Lucene search
K

8 matches found

Cvelist
Cvelist
added 2026/05/14 8:44 p.m.58 views

CVE-2026-44212 PrestaShop: Stored XSS executable in customer service view

PrestaShop is an open source e-commerce web application. Prior to 8.2.6 and 9.1.1, there is a stored Cross-Site Scripting XSS vulnerability in the PrestaShop back-office Customer Service view. An unauthenticated attacker can submit the public Contact Us form with a malicious email address. The...

9.3CVSS0.00331EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.10 views

PrestaShop 跨站脚本漏洞

PrestaShop is an open-source e-commerce solution developed by the PrestaShop company in the United States. This solution offers various payment methods, SMS notifications, and features like image scaling for products. Versions of PrestaShop prior to 8.2.6 and 9.1.1 contained a cross-site scriptin...

9.3CVSS5.7AI score0.00331EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/08 4:54 p.m.10 views

Cross-site Scripting (XSS)

Overview prestashop/prestashop is an Open Source e-commerce platform, committed to providing the best shopping cart experience for both merchants and customers. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Customer Service view process. An attacker can...

9.3CVSS5.8AI score0.00331EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/08 2:50 p.m.9 views

CVE-2026-41576

Brave CMS is an open-source CMS. Prior to commit 6c56603, the contact form is publicly accessible no authentication required. User-supplied message text is passed through PHP's nl2br function, which converts newlines to tags but does not escape HTML. The resulting string is then passed to a Blade...

7.1CVSS5.9AI score0.00271EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.12 views

PT-2026-39140

Name of the Vulnerable Software and Affected Versions Brave CMS versions prior to commit 6c56603 Description The contact form is publicly accessible without authentication. User-supplied message text is processed by the nl2br function, which converts newlines to tags but fails to escape HTML. Thi...

7.1CVSS5.9AI score0.00271EPSS
Exploits0References5
ThreatPost
ThreatPost
added 2020/01/27 2:16 p.m.66 views

Mandatory IoT Security in the Offing with U.K. Proposal

The U.K. government has unveiled a proposed law aimed at securing internet of things IoT devices, which have historically been riddled with basic security issues. The drafted law, announced on Monday, comprises three main mandates for IoT manufacturers. First, all consumer IoT device passwords mu...

0.5AI score
Exploits0References12
n0where
n0where
added 2018/08/29 3:43 a.m.33 views

The Offensive Web Application Penetration Testing Framework: TIDoS

TIDoS Framework is a comprehensive web-app audit framework. TIDoS is made to be comprehensive and versatile. It is a highly flexible framework where you just have to select and use modules. But before that, you need to set your own API KEYS for various OSINT purposes. To do so, open up APIKEYS.py...

0.2AI score
Exploits0References2
exploitpack
exploitpack
added 2010/04/06 12:0 a.m.21 views

Joomla! Component Highslide 1.5 - Local File Inclusion

Joomla! Component Highslide 1.5 - Local File Inclusion =============================================================================================================== o Joomla Component Highslide JS Local File Inclusion Vulnerability Software : comhsconfig version 1.5 Vendor :...

7.4AI score
Exploits0
Rows per page
Query Builder