Lucene search
K

564 matches found

RedhatCVE
RedhatCVE
added 2026/01/07 9:27 a.m.5 views

CVE-2019-12313

XSS exists in Shave before 2.5.3 because output encoding is mishandled during the overwrite of an HTML element...

6.1CVSS5.9AI score0.01257EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/07 12:0 a.m.3 views

PT-2026-1674

Name of the Vulnerable Software and Affected Versions SOCA Access Control System version 180612 Description The SOCA Access Control System contains a cross-site scripting issue in the senddata POST parameter of the 'logged page.php' file. This allows attackers to inject malicious scripts by sendi...

6.1CVSS6.4AI score0.00198EPSS
Exploits1References8
Snyk
Snyk
added 2025/12/30 4:44 p.m.4 views

Improper Encoding or Escaping of Output

Overview composer/composer is a Dependency Manager for PHP. Composer helps you declare, manage and install dependencies of PHP projects. It ensures you have the right stack everywhere. Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output for certain ConsoleI...

5.3CVSS7AI score0.00405EPSS
Exploits0References2
OSV
OSV
added 2025/12/18 12:6 p.m.6 views

BIT-GITLAB-2025-8405 Improper Encoding or Escaping of Output in GitLab

GitLab has remediated a security issue in GitLab CE/EE affecting all versions from 17.1 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to perform unauthorized actions on behalf of other users by injecting malicious HTML into vulnerability...

7.7CVSS6.6AI score0.00494EPSS
Exploits0References4
Veracode
Veracode
added 2025/12/13 6:55 a.m.19 views

Reflected Cross-Site Scripting (XSS)

librenms/librenms is vulnerable to reflected cross-site scripting XSS. The vulnerability is due to improper output encoding of the Image Name parameter in the /maps/nodeimage endpoint, which allows an attacker to craft a malicious URL that executes arbitrary JavaScript in a victim’s browser when...

6.2CVSS5.7AI score0.00221EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2025/12/13 6:16 a.m.6 views

Cross Site Scripting (XSS)

code16/sharp is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper input validation and output encoding in src/Form/Fields/SharpFormUploadField.php, which allows an attacker to inject and execute arbitrary malicious scripts in a victim’s browser...

6.1CVSS6.8AI score0.00296EPSS
Exploits0References7Affected Software1
CVE
CVE
added 2025/12/11 4:5 a.m.44 views

CVE-2025-8405

GitLab CE/EE is vulnerable to an authenticated user performing unauthorized actions on behalf of others by injecting malicious HTML into vulnerability code flow displays. Affected versions are 17.1 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2. GitLab has remediated this with patch re...

7.7CVSS6.3AI score0.00494EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/11/13 12:0 a.m.11 views

Siemens SIMATIC S7-1500 Improper Encoding or Escaping of Output (CVE-2022-25235)

xmltokimpl.c in Expat aka libexpat before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL...

9.8CVSS6.8AI score0.04955EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/11/07 1:46 p.m.6 views

CVE-2025-5770

A reflected cross-site scripting XSS vulnerability exists in the authentication endpoints of multiple WSO2 products due to a lack of output encoding. A malicious actor can inject arbitrary JavaScript payloads into the authentication endpoint, which are reflected back in the response, enabling...

6.1CVSS6AI score0.00202EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/11/07 12:0 a.m.7 views

PT-2025-45503

Name of the Vulnerable Software and Affected Versions TechStore version 1.0 Description TechStore version 1.0 is susceptible to Cross Site Scripting XSS. The issue occurs in the /search results API endpoint through the q parameter. An attacker could potentially inject malicious scripts into the w...

6.2AI score0.00208EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/11/07 12:0 a.m.4 views

PT-2025-45497

Name of the Vulnerable Software and Affected Versions Sourcecodester Medicine Reminder App version 1.0 Description The application is susceptible to Cross-Site Scripting XSS. An attacker can inject potentially malicious HTML/JavaScript code into the "Medicine Name" and "Notes Optional" fields whe...

