CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

11 matches found

Veracode•added 2025/11/28 6:16 a.m.•3 views

Cross-Site Scripting (XSS)

qwc2 is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper handling of user-supplied input in the attribute table, which allows an authorized attacker to inject and execute arbitrary JavaScript code...

6.9CVSS6.5AI score0.00015EPSS

Exploits0References2Affected Software1

RedhatCVE•added 2025/10/14 9:46 a.m.•1 views

CVE-2025-11184

Cross-site scripting vulnerability in QGIS QWC2 Registration GUI =v2025.03.31 allows an authorized attacker to plant arbitrary JavaScript code in the page...

6.9CVSS6.7AI score0.00015EPSS

Exploits0References1

RedhatCVE•added 2025/10/14 9:46 a.m.•2 views

CVE-2025-11183

Cross-Site Scripting vulnerability in attribute table in QGIS QWC2 2025.08.14 allows an authorized attacker to plant arbitrary JavaScript code in the page...

6.9CVSS6.4AI score0.00015EPSS

Exploits0References1

EUVD•added 2025/10/13 12:31 p.m.•2 views

EUVD-2025-34062

QGIS QWC2 Cross-Site Scripting vulnerability...

6.9CVSS5.8AI score0.00015EPSS

Exploits0References3

OSV•added 2025/10/13 12:31 p.m.•2 views

GHSA-GXP8-M5RQ-3M38 QGIS QWC2 Cross-Site Scripting vulnerability

Cross-Site Scripting vulnerability in attribute table in QGIS QWC2 2025.08.14 allows an authorized attacker to plant arbitrary JavaScript code in the page...

6.9CVSS6.5AI score0.00015EPSS

Exploits0References3

NVD•added 2025/10/13 10:15 a.m.•1 views

CVE-2025-11184

Cross-site scripting vulnerability in QGIS QWC2 Registration GUI =v2025.03.31 allows an authorized attacker to plant arbitrary JavaScript code in the page...

6.9CVSS0.00015EPSS

Exploits0References1

NVD•added 2025/10/13 10:15 a.m.•2 views

CVE-2025-11183

Cross-Site Scripting vulnerability in attribute table in QGIS QWC2 2025.08.14 allows an authorized attacker to plant arbitrary JavaScript code in the page...

6.9CVSS0.00015EPSS

Exploits0References1

Snyk•added 2025/10/13 9:41 a.m.•2 views

Cross-site Scripting (XSS)

Overview qwc2-lts is a QGIS Web Client Affected versions of this package are vulnerable to Cross-site Scripting XSS via multiple components, including ServiceInfoWindow, SearchBox, LayerInfoWindow, and others. An attacker can execute arbitrary JavaScript code in the context of the user's browser ...

6.9CVSS5.3AI score0.00015EPSS

Exploits0References3

Vulnrichment•added 2025/10/13 9:20 a.m.•1 views

CVE-2025-11184 Cross-Site Scripting Vulnerability in QWC2 Registration GUI

Cross-site scripting vulnerability in QGIS QWC2 Registration GUI =v2025.03.31 allows an authorized attacker to plant arbitrary JavaScript code in the page...

6.9CVSS6.4AI score0.00015EPSS

Exploits0References1

CVE•added 2025/10/13 9:20 a.m.•3 views

CVE-2025-11184

CVE-2025-11184 affects QGIS QWC2 Registration GUI up to version 2025.03.31. It enables an authorized attacker to inject arbitrary JavaScript (XSS) into the page, with potential impact to Confidentiality (High) and Integrity (Low) per CVSS. Remediation: upgrade to a version later than 2025.03.31 (...

6.9CVSS6.4AI score0.00015EPSS

Exploits0References1

CNNVD•added 2025/10/13 12:0 a.m.•2 views

QGIS QWC2 安全漏洞

QGIS QWC2 is a web front-end client framework from the QGIS organization. A security vulnerability exists in QGIS QWC2 versions prior to 2025.08.14, which stems from a cross-site scripting vulnerability in the attribute table that could lead to an authorized attacker planting arbitrary JavaScript...

6.9CVSS6AI score0.00015EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by