Lucene search
K

6680 matches found

Github Security Blog
Github Security Blog
added 2026/03/10 6:23 p.m.3 views

Craft Commerce has stored XSS in Inventory Location Name

Summary A stored XSS vulnerability exists in the Commerce Settings - Inventory Locations page. The Name field is rendered without proper HTML escaping, allowing an attacker to execute arbitrary JavaScript. This XSS triggers when an administrator or user with product editing permissions creates or...

4.8CVSS6AI score0.00234EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/03/10 6:16 p.m.4 views

EUVD-2026-10555

StudioCMS has Privilege Escalation via Insecure API Token Generation...

8.8CVSS5.8AI score0.00564EPSS
Exploits3References6
Microsoft KB
Microsoft KB
added 2026/03/10 2:0 p.m.16 views

Description of the security update for SharePoint Server 2019: March 10, 2026 (KB5002845)

Description of the security update for SharePoint Server 2019: March 10, 2026 KB5002845 Summary Important: If you're currently running SharePoint Workflow Manager, you must install the SharePoint Workflow Manager KB5002799 to your farm before you install this cumulative update. If you're currentl...

9.3CVSS6.4AI score0.02408EPSS
Exploits0
The Hacker News
The Hacker News
added 2026/03/10 1:20 p.m.6 views

New "LeakyLooker" Flaws in Google Looker Studio Could Enable Cross-Tenant SQL Queries

Cybersecurity researchers have disclosed nine cross-tenant vulnerabilities in Google Looker Studio that could have permitted attackers to run arbitrary SQL queries on victims' databases and exfiltrate sensitive data within organizations' Google Cloud environments. The shortcomings have been...

6.2AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/03/10 12:0 a.m.2 views

PT-2026-24640

Summary A stored XSS vulnerability exists in the Commerce Settings - Inventory Locations page. The Name field is rendered without proper HTML escaping, allowing an attacker to execute arbitrary JavaScript. This XSS triggers when an administrator or user with product editing permissions creates or...

4.8CVSS6AI score
Exploits0References4
CNNVD
CNNVD
added 2026/03/10 12:0 a.m.8 views

Sylius 跨站脚本漏洞

Sylius is an open-source e-commerce platform developed by the Polish company Sylius, based on the Symfony framework. Sylius has a cross-site scripting vulnerability. This vulnerability arises from the fact that entity names are rendered as raw HTML at multiple locations in both the store frontend...

4.8CVSS5.7AI score0.00142EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/10 12:0 a.m.5 views

PT-2026-24477

Name of the Vulnerable Software and Affected Versions Sylius versions 1.9.12 through 2.2.3 Description Sylius, an Open Source eCommerce Framework on Symfony, contains an authenticated stored cross-site scripting XSS issue in multiple areas of the shop frontend and admin panel. This is due to...

4.8CVSS5.8AI score0.00142EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/03/10 12:0 a.m.5 views

Sylius 跨站脚本漏洞

Sylius is an open-source e-commerce platform developed by the Polish company Sylius, based on the Symfony framework. Sylius has a cross-site scripting vulnerability. This vulnerability arises from the use of the innerHTML method to render the message field in the login form during checkout, which...

6.1CVSS5.6AI score0.00179EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/10 12:0 a.m.9 views

PT-2026-24476

Name of the Vulnerable Software and Affected Versions Sylius versions prior to 2.0.16 Sylius versions prior to 2.1.12 Sylius versions prior to 2.2.3 Description Sylius, an Open Source eCommerce Framework on Symfony, contains a cross-site scripting XSS issue in the shop checkout login form. The...

6.1CVSS5.6AI score0.00179EPSS
Exploits0References7
Mageia
Mageia
added 2026/03/09 5:48 p.m.10 views

Updated rootcerts, nss & firefox packages fix security vulnerabilities

Incorrect boundary conditions in the WebRTC: Audio/Video component. CVE-2026-2757 Use-after-free in the JavaScript: GC component. CVE-2026-2758 Incorrect boundary conditions in the Graphics: ImageLib component. CVE-2026-2759 Sandbox escape due to incorrect boundary conditions in the Graphics:...

