Lucene search
K

1486 matches found

CNNVD
CNNVD
added 2026/05/18 12:0 a.m.10 views

FacturaScripts 跨站脚本漏洞

FacturaScripts is an open-source ERP software developed by Carlos Garcia, a Spanish developer. Versions of FacturaScripts prior to 2025.7 contained a cross-site scripting vulnerability. This vulnerability occurred due to the fsNick cookie parameter value being reflected directly into HTML, which...

3.9CVSS5.6AI score0.00104EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/18 12:0 a.m.12 views

EUVD-2026-30784

HSC MailInspector v5.3.3-7 contains a Cross-Site Scripting XSS vulnerability in the /tap/tap.php endpoint due to improper neutralization of user-controlled input using alternate or obfuscated JavaScript syntax. The endpoint reflects unsanitized user input in HTTP responses without adequate output...

6.1CVSS6.2AI score0.00244EPSS
Exploits1References3
CVE
CVE
added 2026/05/17 12:11 p.m.15 views

CVE-2018-25331

CVE-2018-25331 affects Zenar Content Management System. The vulnerability is a Cross-Site Scripting (XSS) in the ajax.php endpoint, where unsanitized user input is reflected in the response. Exploitation is possible via POST parameters (notably the current_page parameter), enabling unauthenticate...

6.1CVSS5.9AI score0.00215EPSS
Exploits0References4
NVD
NVD
added 2026/05/14 1:16 p.m.20 views

CVE-2026-43644

podinfo through 6.11.2 contains a reflected cross-site scripting vulnerability in the /echo and /api/echo endpoints where the echoHandler writes request body content directly to the response without setting explicit Content-Type or X-Content-Type-Options headers. Attackers can craft cross-origin...

6.1CVSS0.00195EPSS
Exploits2References3
CVE
CVE
added 2026/05/13 5:7 p.m.32 views

CVE-2026-44581

CVE-2026-44581 details a stored XSS in Next.js App Router apps relying on CSP nonces when deployed behind shared caches. Affected versions are 13.4.0–before 15.5.16 and 16.2.5; malformed nonce values derived from request headers could be reflected into rendered HTML, enabling cache-poisoning and ...

4.7CVSS5.8AI score0.00222EPSS
Exploits1References1Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/12 10:23 p.m.9 views

SillyTavern has a reflected XSS vulnerability in the CORS proxy middleware

Resolution Fixed in SillyTavern 1.18.0: a user-provided URL is no longer reflected in the HTTP response body. Overview - Vulnerability Type: XSS - Affected Location: src/middleware/corsProxy.js:40 - Trigger Scenario: reflected XSS in CORS proxy error response Root Cause When fetchurl throws, the...

6.9CVSS6.1AI score0.00323EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/12 3:1 p.m.19 views

protobuf.js: Process-wide denial of service through unsafe option paths

Summary protobufjs allowed certain schema option paths to traverse through inherited object properties while applying options. A crafted protobuf schema or JSON descriptor could cause option handling to write to properties on global JavaScript constructors, corrupting process-wide built-in...

7.5CVSS6.2AI score0.00373EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2026/05/11 6:31 p.m.11 views

EUVD-2026-29057

Reflected Cross-Site Scripting XSS in the latest demo version of the Cradle eCommerce platform. User-controlled input is insecurely reflected in the HTML output in the endpoint /product/. Exploitation of this vulnerability would allow an attacker to execute arbitrary JavaScript code...

5.1CVSS6AI score0.00318EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/11 2:26 p.m.30 views

CVE-2026-3319 Multiple vulnerabilities in Cradle e-commerce

Reflected Cross-Site Scripting XSS in the latest demo version of the Cradle eCommerce platform. User-controlled input is insecurely reflected in the HTML output in the endpoint /collection/. Exploitation of this vulnerability would allow an attacker to execute arbitrary JavaScript code...

