Lucene search
K

6684 matches found

OSV
OSV
added 2025/05/23 4:58 p.m.3 views

GHSA-M4HF-FXCG-CP34 DNN allows Stored Cross-Site Scripting (XSS) with svg files rendered inline

Uploaded SVG files could contain scripts and if rendered inline those scripts could run allowing XSS attacks...

6.1CVSS6.2AI score0.00244EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/05/23 3:39 p.m.47 views

CVE-2025-48378 Dnn.Platform vulnerable to Stored Cross-Site Scripting (XSS) with svg files rendered inline

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 9.13.9, uploaded SVG files could contain scripts and if rendered inline those scripts could run allowing XSS attacks. Version 9.13.9 fixes the issue...

6.1CVSS0.00244EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 10:38 a.m.5 views

CVE-2024-52506

Graylog is a free and open log management platform. The reporting functionality in Graylog allows the creation and scheduling of reports which contain dashboard widgets displaying individual log messages or metrics aggregated from fields of multiple log messages. This functionality, as included i...

7.1CVSS6.4AI score0.00624EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:19 a.m.6 views

CVE-2024-3911

An unauthenticated remote attacker can deceive users into performing unintended actions due to improper restriction of rendered UI layers or frames...

6.5CVSS7.2AI score0.00456EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 10:17 a.m.6 views

CVE-2024-30922

SQL Injection vulnerability in DerbyNet v9.0 allows a remote attacker to execute arbitrary code via the where Clause in Award Document Rendering...

9.8CVSS8.7AI score0.01429EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:17 a.m.5 views

CVE-2024-30923

SQL Injection vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary code via the where Clause in Racer Document Rendering...

9.8CVSS8.8AI score0.0137EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:2 a.m.24 views

CVE-2024-29179

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. An attacker with admin privileges can upload an attachment containing JS code without extension and the application will render it as HTML which allows for XSS attacks...

4.8CVSS6.2AI score0.00508EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:52 a.m.6 views

CVE-2024-6329

An issue was discovered in GitLab CE/EE affecting all versions starting from 8.16 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2, which causes the web interface to fail to render the diff correctly when the path is encoded...

7.5CVSS6.4AI score0.00371EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:32 a.m.6 views

CVE-2024-0794

Certain HP LaserJet Pro, HP Enterprise LaserJet, and HP LaserJet Managed Printers are potentially vulnerable to Remote Code Execution due to buffer overflow when rendering fonts embedded in a PDF file...

9.8CVSS7.9AI score0.01342EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:9 a.m.5 views

CVE-2024-5741

Stored XSS in inventory tree rendering in Checkmk before 2.3.0p7, 2.2.0p28, 2.1.0p45 and 2.0.0 EOL...

6.5CVSS6.1AI score0.00283EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:2 a.m.3 views

CVE-2024-38856

Incorrect Authorization vulnerability in Apache OFBiz. This issue affects Apache OFBiz: through 18.12.14. Users are recommended to upgrade to version 18.12.15, which fixes the issue. Unauthenticated endpoints could allow execution of screen rendering code of screens if some preconditions are met...

9.8CVSS7.5AI score0.99427EPSS
Exploits10References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:6 a.m.11 views

CVE-2024-45047

svelte performance oriented web framework. A potential mXSS vulnerability exists in Svelte for versions up to but not including 4.2.19. Svelte improperly escapes HTML on server-side rendering. The assumption is that attributes will always stay as such, but in some situation the final DOM tree...

6.1CVSS5.8AI score0.00344EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/23 8:2 a.m.8 views

CVE-2024-39919

@jmondi/url-to-png is an open source URL to PNG utility featuring parallel rendering using Playwright for screenshots and with storage caching via Local, S3, or CouchDB. The package includes an ALLOWLIST where the host can specify which services the user is permitted to capture screenshots of. By...

3.1CVSS3.9AI score0.0037EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 7:37 a.m.5 views

CVE-2024-4207

A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 5.1 prior 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2. When viewing an XML file in a repository in raw mode, it can be made to render as HTML if viewed under...

5.4CVSS5.7AI score0.00294EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:18 a.m.8 views

CVE-2024-8239

The Starbox WordPress plugin before 3.5.3 does not properly render social media profiles URLs in certain contexts, like the malicious user's profile or pages where the starbox shortcode is used, which may be abused by users with at least the contributor role to conduct Stored XSS attacks...

5.4CVSS5.7AI score0.00346EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:13 a.m.4 views

CVE-2024-53615

A command injection vulnerability in the video thumbnail rendering component of Karl Ward's files.gallery v0.3.0 through 0.11.0 allows remote attackers to execute arbitrary code via a crafted video file...

6.5CVSS8.2AI score0.01311EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:32 a.m.5 views

CVE-2024-26017

Uncontrolled search path in some IntelR Rendering Toolkit software before version 2024.1.0 may allow an authenticated user to potentially enable escalation of privilege via local access...

6.7CVSS7.1AI score0.00165EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:25 a.m.5 views

CVE-2024-50810

hopetree izone lts c011b48 contains a Cross Site Scripting XSS vulnerability in the article comment function. In \apps\comment\views.py, AddCommintView does not securely filter user input and renders it directly to the frontend page through templates...

5.4CVSS5.9AI score0.00218EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:6 a.m.5 views

CVE-2023-34103

Avo is an open source ruby on rails admin panel creation framework. In affected versions some avo fields are vulnerable to Cross Site Scripting XSS when rendering html based content. Attackers do need form edit privilege in order to successfully exploit this vulnerability, but the results are...

7.3CVSS5.9AI score0.00563EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:34 a.m.7 views

CVE-2023-48302

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.13, 26.0.8, and 27.1.3 of Nextcloud Server and Nextcloud Enterprise Server, when a user is tricked into copy pasting HTML code without markup Ctrl+Shift+V the...

5.4CVSS6.7AI score0.00571EPSS
Exploits0References1
Rows per page
Query Builder