10CVSS5.8AI score0.00604EPSS
Exploits0References4
NVD
NVD
added 2026/03/06 5:16 p.m.6 views

CVE-2026-29082

Kestra is an event-driven orchestration platform. In versions from 1.1.10 and prior, Kestra’s execution-file preview renders user-supplied Markdown .md with markdown-it instantiated as html:true and injects the resulting HTML with Vue’s v-html without sanitisation. At time of publication, there a...

7.3CVSS0.00232EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/06 4:33 p.m.4 views

CVE-2026-29082

Kestra is an event-driven orchestration platform. In versions from 1.1.10 and prior, Kestra’s execution-file preview renders user-supplied Markdown .md with markdown-it instantiated as html:true and injects the resulting HTML with Vue’s v-html without sanitisation. At time of publication, there a...

7.3CVSS5.8AI score0.00232EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/03/06 4:33 p.m.31 views

CVE-2026-29082 Kestra: Stored Cross-Site Scripting in Markdown File Preview

Kestra is an event-driven orchestration platform. In versions from 1.1.10 and prior, Kestra’s execution-file preview renders user-supplied Markdown .md with markdown-it instantiated as html:true and injects the resulting HTML with Vue’s v-html without sanitisation. At time of publication, there a...

7.3CVSS0.00232EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2026/03/06 11:0 a.m.10 views

react-router: @remix-run/router: React Router XSS Vulnerability

The cross site scripting flaw has been discovered in the npm react-router package. A XSS vulnerability exists in in React Router's meta/ APIs in Framework Mode when generating script:ld+json tags which could allow arbitrary JavaScript execution during SSR if untrusted content is used to generate...

7.6CVSS5.4AI score0.00448EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/03/06 11:0 a.m.4 views

react-router: @remix-run/react: React Router SSR XSS in ScrollRestoration

A cross site scripting flaw has been discovered in the npm react-router package. The cross site scripting XSS vulnerability exists in in React Router's API in Framework Mode when using the getKey/storageKey props during Server-Side Rendering which could allow arbitrary JavaScript execution during...

8.2CVSS5.4AI score0.00472EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/03/06 12:0 a.m.7 views

kestra 跨站脚本漏洞

Kestra is an open-source workflow automation platform developed by Kestra. Versions of Kestra 1.1.10 and earlier had a cross-site scripting vulnerability. This vulnerability stemmed from the lack of cleanup when rendering Markdown formats provided by users, which could lead to cross-site scriptin...

7.3CVSS5.6AI score0.00232EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/03/06 12:0 a.m.6 views

PT-2026-23727

Kestra is an event-driven orchestration platform. In versions from 1.1.10 and prior, Kestra’s execution-file preview renders user-supplied Markdown .md with markdown-it instantiated as html:true and injects the resulting HTML with Vue’s v-html without sanitisation. At time of publication, there a...

7.3CVSS5.8AI score0.00232EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/03/06 12:0 a.m.5 views

LangBot 跨站脚本漏洞

LangBot is an open-source development platform for large-scale instant messaging robots created by LangBot. Versions of LangBot prior to 4.8.7 contained a cross-site scripting vulnerability. This vulnerability stemmed from the use of rehypeRaw to render the original HTML provided by users, which...

6.3CVSS5.6AI score0.00187EPSS
Exploits1References3
Snyk
Snyk
added 2026/03/05 9:13 p.m.2 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via unsafe template rendering that combines user input with permissive sanitizer handling of data URLs in the display of author and committer names. An attacker can execute arbitrary JavaScript in the context of...

6.9CVSS5.8AI score0.00189EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/05 9:13 p.m.3 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via unsafe template rendering that combines user input with permissive sanitizer handling of data URLs in the display of author and committer names. An attacker can execute arbitrary JavaScript in the context of...

6.9CVSS5.8AI score0.00189EPSS
Exploits0References2
Rows per page
Query Builder