Lucene search
+L

1512 matches found

cnnvd
cnnvd
added 2026/05/18 12:0 a.m.10 views

FacturaScripts 跨站脚本漏洞

FacturaScripts is an open-source ERP software developed by Carlos Garcia, a Spanish developer. Versions of FacturaScripts prior to 2025.7 contained a cross-site scripting vulnerability. This vulnerability occurred due to the fsNick cookie parameter value being reflected directly into HTML, which...

3.9CVSS5.6AI score0.00104EPSS
Exploits0References1
euvd
euvd
added 2026/05/18 12:0 a.m.14 views

EUVD-2026-30784

HSC MailInspector v5.3.3-7 contains a Cross-Site Scripting XSS vulnerability in the /tap/tap.php endpoint due to improper neutralization of user-controlled input using alternate or obfuscated JavaScript syntax. The endpoint reflects unsanitized user input in HTTP responses without adequate output...

6.1CVSS6.2AI score0.00244EPSS
Exploits1References3
vulnrichment
vulnrichment
added 2026/05/18 12:0 a.m.10 views

CVE-2026-29964

HSC MailInspector v5.3.3-7 contains a Cross-Site Scripting XSS vulnerability in the /tap/tap.php endpoint due to improper neutralization of user-controlled input using alternate or obfuscated JavaScript syntax. The endpoint reflects unsanitized user input in HTTP responses without adequate output...

6.2AI score0.00244EPSS
Exploits1References3
cve
cve
added 2026/05/17 12:11 p.m.17 views

CVE-2018-25331

CVE-2018-25331 affects Zenar Content Management System. The vulnerability is a Cross-Site Scripting (XSS) in the ajax.php endpoint, where unsanitized user input is reflected in the response. Exploitation is possible via POST parameters (notably the current_page parameter), enabling unauthenticate...

6.1CVSS5.9AI score0.00215EPSS
Exploits0References4
nvd
nvd
added 2026/05/14 1:16 p.m.20 views

CVE-2026-43644

podinfo through 6.11.2 contains a reflected cross-site scripting vulnerability in the /echo and /api/echo endpoints where the echoHandler writes request body content directly to the response without setting explicit Content-Type or X-Content-Type-Options headers. Attackers can craft cross-origin...

6.1CVSS0.00195EPSS
Exploits2References3
cve
cve
added 2026/05/13 5:7 p.m.36 views

CVE-2026-44581

CVE-2026-44581 details a stored XSS in Next.js App Router apps relying on CSP nonces when deployed behind shared caches. Affected versions are 13.4.0–before 15.5.16 and 16.2.5; malformed nonce values derived from request headers could be reflected into rendered HTML, enabling cache-poisoning and ...

4.7CVSS5.8AI score0.00222EPSS
Exploits1References1Affected Software1
github
github
added 2026/05/12 10:23 p.m.10 views

SillyTavern has a reflected XSS vulnerability in the CORS proxy middleware

Resolution Fixed in SillyTavern 1.18.0: a user-provided URL is no longer reflected in the HTTP response body. Overview - Vulnerability Type: XSS - Affected Location: src/middleware/corsProxy.js:40 - Trigger Scenario: reflected XSS in CORS proxy error response Root Cause When fetchurl throws, the...

6.9CVSS6.1AI score0.00323EPSS
Exploits0References4Affected Software1
osv
osv
added 2026/05/12 5:33 p.m.4 views

CVE-2026-44184 Cleanuparr: Reflective CORS combined with trusted-network auth allows cross-origin admin API reads

Cleanuparr is a tool for automating the cleanup of unwanted or blocked files in Sonarr, Radarr, and supported download clients like qBittorrent. Prior to 2.9.10, Cleanuparr's global CORS policy reflects every request Origin and combines it with AllowCredentials. When DisableAuthForLocalAddresses ...

8CVSS6AI score0.0012EPSS
Exploits0References3
github
github
added 2026/05/12 3:1 p.m.23 views

protobuf.js: Process-wide denial of service through unsafe option paths

Summary protobufjs allowed certain schema option paths to traverse through inherited object properties while applying options. A crafted protobuf schema or JSON descriptor could cause option handling to write to properties on global JavaScript constructors, corrupting process-wide built-in...

