Lucene search
K

3789 matches found

Packet Storm News
Packet Storm News
added 2026/02/02 12:0 a.m.6 views

TWiki 6.0.1 Cross Site Scripting

A cross site scripting vulnerability exists in TWiki version 6.0.1 via the QUERYSTRING parameter. The vulnerability allows remote attackers to inject arbitrary web script or HTML. This issue is older research added to the archive...

4.3CVSS5.2AI score0.01903EPSS
Exploits2
NVD
NVD
added 2026/02/01 1:15 p.m.5 views

CVE-2022-50940

Knap Advanced PHP Login 3.1.3 contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious script code in the name parameter. Attackers can exploit the vulnerability to execute arbitrary scripts in users and activity log backend modules, potentially...

6.4CVSS0.00301EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/01 12:56 p.m.32 views

CVE-2023-54343 QWE DL 2.0.1 Persistent XSS Vulnerability via Path Parameter

QWE DL 2.0.1 mobile web application contains a persistent input validation vulnerability allowing remote attackers to inject malicious script code through path parameter manipulation. Attackers can exploit the vulnerability to execute persistent cross-site scripting attacks, potentially leading t...

6.4CVSS0.00305EPSS
Exploits0References3
OSV
OSV
added 2026/02/01 12:15 p.m.5 views

CVE-2022-50942 Incinga Web 2.8.2 Client-Side Cross-Site Scripting via EventListener

Incinga Web 2.8.2 contains a client-side cross-site scripting vulnerability that allows remote attackers to inject malicious script codes through the icinga.min.js file. Attackers can exploit the EventListener.handleEvent method to execute arbitrary scripts, potentially leading to session hijacki...

4.8CVSS6.1AI score0.00256EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/02/01 12:15 p.m.4 views

CVE-2022-50940

Knap Advanced PHP Login 3.1.3 contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious script code in the name parameter. Attackers can exploit the vulnerability to execute arbitrary scripts in users and activity log backend modules, potentially...

6.4CVSS6.1AI score0.00301EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/02/01 12:15 p.m.32 views

CVE-2022-50942 Incinga Web 2.8.2 Client-Side Cross-Site Scripting via EventListener

Incinga Web 2.8.2 contains a client-side cross-site scripting vulnerability that allows remote attackers to inject malicious script codes through the icinga.min.js file. Attackers can exploit the EventListener.handleEvent method to execute arbitrary scripts, potentially leading to session hijacki...

5.4CVSS0.00256EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/02/01 12:15 p.m.4 views

CVE-2022-50797

Stripe Green Downloads Wordpress Plugin 2.03 contains a persistent cross-site scripting vulnerability allowing remote attackers to inject malicious scripts in button label fields. Attackers can exploit input parameters to execute arbitrary scripts, potentially leading to session hijacking and...

6.4CVSS6.1AI score0.00391EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/01 12:15 p.m.2 views

CVE-2022-50797 Stripe Green Downloads Wordpress Plugin 2.03 Persistent XSS via Settings

Stripe Green Downloads Wordpress Plugin 2.03 contains a persistent cross-site scripting vulnerability allowing remote attackers to inject malicious scripts in button label fields. Attackers can exploit input parameters to execute arbitrary scripts, potentially leading to session hijacking and...

6.4CVSS5.5AI score0.00391EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/01 12:15 p.m.5 views

CVE-2021-47920 WebMO Job Manager 20.0 Cross-Site Scripting via Search Parameters

WebMO Job Manager 20.0 contains a cross-site scripting vulnerability in search parameters that allows remote attackers to inject malicious script code. Attackers can exploit the filterSearch and filterSearchType parameters to perform non-persistent attacks including session hijacking and external...

5.4CVSS5.1AI score0.00264EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/01 12:15 p.m.31 views

CVE-2021-47917 Simple CMS 2.1 Persistent Cross-Site Scripting via User Input Parameters

Simple CMS 2.1 contains a persistent cross-site scripting vulnerability in user input parameters that allows remote attackers to inject malicious script code. Attackers can exploit the newUser and editUser modules to inject persistent scripts that execute on user list preview, potentially leading...