5.1CVSS0.00318EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.10 views

PT-2026-39619

Reflected Cross-Site Scripting XSS in the latest demo version of the Cradle eCommerce platform. User-controlled input is insecurely reflected in the HTML output in the endpoint /product/. Exploitation of this vulnerability would allow an attacker to execute arbitrary JavaScript code...

5.1CVSS6AI score0.00318EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.9 views

docuForm FSM Server 跨站脚本漏洞

The docuForm FSM Server is a server-side system developed by the German company docuForm, designed for enterprise document processing and form workflow management. The version 11.11c of the docuForm FSM Server contains a cross-site scripting vulnerability, which stems from a reflection-type...

6.1CVSS5.7AI score0.00236EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.10 views

Cradle eCommerce 跨站脚本漏洞

Cradle eCommerce is an e-commerce platform developed by Cradle Corporation, which integrates content management and online shopping features. Cradle eCommerce has a cross-site scripting vulnerability. This vulnerability arises from insecurely reflecting user-controlled inputs in HTML output,...

5.1CVSS5.9AI score0.00318EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.8 views

Cradle eCommerce 跨站脚本漏洞

Cradle eCommerce is an e-commerce platform developed by Cradle Corporation, which integrates content management and online shopping features. Cradle eCommerce has a cross-site scripting vulnerability. This vulnerability arises from insecurely reflecting user-controlled inputs at endpoints/product...

5.1CVSS5.9AI score0.00318EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.12 views

PT-2026-39618

Reflected Cross-Site Scripting XSS in the latest demo version of the Cradle eCommerce platform. User-controlled input is insecurely reflected in the HTML output in the endpoint /collection/. Exploitation of this vulnerability would allow an attacker to execute arbitrary JavaScript code...

5.1CVSS6AI score0.00318EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.11 views

uBidAuction 跨站脚本漏洞

uBidAuction is an auction website system developed by the uBidAuction company, which supports online bidding and product transaction management. Version 2.0.1 of uBidAuction has a cross-site scripting vulnerability. This vulnerability stems from improper cleaning of the filter functions for the...

6.1CVSS5.7AI score0.00252EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.9 views

uBidAuction 跨站脚本漏洞

uBidAuction is an auction website system developed by the uBidAuction company, which supports online bidding and product transaction management. Version 2.0.1 of uBidAuction has a cross-site scripting vulnerability. This vulnerability stems from the improper cleanup of the filter functions for th...

6.1CVSS5.7AI score0.00247EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.10 views

uBidAuction 跨站脚本漏洞

uBidAuction is an auction website system developed by the uBidAuction company, which supports online auctions and product transaction management. Version 2.0.1 of uBidAuction has a cross-site scripting vulnerability. This vulnerability stems from improper cleaning of the filter functions for the...

6.1CVSS5.7AI score0.00252EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.11 views

uBidAuction 跨站脚本漏洞

uBidAuction is an auction website system developed by the uBidAuction company, which supports online bidding and product transaction management. Version 2.0.1 of uBidAuction has a cross-site scripting vulnerability. This vulnerability stems from the improper cleaning of the filter functions for t...

6.1CVSS5.7AI score0.00252EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.10 views

Drupal avatar_uploader 跨站脚本漏洞

Drupal avatarUploader is an extension developed by Drupal Corporation that provides website users with functionality for uploading and managing avatars. The Drupal avatarUploader 7.x-1.0-beta8 version contains a cross-site scripting vulnerability. This vulnerability stems from improper handling o...

6.1CVSS5.6AI score0.00244EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.9 views

uBidAuction 跨站脚本漏洞

uBidAuction is an auction website system developed by uBidAuction Company, which supports online bidding and product transaction management. Version 2.0.1 of uBidAuction has a cross-site scripting vulnerability. This vulnerability stems from the improper cleanup of the filter functions for the...

6.1CVSS5.7AI score0.00252EPSS
Exploits0References1
Rows per page
Query Builder