Lucene search
K

150 matches found

NVD
NVD
added 2026/07/01 9:17 p.m.8 views

CVE-2026-58263

Jodit Editor is a WYSIWYG editor with written in pure TypeScript file and image editing capabilities. In versions prior to 4.12.28, the built-in clean-html sanitizer can be bypassed by a MathML/ carrier that hides a dangerous element from the sanitizer's element walk, so a no-interaction event...

7.2CVSS0.00179EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/01 8:35 p.m.36 views

CVE-2026-58263 Jodit Editor: Mutation XSS in jodit clean-html via a MathML/style rawtext carrier

Jodit Editor is a WYSIWYG editor with written in pure TypeScript file and image editing capabilities. In versions prior to 4.12.28, the built-in clean-html sanitizer can be bypassed by a MathML/ carrier that hides a dangerous element from the sanitizer's element walk, so a no-interaction event...

7.2CVSS0.00179EPSS
Exploits0References1
CVE
CVE
added 2026/07/01 8:35 p.m.20 views

CVE-2026-58263

CVE-2026-58263 affects Jodit Editor prior to 4.12.28. The built‑in clean-html sanitizer can be bypassed via a MathML/ carrier, allowing a no‑interaction event handler (e.g., onload) to survive in the editor value. When attacker‑supplied HTML is rendered (element.innerHTML = editor.value), the han...

7.2CVSS5.7AI score0.00179EPSS
Exploits0References1
OSV
OSV
added 2026/07/01 8:35 p.m.5 views

CVE-2026-58263 Jodit Editor: Mutation XSS in jodit clean-html via a MathML/style rawtext carrier

Jodit Editor is a WYSIWYG editor with written in pure TypeScript file and image editing capabilities. In versions prior to 4.12.28, the built-in clean-html sanitizer can be bypassed by a MathML/ carrier that hides a dangerous element from the sanitizer's element walk, so a no-interaction event...

7.2CVSS5.9AI score0.00179EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/11 2:59 a.m.17 views

CVE-2026-34416

OSCAL-GUI contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser by injecting malicious input through the project request parameter. Attackers can craft a malicious URL containing unsanitized input that...

6.1CVSS5.6AI score0.00199EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 2:2 p.m.12 views

EUVD-2026-36041

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, wrapline app/modules/common/common.py:181-186 and highlightword app/modules/common/common.py:188-192 build raw HTML by string concatenation with no escaping. The frontend...

6.1CVSS5.4AI score0.00149EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/09 8:59 p.m.41 views

CVE-2026-34416 OSCAL-GUI Reflected XSS via project parameter in oscal.php

OSCAL-GUI contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser by injecting malicious input through the project request parameter. Attackers can craft a malicious URL containing unsanitized input that...

6.1CVSS0.00199EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.16 views

PT-2026-48267

OSCAL-GUI contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser by injecting malicious input through the project request parameter. Attackers can craft a malicious URL containing unsanitized input that...

6.1CVSS5.6AI score0.00199EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/16 3:25 p.m.9 views

CVE-2020-37233

WordPress Plugin Buddypress 6.2.0 contains a persistent cross-site scripting vulnerability that allows authenticated attackers with moderator privileges to inject malicious script code through the figure parameter in wp:html blocks. Attackers can inject iframe elements with event handlers like...

6.4CVSS5.8AI score0.00235EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/10 12:43 p.m.16 views

CVE-2021-47931 Exponent CMS 2.6 Multiple Vulnerabilities Stored XSS Authentication

Exponent CMS 2.6 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the Title and Text Block parameters in the text editing endpoint. Attackers can inject iframe payloads with embedded SVG onload events to execute arbitrary...

6.4CVSS5.9AI score0.00213EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.12 views

Exponent CMS 跨站脚本漏洞

Exponent CMS is a website content management system provided by the Exponent company, offering capabilities for page management and modular content editing. Version 2.6 of Exponent CMS contains a cross-site scripting vulnerability. This vulnerability stems from storage-based cross-site scripting...

6.4CVSS5.8AI score0.00213EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/10 12:0 a.m.18 views

PT-2026-39507

Exponent CMS 2.6 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the Title and Text Block parameters in the text editing endpoint. Attackers can inject iframe payloads with embedded SVG onload events to execute arbitrary...

6.4CVSS5.9AI score0.00213EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2026/02/07 6:52 p.m.221 views

Payload-XSS

Payload-XSS Daftar Isi 1. Payload Dasar 1-20payload-...

5.5AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/11/18 12:0 a.m.2 views

Mozilla Thunderbird < 78.3

The version of Thunderbird installed on the remote Windows host is prior to 78.3. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-44 advisory. - When recursing through graphical layers while scrolling, an iterator may have become invalid, resulting in a...

8.8CVSS8AI score0.01961EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/11/18 12:0 a.m.3 views

Mozilla Thunderbird < 78.3

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 78.3. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-44 advisory. - When recursing through graphical layers while scrolling, an iterator may have become invalid, resulting i...

8.8CVSS8.1AI score0.01961EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/27 7:6 p.m.5 views

EUVD-2025-36367

Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level advertisement and internet tracker blocking application. Pi-hole Admin Interface versions 6.2.1 and earlier are vulnerable to reflected cross-site scripting XSS via a malformed URL path. The 404 error page includes t...

5.1CVSS5.7AI score0.00564EPSS
Exploits2References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2010-0002

Malware in sbrugna...

4.3CVSS6.1AI score0.01809EPSS
Exploits0References14
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2013-1137

Malware in sbrugna...

4.3CVSS6.4AI score0.01282EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2009-0081

Malware in sbrugna...

4.3CVSS6.2AI score0.09413EPSS
Exploits4References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.9 views

EUVD-2012-2559

Malware in sbrugna...

4.3CVSS6.4AI score0.01343EPSS
Exploits1References3
Rows per page
Query Builder