Lucene search
K

74 matches found

Cvelist
Cvelist
added 3 days ago25 views

CVE-2026-56356 n8n - Stored Cross-Site Scripting in Chat Trigger Node Custom CSS Field

n8n contains a stored cross-site scripting vulnerability in the Chat Trigger node's Custom CSS field due to a misconfiguration of the sanitize-html library. Affected releases are those before 1.123.27, the 2.0.0 through 2.13.2 line, and 2.14.0 fixed in 1.123.27, 2.13.3, and 2.14.1. An authenticat...

5.4CVSS0.00182EPSS
Exploits0References2
CVE
CVE
added 3 days ago10 views

CVE-2026-56356

Summary: CVE-2026-56356 affects n8n’s Chat Trigger node Custom CSS field, where a misconfiguration of the sanitize-html library allows stored XSS. Affected versions: before 1.123.27; 2.0.0–2.13.2; 2.14.0. Impact: an authenticated user with workflow creation/modification rights can inject JavaScri...

5.4CVSS5.6AI score0.00182EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 3 days ago4 views

PT-2026-54040

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.27 n8n versions 2.0.0 through 2.13.2 n8n version 2.14.0 Description A stored cross-site scripting issue exists in the Chat Trigger node's Custom CSS field caused by a misconfiguration of the sanitize-html library. A...

5.4CVSS5.8AI score0.00182EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/12 8:22 p.m.7 views

CVE-2026-44786 Discourse: Public chat MessageBus broadcasts are not restricted to chat-eligible users

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, chat events for public category channels are published to MessageBus without permission scoping, so any MessageBus...

7.5CVSS5.2AI score0.00259EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:33 p.m.9 views

CVE-2026-27737

BigBlueButton is an open-source virtual classroom. In versions prior to 3.0.19, the recording playback presentation format was not sanitizing user's input in public chat. This allowed for a malicious actor to craft and carry out a targeted XSS attack, activated on anyone replaying the recording...

6.5CVSS5.3AI score0.00257EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:26 p.m.9 views

CVE-2026-39422

MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a Stored Cross-Site Scripting XSS vulnerability through the application name or icon fields when creating an application. When a victim visits the public chat interface /ui/chat/accesstoken, the...

6.9CVSS5.8AI score0.00216EPSS
Exploits1References1
NVD
NVD
added 2026/05/18 10:16 p.m.20 views

CVE-2026-27737

BigBlueButton is an open-source virtual classroom. In versions prior to 3.0.19, the recording playback presentation format was not sanitizing user's input in public chat. This allowed for a malicious actor to craft and carry out a targeted XSS attack, activated on anyone replaying the recording...

6.5CVSS0.00257EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/18 9:11 p.m.44 views

CVE-2026-27737 BigBlueButton has Stored XSS in bbb-playback replay

BigBlueButton is an open-source virtual classroom. In versions prior to 3.0.19, the recording playback presentation format was not sanitizing user's input in public chat. This allowed for a malicious actor to craft and carry out a targeted XSS attack, activated on anyone replaying the recording...

6.5CVSS0.00257EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/18 9:11 p.m.10 views

CVE-2026-27737

BigBlueButton is an open-source virtual classroom. In versions prior to 3.0.19, the recording playback presentation format was not sanitizing user's input in public chat. This allowed for a malicious actor to craft and carry out a targeted XSS attack, activated on anyone replaying the recording...

6.5CVSS5.7AI score0.00257EPSS
Exploits0References6Affected Software3
CVE
CVE
added 2026/05/18 9:11 p.m.22 views

CVE-2026-27737

CVE-2026-27737 affects BigBlueButton prior to version 3.0.19 . The issue arises in the recording playback (presentation format) where user input in the public chat was not sanitized, enabling a targeted XSS attack when replaying the recording. Root cause: missing input sanitization in the bbb-pla...

6.5CVSS5.7AI score0.00257EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/18 9:11 p.m.14 views

EUVD-2026-30811

BigBlueButton is an open-source virtual classroom. In versions prior to 3.0.19, the recording playback presentation format was not sanitizing user's input in public chat. This allowed for a malicious actor to craft and carry out a targeted XSS attack, activated on anyone replaying the recording...

6.5CVSS5.7AI score0.00257EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/18 9:11 p.m.8 views

CVE-2026-27737 BigBlueButton has Stored XSS in bbb-playback replay

BigBlueButton is an open-source virtual classroom. In versions prior to 3.0.19, the recording playback presentation format was not sanitizing user's input in public chat. This allowed for a malicious actor to craft and carry out a targeted XSS attack, activated on anyone replaying the recording...

6.5CVSS5.7AI score0.00257EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/18 12:0 a.m.9 views

BigBlueButton 跨站脚本漏洞

BigBlueButton is an open-source web conferencing system developed by the BigBlueButton community. Versions of BigBlueButton prior to 3.0.19 contained a cross-site scripting vulnerability. This vulnerability stemmed from the failure to clean up user input in public chat areas during recording and...

6.5CVSS5.6AI score0.00257EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.12 views

PT-2026-41738

Name of the Vulnerable Software and Affected Versions BigBlueButton versions prior to 3.0.19 Description Recording playback in presentation format fails to sanitize user input within the public chat. This allows a malicious actor to execute a targeted Cross-Site Scripting XSS attack—a technique...

6.5CVSS5.9AI score0.00257EPSS
Exploits0References9
CVE
CVE
added 2026/04/23 7:11 p.m.27 views

CVE-2026-41266

Flowise CVE-2026-41266 affects Flowise (drag-and-drop LLM workflow UI). Before version 3.1.0, GET/unauthenticated access to /api/v1/public-chatbotConfig/:id exposes sensitive data (API keys, HTTP Authorization headers, and internal configuration) without authentication. An attacker who only knows...

7.7CVSS5.8AI score0.00346EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2026/04/23 12:0 a.m.8 views

Flowise 访问控制错误漏洞

Flowise is an open-source tool developed by FlowiseAI, designed for easily building LLM applications. Prior versions of Flowise, up to 3.1.0, contained a access control vulnerability. This vulnerability stemmed from an authentication bypass exploit, allowing unauthenticated attackers to obtain...

8.2CVSS5.7AI score0.00308EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/04/16 12:0 a.m.5 views

PT-2026-34731

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.1.0 Description The '/api/v1/public-chatbotConfig/:id' endpoint exposes sensitive data without requiring authentication. An attacker who possesses a chatflow UUID can retrieve internal configuration, HTTP...

7.7CVSS5.8AI score0.00346EPSS
Exploits1References6
NVD
NVD
added 2026/04/14 1:16 a.m.8 views

CVE-2026-39422

MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a Stored Cross-Site Scripting XSS vulnerability through the application name or icon fields when creating an application. When a victim visits the public chat interface /ui/chat/accesstoken, the...

6.9CVSS0.00216EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/04/14 12:22 a.m.5 views

CVE-2026-39422

MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a Stored Cross-Site Scripting XSS vulnerability through the application name or icon fields when creating an application. When a victim visits the public chat interface /ui/chat/accesstoken, the...

6.9CVSS6AI score0.00216EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2026/04/14 12:22 a.m.10 views

EUVD-2026-22182

MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a Stored Cross-Site Scripting XSS vulnerability through the application name or icon fields when creating an application. When a victim visits the public chat interface /ui/chat/accesstoken, the...

6.9CVSS6AI score0.00216EPSS
Exploits1References3
Rows per page
Query Builder