessus
nessus
added 2025/08/12 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2020-25815

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in MediaWiki 1.32.x through 1.34.x before 1.34.4. LogEventList::getFiltersDesc is insecurely using message text to build options names f...

6.1CVSS6.9AI score0.01104EPSS
Exploits0References2
nessus
nessus
added 2025/08/08 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2025-3469

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is...

6.1AI score0.00389EPSS
Exploits0References2
osv
osv
added 2025/04/10 7:16 p.m.1 views

DEBIAN-CVE-2025-3469

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/htmlform/fields/HTMLMultiSelectField.Php. This issue affects MediaWiki: before 1.39.12, 1.42.6,...

5.2AI score0.00389EPSS
Exploits0References1
osv
osv
added 2025/04/10 7:16 p.m.14 views

UBUNTU-CVE-2025-3469

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/htmlform/fields/HTMLMultiSelectField.Php. This issue affects MediaWiki: before 1.39.12, 1.42.6,...

5.8AI score0.00389EPSS
Exploits0References3
osv
osv
added 2024/03/06 11:13 a.m.19 views

BIT-MEDIAWIKI-2020-25815

An issue was discovered in MediaWiki 1.32.x through 1.34.x before 1.34.4. LogEventList::getFiltersDesc is insecurely using message text to build options names for an HTML multi-select field. The relevant code should use escaped instead of text...

6.1CVSS6.6AI score0.01104EPSS
Exploits0References5
bdu_fstec
bdu_fstec
added 2022/12/30 12:0 a.m.7 views

The vulnerability of the isteven-multi-select component of the Portainer management platform allows attackers to perform cross-site scripting attacks.

The vulnerability of the isteven-multi-select component of the Portainer container management platform exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...

5.5CVSS5.6AI score0.00521EPSS
Exploits0References3Affected Software1
veracode
veracode
added 2022/08/30 4:1 a.m.31 views

Cross-site Scripting (XSS)

getkirby/cms is vulnerable to Cross-site Scripting XSS. The use of the v-html tag in MultiselectInput.vue allows an attacker to inject and execute malicious javascript through the dynamic options in the multi-select field...

5.9CVSS5.5AI score0.00694EPSS
Exploits0References3Affected Software1
osv
osv
added 2022/06/20 8:12 p.m.8 views

MAL-2022-7311 Malicious code in yahoo-react-multi-select-box (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 59b42c16c52333b42adb394c8784f37abd19319bd11704e6381f6c1af61d4d1c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
osv
osv
added 2022/05/24 5:29 p.m.3 views

GHSA-2F58-VF6G-6P8X MediaWiki Cross-site Scripting (XSS) vulnerability

An issue was discovered in MediaWiki 1.32.x through 1.34.x before 1.34.4. LogEventList::getFiltersDesc is insecurely using message text to build options names for an HTML multi-select field. The relevant code should use escaped instead of text...

6.1CVSS6.4AI score0.01104EPSS
Exploits0References8
github
github
added 2022/05/24 5:29 p.m.23 views

MediaWiki Cross-site Scripting (XSS) vulnerability

An issue was discovered in MediaWiki 1.32.x through 1.34.x before 1.34.4. LogEventList::getFiltersDesc is insecurely using message text to build options names for an HTML multi-select field. The relevant code should use escaped instead of text...

6.1CVSS6.3AI score0.01104EPSS
Exploits0References8Affected Software1
mscve
mscve
added 2021/02/11 12:0 a.m.3 views

In SQLite before 3.32.3 select.c mishandles query-flattener optimization leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation.

...

5.5CVSS7AI score0.01027EPSS
Exploits1
nvd
nvd
added 2020/09/27 9:15 p.m.16 views

CVE-2020-25815

An issue was discovered in MediaWiki 1.32.x through 1.34.x before 1.34.4. LogEventList::getFiltersDesc is insecurely using message text to build options names for an HTML multi-select field. The relevant code should use escaped instead of text...

6.1CVSS0.01104EPSS
Exploits0References4
osv
osv
added 2020/09/27 9:15 p.m.4 views

DEBIAN-CVE-2020-25815

An issue was discovered in MediaWiki 1.32.x through 1.34.x before 1.34.4. LogEventList::getFiltersDesc is insecurely using message text to build options names for an HTML multi-select field. The relevant code should use escaped instead of text...

6.1CVSS7AI score0.01104EPSS
Exploits0References1
Rows per page
Query Builder