6.4CVSS0.00289EPSS
Exploits1References3
EUVD
EUVD
added 2026/02/01 12:15 p.m.5 views

EUVD-2021-34757

PHP Melody version 3.0 contains a persistent cross-site scripting vulnerability in the edit-video.php submitted parameter that allows remote attackers to inject malicious script code. Attackers can exploit this vulnerability to execute arbitrary JavaScript, potentially leading to session hijackin...

6.4CVSS6AI score0.00303EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/02/01 12:0 a.m.7 views

PT-2026-5552

Easy Cart Shopping Cart 2021 contains a non-persistent cross-site scripting vulnerability in the search module's keyword parameter. Remote attackers can inject malicious script code through the search input to compromise user sessions and manipulate application content...

6.4CVSS5.9AI score0.00305EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/02/01 12:0 a.m.7 views

PHPSUGAR PHP Melody 跨站脚本漏洞

PHPSUGAR PHP Melody is a content management system developed by PHPSUGAR. The PHPSUGAR PHP Melody 3.0 version has a cross-site scripting vulnerability. This vulnerability stems from the submitted parameter in the edit-video.php file, which has a persistent cross-site scripting vulnerability. This...

6.4CVSS5.7AI score0.00303EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/02/01 12:0 a.m.9 views

PT-2026-5568

BootCommerce 3.2.1 contains persistent input validation vulnerabilities that allow remote attackers to inject malicious script code through guest order checkout input fields. Attackers can exploit unvalidated input parameters to execute arbitrary scripts, potentially leading to session hijacking,...

6.4CVSS6.2AI score0.00301EPSS
Exploits0References4
NVD
NVD
added 2026/01/30 5:16 p.m.6 views

CVE-2020-37019

Orchard Core RC1 contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious scripts through blog post creation. Attackers can create blog posts with embedded JavaScript in the MarkdownBodyPart.Source parameter to execute arbitrary scripts in victim...

6.4CVSS0.00398EPSS
Exploits0References5
EUVD
EUVD
added 2026/01/30 4:16 p.m.7 views

EUVD-2020-30960

Tryton 5.4 contains a persistent cross-site scripting vulnerability in the user profile name input that allows remote attackers to inject malicious scripts. Attackers can exploit the vulnerability by inserting script payloads in the name field, which execute in the frontend and backend user...

6.4CVSS5.9AI score0.00311EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/01/30 4:16 p.m.2 views

CVE-2020-37014

Tryton 5.4 contains a persistent cross-site scripting vulnerability in the user profile name input that allows remote attackers to inject malicious scripts. Attackers can exploit the vulnerability by inserting script payloads in the name field, which execute in the frontend and backend user...

6.4CVSS5.9AI score0.00311EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/01/28 12:0 a.m.27 views

CVE-2025-70336

A Stored cross-site scripting XSS vulnerability in 'Create New Live Item' in PodcastGenerator 3.2.9 allows remote attackers to inject arbitrary script or HTML via the 'TITLE', 'SHORT DESCRIPTION' and 'LONG DESCRIPTION' parameters. The saved payload gets executed on 'View All Live Items' and 'Live...

0.00176EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 12:52 p.m.8 views

CVE-2014-4017

Cross-site scripting XSS vulnerability in the Conversion Ninja plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter to lp/index.php...

4.3CVSS6AI score0.01636EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:50 p.m.10 views

CVE-2014-4946

Multiple cross-site scripting XSS vulnerabilities in Horde Internet Mail Program IMP before 6.1.8, as used in Horde Groupware Webmail Edition before 5.1.5, allow remote attackers to inject arbitrary web script or HTML via 1 unspecified flags or 2 a mailbox name in the dynamic mailbox view...

4.3CVSS5.9AI score0.01312EPSS
Exploits0References1
Rows per page
Query Builder