7.5CVSS6.2AI score0.00374EPSS
Exploits0References5Affected Software1
euvd
euvd
added 2026/05/11 6:31 p.m.11 views

EUVD-2026-29057

Reflected Cross-Site Scripting XSS in the latest demo version of the Cradle eCommerce platform. User-controlled input is insecurely reflected in the HTML output in the endpoint /product/. Exploitation of this vulnerability would allow an attacker to execute arbitrary JavaScript code...

5.1CVSS6AI score0.00318EPSS
Exploits0References2
cvelist
cvelist
added 2026/05/11 2:26 p.m.34 views

CVE-2026-3319 Multiple vulnerabilities in Cradle e-commerce

Reflected Cross-Site Scripting XSS in the latest demo version of the Cradle eCommerce platform. User-controlled input is insecurely reflected in the HTML output in the endpoint /collection/. Exploitation of this vulnerability would allow an attacker to execute arbitrary JavaScript code...

5.1CVSS0.00318EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/11 12:0 a.m.9 views

docuForm FSM Server 跨站脚本漏洞

The docuForm FSM Server is a server-side system developed by the German company docuForm, designed for enterprise document processing and form workflow management. The version 11.11c of the docuForm FSM Server contains a cross-site scripting vulnerability, which stems from a reflection-type...

6.1CVSS5.7AI score0.00236EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/11 12:0 a.m.10 views

Cradle eCommerce 跨站脚本漏洞

Cradle eCommerce is an e-commerce platform developed by Cradle Corporation, which integrates content management and online shopping features. Cradle eCommerce has a cross-site scripting vulnerability. This vulnerability arises from insecurely reflecting user-controlled inputs at endpoints/product...

5.1CVSS5.9AI score0.00318EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/05/11 12:0 a.m.13 views

PT-2026-39618

Reflected Cross-Site Scripting XSS in the latest demo version of the Cradle eCommerce platform. User-controlled input is insecurely reflected in the HTML output in the endpoint /collection/. Exploitation of this vulnerability would allow an attacker to execute arbitrary JavaScript code...

5.1CVSS6AI score0.00318EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/05/11 12:0 a.m.12 views

Cradle eCommerce 跨站脚本漏洞

Cradle eCommerce is an e-commerce platform developed by Cradle Corporation, which integrates content management and online shopping features. Cradle eCommerce has a cross-site scripting vulnerability. This vulnerability arises from insecurely reflecting user-controlled inputs in HTML output,...

5.1CVSS5.9AI score0.00318EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/05/11 12:0 a.m.11 views

PT-2026-39619

Reflected Cross-Site Scripting XSS in the latest demo version of the Cradle eCommerce platform. User-controlled input is insecurely reflected in the HTML output in the endpoint /product/. Exploitation of this vulnerability would allow an attacker to execute arbitrary JavaScript code...

5.1CVSS6AI score0.00318EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/05/10 12:0 a.m.11 views

uBidAuction 跨站脚本漏洞

uBidAuction is an auction website system developed by the uBidAuction company, which supports online auctions and product transaction management. Version 2.0.1 of uBidAuction has a cross-site scripting vulnerability. This vulnerability stems from improper cleaning of the filter functions for the...

6.1CVSS5.7AI score0.00252EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/10 12:0 a.m.10 views

uBidAuction 跨站脚本漏洞

uBidAuction is an auction website system developed by the uBidAuction company, which supports online bidding and product transaction management. Version 2.0.1 of uBidAuction has a cross-site scripting vulnerability. This vulnerability stems from the improper cleanup of the filter functions for th...

6.1CVSS5.7AI score0.00247EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/10 12:0 a.m.12 views

uBidAuction 跨站脚本漏洞

uBidAuction is an auction website system developed by the uBidAuction company, which supports online bidding and product transaction management. Version 2.0.1 of uBidAuction has a cross-site scripting vulnerability. This vulnerability stems from the improper cleaning of the filter functions for t...

6.1CVSS5.7AI score0.00252EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/10 12:0 a.m.10 views

Drupal avatar_uploader 跨站脚本漏洞

Drupal avatarUploader is an extension developed by Drupal Corporation that provides website users with functionality for uploading and managing avatars. The Drupal avatarUploader 7.x-1.0-beta8 version contains a cross-site scripting vulnerability. This vulnerability stems from improper handling o...

6.1CVSS5.6AI score0.00244EPSS
Exploits1References1
Rows per page
Query Builder