Lucene search
K

11 matches found

RedhatCVE
RedhatCVE
added 2026/04/20 7:23 p.m.5 views

CVE-2026-6493

A flaw has been found in lukevella rallly up to 4.7.4. This affects an unknown function of the file apps/web/src/app/locale/auth/reset-password/components/reset-password-form.tsx of the component Reset Password Handler. Executing a manipulation of the argument redirectTo can lead to cross site...

5.1CVSS3.9AI score0.0026EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/17 2:15 p.m.33 views

CVE-2026-6493 lukevella rallly Reset Password reset-password-form.tsx cross site scripting

A flaw has been found in lukevella rallly up to 4.7.4. This affects an unknown function of the file apps/web/src/app/locale/auth/reset-password/components/reset-password-form.tsx of the component Reset Password Handler. Executing a manipulation of the argument redirectTo can lead to cross site...

5.1CVSS0.0026EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/04/17 2:15 p.m.7 views

CVE-2026-6493

A flaw has been found in lukevella rallly up to 4.7.4. This affects an unknown function of the file apps/web/src/app/locale/auth/reset-password/components/reset-password-form.tsx of the component Reset Password Handler. Executing a manipulation of the argument redirectTo can lead to cross site...

5.1CVSS3.9AI score0.0026EPSS
Exploits0References7Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/17 2:15 p.m.6 views

CVE-2026-6493 lukevella rallly Reset Password reset-password-form.tsx cross site scripting

A flaw has been found in lukevella rallly up to 4.7.4. This affects an unknown function of the file apps/web/src/app/locale/auth/reset-password/components/reset-password-form.tsx of the component Reset Password Handler. Executing a manipulation of the argument redirectTo can lead to cross site...

5.1CVSS3.9AI score0.0026EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/03/28 11:10 p.m.3 views

CVE-2026-33883

Statamic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.16 and 6.7.2, the user:resetpasswordform tag could render user-input directly into HTML without escaping, allowing an attacker to craft a URL that executes arbitrary JavaScript in the victim's browser. Thi...

6.1CVSS5.9AI score0.00149EPSS
Exploits0References1
NVD
NVD
added 2026/03/27 9:17 p.m.5 views

CVE-2026-33883

Statamic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.16 and 6.7.2, the user:resetpasswordform tag could render user-input directly into HTML without escaping, allowing an attacker to craft a URL that executes arbitrary JavaScript in the victim's browser. Thi...

6.1CVSS0.00149EPSS
Exploits0References1
Snyk
Snyk
added 2026/03/26 7:5 p.m.3 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the user:resetpasswordform. An attacker can execute arbitrary JavaScript in a victim's browser by crafting a malicious URL containing unescaped input. Details Cross-site scripting or XSS is a code...

6.1CVSS5.9AI score0.00149EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/06/08 10:15 a.m.5 views

CVE-2022-1597

The WPQA Builder WordPress plugin before 5.4, used as a companion for the Discy and Himer , does not sanitise and escape a parameter on its reset password form which makes it possible to perform Reflected Cross-Site Scripting attacks...

6.1CVSS6.4AI score0.0291EPSS
Exploits2References3
CNNVD
CNNVD
added 2022/06/08 12:0 a.m.7 views

WordPress plugin WPQA 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. WordPress plugin is an application plugin. cross-site scripting vulnerability...

6.1CVSS5.7AI score0.0291EPSS
Exploits2References2
Prion
Prion
added 2019/05/22 4:29 p.m.28 views

Sql injection

DISPUTED Nagios XI 5.6.1 allows SQL injection via the username parameter to login.php?forgotpass aka the reset password form. NOTE: The vendor disputes this issues as not being a vulnerability because the issue does not seem to be a legitimate SQL Injection. The POC does not show any valid...

7.5CVSS9.8AI score0.0422EPSS
Exploits5References3Affected Software1
Cvelist
Cvelist
added 2019/05/22 3:4 p.m.40 views

CVE-2019-12279

Nagios XI 5.6.1 allows SQL injection via the username parameter to login.php?forgotpass aka the reset password form. NOTE: The vendor disputes this issues as not being a vulnerability because the issue does not seem to be a legitimate SQL Injection. The POC does not show any valid injection that...

9.9AI score0.0422EPSS
Exploits5References3
Rows per page
Query Builder