Lucene search
+L

47 matches found

nvd
nvd
added yesterday4 views

CVE-2026-54443

Dashy is a self-hostable personal dashboard. From 1.9.4 until 3.2.0, the Dashy RSS Widget in src/components/Widgets/RssFeed.vue does not sanitize RSS item link values before rendering feed item titles and Read More links as anchor href attributes, allowing an attacker-controlled feed to provide a...

5.9CVSS
Exploits0References2
euvd
euvd
added yesterday4 views

EUVD-2026-44760

Dashy is a self-hostable personal dashboard. From 1.9.4 until 3.2.0, the Dashy RSS Widget in src/components/Widgets/RssFeed.vue does not sanitize RSS item link values before rendering feed item titles and Read More links as anchor href attributes, allowing an attacker-controlled feed to provide a...

5.9CVSS6.1AI score
Exploits0References2
cve
cve
added yesterday8 views

CVE-2026-54443

The CVE affects Dashy’s RSS Widget (src/components/Widgets/RssFeed.vue). From versions 1.9.4 through 3.2.0, RSS item link values are not sanitized before rendering titles and Read More links as anchor href attributes, allowing an attacker-controlled feed to provide a javascript: URI that executes...

5.9CVSS6.1AI score
Exploits0References2
euvd
euvd
added 2025/10/07 12:30 a.m.8 views

EUVD-2018-8087

Malware in sbrugna...

6.1CVSS6.3AI score0.00872EPSS
Exploits0References4
euvd
euvd
added 2025/10/07 12:30 a.m.6 views

EUVD-2009-3097

Malware in sbrugna...

7.5CVSS6.3AI score0.02245EPSS
Exploits0References6
euvd
euvd
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-51908

Malicious code in bioql PyPI...

6.5CVSS6.7AI score0.00416EPSS
Exploits1References1
euvd
euvd
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-27960

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00358EPSS
Exploits0References1
osv
osv
added 2025/07/18 8:15 p.m.3 views

DEBIAN-CVE-2025-54310

qBittorrent before 5.1.2 does not prevent access to a local file that is referenced in a link URL. This affects rsswidget.cpp and searchjobwidget.cpp...

5.3CVSS5.2AI score0.00398EPSS
Exploits0References1
osv
osv
added 2025/07/18 8:15 p.m.4 views

UBUNTU-CVE-2025-54310

qBittorrent before 5.1.2 does not prevent access to a local file that is referenced in a link URL. This affects rsswidget.cpp and searchjobwidget.cpp...

5.3CVSS5.8AI score0.00398EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2025/06/24 12:0 a.m.6 views

PT-2025-26765 · Unknown · Custom Rss Widget +1

Name of the Vulnerable Software and Affected Versions: AccuWeather and Custom RSS widget affected versions not specified Description: A cross-site scripting issue exists in the AccuWeather and Custom RSS widget, allowing an unauthenticated user to replace the RSS feed URL with a malicious one...

8.8CVSS5.7AI score0.00346EPSS
Exploits0References5
redhatcve
redhatcve
added 2025/05/23 5:15 a.m.7 views

CVE-2023-47813

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in grandslambert Better RSS Widget plugin = 2.8.1 versions...

6.5CVSS6.9AI score0.00416EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/05/23 5:12 a.m.6 views

CVE-2023-23877

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in bkmacdaddy designs Pinterest RSS Widget plugin = 2.3.1 versions...

6.5CVSS5.6AI score0.00358EPSS
Exploits0References1
cnnvd
cnnvd
added 2025/03/31 12:0 a.m.5 views

Tuleap 安全漏洞

Tuleap is an open source suite from Enalean Open Source designed to improve the management of software development and collaboration. A security vulnerability exists in Tuleap Community Edition prior to 16.5.99.1742562878 and Tuleap Enterprise Edition prior to 16.5-5, and prior to 16.4-8, which...

4.8CVSS6AI score0.00284EPSS
Exploits0References5
wpvulndb
wpvulndb
added 2023/11/23 12:0 a.m.20 views

Better RSS Widget <= 2.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Better RSS Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to...

6.5CVSS5.9AI score0.00416EPSS
Exploits1References1
nvd
nvd
added 2023/11/22 11:15 p.m.35 views

CVE-2023-47813

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in grandslambert Better RSS Widget plugin = 2.8.1 versions...

6.5CVSS0.00416EPSS
Exploits1References1
prion
prion
added 2023/11/22 11:15 p.m.21 views

Cross site scripting

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in grandslambert Better RSS Widget plugin = 2.8.1 versions...

4.9CVSS7.1AI score0.00416EPSS
Exploits1References1Affected Software1
cve
cve
added 2023/11/22 10:43 p.m.74 views

CVE-2023-47813

CVE-2023-47813 relates to the WordPress plugin Better RSS Widget (

6.5CVSS6AI score0.00416EPSS
Exploits1References1Affected Software1
cvelist
cvelist
added 2023/11/22 10:43 p.m.37 views

CVE-2023-47813 WordPress Better RSS Widget Plugin <= 2.8.1 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in grandslambert Better RSS Widget plugin = 2.8.1 versions...

6.5CVSS6.7AI score0.00416EPSS
Exploits1References1
cnnvd
cnnvd
added 2023/11/22 12:0 a.m.4 views

WordPress Plugin Better RSS Widget Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

6.5CVSS6AI score0.00416EPSS
Exploits1References3
patchstack
patchstack
added 2023/11/15 12:0 a.m.8 views

WordPress Better RSS Widget Plugin <= 2.8.1 is vulnerable to Cross Site Scripting (XSS)

Software Better RSS Widget Type Plugin Vulnerable versions = 2.8.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-47813 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 441d7fc6e5c0 Credits Ngô Thiên An ancorn from VNPT-VCI...

6.5CVSS6.6AI score0.00416EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder