Lucene search
K

10 matches found

NVD
NVD
added 2026/06/12 3:16 p.m.15 views

CVE-2026-47739

Frappe is a full-stack web application framework. Prior to versions 15.106.0 and 16.16.0, stored XSS in Note was possible due to lack of sanitization. This issue has been patched in versions 15.106.0 and 16.16.0...

6.9CVSS0.00258EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 2:22 p.m.7 views

EUVD-2026-36452

Frappe is a full-stack web application framework. Prior to versions 15.106.0 and 16.16.0, stored XSS in Note was possible due to lack of sanitization. This issue has been patched in versions 15.106.0 and 16.16.0...

6.9CVSS5.1AI score0.00258EPSS
Exploits0References1
CVE
CVE
added 2026/06/12 2:22 p.m.22 views

CVE-2026-47739

CVE-2026-47739 affects the Frappe framework. Prior to versions 15.106.0 and 16.16.0, a stored XSS vulnerability existed in Note due to insufficient sanitization. The issue is mitigated by upgrading to 15.106.0 or 16.16.0 or later. The CVSS-derived metrics indicate a medium impact with network acc...

6.9CVSS5.2AI score0.00258EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/12 2:22 p.m.26 views

CVE-2026-47739 Frappe: Stored XSS in Note

Frappe is a full-stack web application framework. Prior to versions 15.106.0 and 16.16.0, stored XSS in Note was possible due to lack of sanitization. This issue has been patched in versions 15.106.0 and 16.16.0...

6.9CVSS0.00258EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/20 7:36 p.m.7 views

CVE-2026-35009

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in addnote.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ticketid GET parameter directly into a hidden input field VALUE attribute. Attacker...

5.1CVSS5.8AI score0.00221EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.10 views

tickets 跨站脚本漏洞

Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from a reflection-based cross-site scripting flaw in the addnote.php file. It could...

5.1CVSS5.8AI score0.00221EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2022-33228

Malicious code in bioql PyPI...

6.2CVSS5.8AI score0.00201EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2021-28420

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.02676EPSS
Exploits1References1
OSV
OSV
added 2023/11/22 6:15 p.m.5 views

CVE-2023-47014

A Cross-Site Request Forgery CSRF vulnerability in Sourcecodester Sticky Notes App Using PHP with Source Code v.1.0 allows a local attacker to obtain sensitive information via a crafted payload to add-note.php...

6.5CVSS5.8AI score0.00342EPSS
Exploits2References1
OSV
OSV
added 2019/02/18 5:29 p.m.3 views

ALPINE-CVE-2019-8907

docorenote in readelf.c in libmagic.a in file 5.35 allows remote attackers to cause a denial of service stack corruption and application crash or possibly have unspecified other impact...

8.8CVSS7.5AI score0.03465EPSS
Exploits1References1
Rows per page
Query Builder