6.6AI score0.0022EPSS
Exploits1References5
OSV
OSV
added 2025/11/05 8:15 p.m.6 views

CVE-2025-10853

A reflected cross-site scripting XSS vulnerability exists in the management console of multiple WSO2 products due to improper output encoding. By tampering with specific parameters, a malicious actor can inject arbitrary JavaScript into the response, leading to reflected XSS. Successful...

6.1CVSS5.7AI score0.00177EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/05 7:21 p.m.8 views

CVE-2025-10853 Reflected Cross-Site Scripting (XSS) in Management Console of Multiple WSO2 Products Due to Improper Output Encoding

A reflected cross-site scripting XSS vulnerability exists in the management console of multiple WSO2 products due to improper output encoding. By tampering with specific parameters, a malicious actor can inject arbitrary JavaScript into the response, leading to reflected XSS. Successful...

5.2CVSS0.00177EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/05 7:21 p.m.6 views

EUVD-2025-37927

A reflected cross-site scripting XSS vulnerability exists in the management console of multiple WSO2 products due to improper output encoding. By tampering with specific parameters, a malicious actor can inject arbitrary JavaScript into the response, leading to reflected XSS. Successful...

5.2CVSS5.3AI score0.00177EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/11/05 7:21 p.m.12 views

CVE-2025-10853 Reflected Cross-Site Scripting (XSS) in Management Console of Multiple WSO2 Products Due to Improper Output Encoding

A reflected cross-site scripting XSS vulnerability exists in the management console of multiple WSO2 products due to improper output encoding. By tampering with specific parameters, a malicious actor can inject arbitrary JavaScript into the response, leading to reflected XSS. Successful...

5.2CVSS5.4AI score0.00177EPSS
Exploits0References1
CVE
CVE
added 2025/11/05 7:21 p.m.16 views

CVE-2025-10853

Summary: CVE-2025-10853 is a reflected XSS vulnerability in the management console of multiple WSO2 products caused by improper output encoding. The issue allows a malicious actor to tamper with specific parameters to inject arbitrary JavaScript into responses, potentially leading to UI manipulat...

6.1CVSS5.4AI score0.00177EPSS
Exploits0References1Affected Software9
EUVD
EUVD
added 2025/11/05 7:2 p.m.12 views

EUVD-2025-37921

A reflected cross-site scripting XSS vulnerability exists in the authentication endpoints of multiple WSO2 products due to a lack of output encoding. A malicious actor can inject arbitrary JavaScript payloads into the authentication endpoint, which are reflected back in the response, enabling...

6.1CVSS5.6AI score0.00202EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/11/05 7:2 p.m.13 views

CVE-2025-5770 Reflected Cross-Site Scripting (XSS) in Authentication Endpoints of Multiple WSO2 Products

A reflected cross-site scripting XSS vulnerability exists in the authentication endpoints of multiple WSO2 products due to a lack of output encoding. A malicious actor can inject arbitrary JavaScript payloads into the authentication endpoint, which are reflected back in the response, enabling...

6.1CVSS0.00202EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/11/05 12:0 a.m.5 views

PT-2025-45157

Name of the Vulnerable Software and Affected Versions WSO2 products affected versions not specified Description A reflected cross-site scripting XSS issue exists in the authentication endpoints of WSO2 products because of insufficient output encoding. An attacker can inject JavaScript payloads in...

6.1CVSS5.7AI score0.00202EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/11/03 12:0 a.m.8 views

PT-2025-44774

Name of the Vulnerable Software and Affected Versions Water Management System version 1.0 Description Water Management System version 1.0 is susceptible to Cross Site Scripting XSS attacks. The issue is located in the /add customer.php endpoint. The vulnerability allows attackers to inject...

6.1CVSS6.1AI score0.0026EPSS
Exploits1References3
Rows per page
Query Builder