Lucene search
K

20093 matches found

RedhatCVE
RedhatCVE
added 2026/02/12 1:4 a.m.9 views

CVE-2025-70297

A stored cross-site scripting XSS vulnerability in the recipe asset upload and media serving component in Mealie 3.3.1 allows remote authenticated users to inject arbitrary web script or HTML via an uploaded SVG file that is served as image/svg+xml and rendered by a victim s browser...

6.1CVSS5.4AI score0.00183EPSS
Exploits1References1
NVD
NVD
added 2026/02/11 6:16 p.m.14 views

CVE-2025-65480

An issue was discovered in Pacom Unison Client 5.13.1. Authenticated users can inject malicious scripts in the Report Templates which are executed when certain script conditions are fulfilled, leading to Remote Code Execution...

8.8CVSS0.00712EPSS
Exploits1References2
NVD
NVD
added 2026/02/11 3:16 p.m.4 views

CVE-2019-25312

InoERP 0.7.2 contains a persistent cross-site scripting vulnerability in the comment section that allows unauthenticated attackers to inject malicious scripts. Attackers can submit comments with JavaScript payloads that execute in other users' browsers, potentially stealing cookies and session...

5.4CVSS0.00225EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/02/11 2:56 p.m.23 views

CVE-2019-25316 GOautodial 4.0 - 'CreateEvent' Persistent Cross-Site Scripting

GOautodial 4.0 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the event title parameter. Attackers can exploit the CreateEvent.php endpoint by sending crafted POST requests with XSS payloads to execute arbitrary...

6.4CVSS0.00184EPSS
Exploits0References3
CVE
CVE
added 2026/02/11 2:56 p.m.8 views

CVE-2019-25312

CVE-2019-25312 affects InoERP 0.7.2, introducing a persistent cross-site scripting (XSS) vulnerability in the comment section. The issue allows unauthenticated attackers to submit comments containing JavaScript payloads that execute in other users’ browsers, with potential cookie and session info...

5.4CVSS5.2AI score0.00225EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/11 2:56 p.m.5 views

CVE-2019-25311

thesystem version 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through multiple server data input fields. Attackers can submit crafted script payloads in operatingsystem, systemowner, systemusername, systempassword,...

6.4CVSS5.5AI score0.00204EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2026/02/11 9:15 a.m.9 views

CVE-2026-1885

The Slideshow Wp plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sswpid' attribute of the 'sswp-slide' shortcode in all versions up to, and including, 1.1. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS0.0024EPSS
Exploits0References3
NVD
NVD
added 2026/02/11 9:15 a.m.8 views

CVE-2025-13648

An attacker with access to the web application ZeusWeb of the provider Microcom in this case, registration is required who has the vulnerable software could introduce arbitrary JavaScript by injecting an XSS payload into the ‘Name’ and “Surname” parameters within the ‘My Account’ section at the...

6.1CVSS0.00227EPSS
Exploits0References4
CVE
CVE
added 2026/02/11 8:26 a.m.21 views

CVE-2026-1827

CVE-2026-1827 — The IDE Micro code-editor WordPress plugin (flask-micro) versions ≤ 1.0.0 is vulnerable to Stored Cross-Site Scripting via the codeflask shortcode, due to insufficient input sanitization and output escaping on the shortcode attributes (notably the title attribute). Impact: authent...

6.4CVSS5.8AI score0.00227EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/11 8:26 a.m.5 views

CVE-2026-1826 OpenPOS Lite <= 3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The OpenPOS Lite – Point of Sale for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'width' parameter of the orderqrcode shortcode in all versions up to, and including, 3.0 due to insufficient input sanitization and output escaping. This makes it possible fo...

6.4CVSS5.8AI score0.00253EPSS
Exploits0References4
CVE
CVE
added 2026/02/11 8:26 a.m.25 views

CVE-2026-1853

CVE-2026-1853 : The BuddyHolis ListSearch plugin for WordPress is vulnerable to a Stored Cross-Site Scripting (SXSS) via the plugin’s shortcodes. In versions up to and including 1.1, insufficient input sanitization and output escaping on user-supplied attributes enables an attacker with at least ...

6.4CVSS5.8AI score0.00248EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/02/11 8:26 a.m.24 views

CVE-2026-1821 Microtango <= 0.9.29 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The Microtango plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'restkey' parameter of the mtreservation shortcode in all versions up to, and including, 0.9.29 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

6.4CVSS0.00248EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/02/11 7:30 a.m.5 views

CVE-2026-24323

The BSP applications allow an unauthenticated user to inject malicious script content via user-controlled URL parameters that are not sufficiently sanitized. When a victim accesses a crafted URL, the injected script is executed in the victim�s browser, leading to a low impact on confidentiality a...

6.1CVSS5.5AI score0.00206EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/11 4:36 a.m.3 views

CVE-2026-1893 Orbisius Random Name Generator <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'btn_label' Shortcode Attribute

The Orbisius Random Name Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'btnlabel' parameter in the 'orbisiusrandomnamegenerator' shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it...

6.4CVSS5.7AI score0.00227EPSS
Exploits0References3
NVD
NVD
added 2026/02/11 2:15 a.m.11 views

CVE-2026-1231

The Beaver Builder Page Builder – Drag and Drop Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the js Global Settings parameter in all versions up to, and including, 2.10.0.5 due to missing capability checks on saveglobalsettings function and insufficient...

6.4CVSS0.00188EPSS
Exploits0References4
CVE
CVE
added 2026/02/11 12:0 a.m.10 views

CVE-2025-65480

CVE-2025-65480 affects Pacom Unison Client 5.13.1. Authenticated users can inject malicious scripts into Report Templates, which are executed when certain script conditions trigger, granting Remote Code Execution. Public-connected sources (Red Hat, NVD, CNNVD, and a GitHub exploit thread) confirm...

8.8CVSS5.6AI score0.00712EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/02/11 12:0 a.m.23 views

CVE-2025-65480

An issue was discovered in Pacom Unison Client 5.13.1. Authenticated users can inject malicious scripts in the Report Templates which are executed when certain script conditions are fulfilled, leading to Remote Code Execution...

0.00712EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/02/11 12:0 a.m.4 views

CVE-2025-65480

An issue was discovered in Pacom Unison Client 5.13.1. Authenticated users can inject malicious scripts in the Report Templates which are executed when certain script conditions are fulfilled, leading to Remote Code Execution...

5.6AI score0.00712EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/02/11 12:0 a.m.5 views

Pacom Unison Client 安全漏洞

Pacom Unison Client is an intelligent security management system developed by the Pacom company in the United States. Version 5.13.1 of Pacom Unison Client contains a security vulnerability. This vulnerability allows authenticated users to inject malicious scripts into report templates, potential...

8.8CVSS6.1AI score0.00712EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/02/11 12:0 a.m.3 views

CVE-2025-65480

An issue was discovered in Pacom Unison Client 5.13.1. Authenticated users can inject malicious scripts in the Report Templates which are executed when certain script conditions are fulfilled, leading to Remote Code Execution...

5.6AI score0.00712EPSS
Exploits1References2
Rows per page
Query Builder