Lucene search
K

183 matches found

EUVD
EUVD
added 2 days ago7 views

EUVD-2026-43236

LuCI versions fail to properly encode DHCPv6 lease hostnames before rendering in status tables, allowing adjacent network attackers to inject HTML markup. Attackers can send a DHCPv6 Client FQDN containing script tags that execute in the administrator's browser when viewing DHCP lease pages...

9.4CVSS6.2AI score0.002EPSS
Exploits0References2
NVD
NVD
added 2026/07/07 8:16 a.m.11 views

CVE-2026-7380

Improper neutralization of Script-Related HTML tags in a web page basic XSS vulnerability in Armiya Information Technologies Ltd. Co. Access Control System GKS allows XSS Targeting HTML Attributes. This issue affects Access Control System GKS: before Version 2...

6.1CVSS0.00149EPSS
Exploits0References1
OSV
OSV
added 2026/07/06 4:18 p.m.4 views

BIT-TOMCAT-2026-50229 Apache Tomcat: XSS in number guess example

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in the number guess example for Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0 through 11.0.22, from 10.1.0 through 10.1.55, from 9.0.0 through 9.0.118, from 8.5.0 through 8.5.100, from 7.0.0...

6.1CVSS5.9AI score0.00455EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.10 views

PT-2026-53740

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 11.0.0-M1 through 11.0.22 Apache Tomcat versions 10.1.0-M1 through 10.1.55 Apache Tomcat versions 9.0.0.M1 through 9.0.118 Apache Tomcat versions 8.5.0 through 8.5.100 Apache Tomcat versions 7.0.0 through 7.0.109...

6.1CVSS5.8AI score0.00455EPSS
Exploits1References19
Cvelist
Cvelist
added 2026/06/22 3:18 p.m.44 views

CVE-2026-52725 Angular Template and Dynamic Component Namespace Bypass leading to Cross-Site Scripting (XSS)

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15, 20.3.22, and 19.2.23, an issue in the @angular/core package allows bypassing script-execution restrictions during dynamic component...

5.3CVSS0.00238EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:26 p.m.12 views

CVE-2026-39841

Improper neutralization of Script-Related HTML tags in a web page basic XSS vulnerability in Wikimedia Foundation Mediawiki - Cargo Extension allows Stored XSS.This issue affects Mediawiki - Cargo Extension: before 3.8.7...

6.3CVSS5.4AI score0.00158EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/05/26 7:51 a.m.12 views

CVE-2026-39642

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in SpabRice Nyla allows Code Injection. This issue affects Nyla: from n/a through 1.7...

5.3CVSS5.8AI score0.00255EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.19 views

PT-2026-43205

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in SpabRice Nyla allows Code Injection. This issue affects Nyla: from n/a through 1.7...

5.3CVSS5.8AI score0.00255EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.16 views

Vvveb 跨站脚本漏洞

Vvveb is a powerful and easy-to-use CMS developed by Givan’s developers, used for building websites, blogs, or e-commerce stores. Versions of Vvveb prior to 1.0.8.3 had a cross-site scripting vulnerability. This vulnerability stemmed from the Signup::addUser controller in the customer registratio...

6.1CVSS5.8AI score0.00218EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/13 8:22 p.m.14 views

CVE-2026-41611

Improper neutralization of script-related html tags in a web page basic xss in Visual Studio Code allows an unauthorized attacker to execute code locally...

7.8CVSS6AI score0.00421EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/12 4:58 p.m.17 views

EUVD-2026-29694

Improper neutralization of script-related html tags in a web page basic xss in Visual Studio Code allows an unauthorized attacker to execute code locally...

7.8CVSS6AI score0.00421EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.12 views

PT-2026-40247

Name of the Vulnerable Software and Affected Versions Visual Studio Code affected versions not specified Description Improper neutralization of script-related HTML tags in a web page leads to a basic cross-site scripting XSS issue. This lack of data sanitization at the control level allows an...

7.8CVSS6AI score0.00421EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.9 views

marko 跨站脚本漏洞

Marko is an open-source declarative HTML language used for building dynamic user interfaces. Versions of Marko prior to 5.38.36 contained a cross-site scripting vulnerability. This vulnerability occurred when dynamic text was inserted into script or style tags without preventing the escape of...

6.4CVSS5.6AI score0.00195EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/07 3:38 p.m.18 views

EUVD-2026-28360

Improper neutralization of Script-Related HTML tags in a web page basic XSS vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Cross-Site Scripting XSS. This issue affects DivvyDrive: from 4.8.2.9 before 4.8.3.2...

8.8CVSS5.8AI score0.00327EPSS
Exploits0References2
NVD
NVD
added 2026/05/07 1:16 p.m.15 views

CVE-2026-6002

Improper neutralization of Script-Related HTML tags in a web page basic XSS vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Cross-Site Scripting XSS. This issue affects DivvyDrive: from 4.8.2.9 before 4.8.3.2...

8.8CVSS0.00327EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.13 views

DivvyDrive 安全漏洞

DivvyDrive is a file storage and sharing management platform developed by DivvyDrive Inc. in Turkey. Versions of DivvyDrive from 4.8.2.9 to 4.8.3.2 contained security vulnerabilities. These vulnerabilities were caused by improper use of HTML tags related to scripts in web pages, which could lead ...

8.8CVSS5.6AI score0.00327EPSS
Exploits0References1
OSV
OSV
added 2026/04/22 7:55 p.m.4 views

GHSA-X9FJ-57FH-C8WQ Marko: XSS via case-insensitive script/style closing tag bypass in runtime HTML escaping

Summary When dynamic text is interpolated into a or tag the Marko runtime failed to prevent tag breakout when the closing tag used non-lowercase casing. An attacker able to place input inside a or block could break out of the tag with , , etc. and inject arbitrary HTML/JavaScript, resulting in...

6.4CVSS5.8AI score0.00195EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/08 9:31 a.m.3 views

EUVD-2026-20279

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in kutethemes Uminex uminex allows Code Injection.This issue affects Uminex: from n/a through = 1.0.9...

5.9AI score0.00236EPSS
Exploits0References2
NVD
NVD
added 2026/04/08 9:16 a.m.7 views

CVE-2026-39629

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in kutethemes Uminex uminex allows Code Injection.This issue affects Uminex: from n/a through = 1.0.9...

5.3CVSS0.00236EPSS
Exploits0References1
NVD
NVD
added 2026/04/08 9:16 a.m.5 views

CVE-2026-39625

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in kutethemes TechOne techone allows Code Injection.This issue affects TechOne: from n/a through = 3.0.3...

5.3CVSS0.00236EPSS
Exploits0References1
Rows per page
Query Builder