Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

Github Security Blog
Github Security Blogadded 2026/03/31 11:44 p.m.4 views

File Browser is vulnerable to Stored Cross-site Scripting via crafted EPUB file

Summary The EPUB preview function in File Browser is vulnerable to Stored Cross-site Scripting XSS. JavaScript embedded in a crafted EPUB file executes in the victim's browser when they preview the file. Details frontend/src/views/files/Preview.vue passes allowScriptedContent: true to the...

9CVSS6.2AI score0.0004EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologiesadded 2026/03/31 12:0 a.m.3 views

PT-2026-29426

Name of the Vulnerable Software and Affected Versions File Browser versions prior to 2.62.2 Description File Browser's EPUB preview function is susceptible to Stored Cross-Site Scripting XSS. A crafted EPUB file containing JavaScript can execute in a victim's browser when the file is previewed. T...

7.6CVSS5.9AI score0.0004EPSS
Exploits1References6
EUVD
EUVDadded 2025/10/07 12:30 a.m.1 views

EUVD-2009-3248

Malware in sbrugna...

4.3CVSS6.1AI score0.00253EPSS
Exploits0References5
SUSE CVE
SUSE CVEadded 2023/02/15 6:2 a.m.1 views

SUSE CVE-2009-3265

Cross-site scripting XSS vulnerability in Opera 9 and 10 allows remote attackers to inject arbitrary web script or HTML via a 1 RSS or 2 Atom feed, related to the rendering of the application/rss+xml content type as "scripted content." NOTE: the vendor reportedly considers this behavior a "design...

4.3CVSS5.9AI score0.00253EPSS
Exploits0References4
CNVD
CNVDadded 2021/12/15 12:0 a.m.4 views

lxml injection vulnerability

Lxml is a personal developer of Lxml can be interacted with Python for locating elements in Html. An injection vulnerability exists in versions of lxml prior to 4.6.5, which stems from the fact that HTML Cleaner allows the passage of certain carefully crafted scripted content, as well as scripted...

8.2CVSS6.8AI score0.05428EPSS
Exploits0References1
Cvelist
Cvelistadded 2018/06/11 9:0 p.m.22 views

CVE-2017-5453

A mechanism to inject static HTML into the RSS reader preview page due to a failure to escape characters sent as URL parameters for a feed's "TITLE" element. This vulnerability allows for spoofing but no scripted content can be run. This vulnerability affects Firefox 53...

5.6AI score0.00548EPSS
Exploits0References4
The Hacker News
The Hacker Newsadded 2012/05/31 5:42 a.m.6 views

What is the Deep Web? A first trip into the abyss

The Deep Web or Invisible web is the set of information resources on the World Wide Web not reported by normal search engines. According several researches the principal search engines index only a small portion of the overall web content, the remaining part is unknown to the majority of web user...

6.6AI score
Exploits0
Mozilla
Mozillaadded 2005/07/12 12:0 a.m.16 views

Standalone applications can run arbitrary code through the browser — Mozilla

Several media players, for example Flash and QuickTime, support scripted content with the ability to open URLs in the default browser. The default behavior for Firefox was to replace the currently open browser window's content with the externally opened content. If the external URL was a...

7AI score
Exploits0References1Affected Software1
Rows per page
Query Builder