Lucene search
K

6252 matches found

Nuclei
Nuclei
added 14 hours ago19 views

Dash Framework - Cross-site Scripting

Dash framework versions before 2.15.0 are vulnerable to Cross-site Scripting XSS via href attribute in anchor tags. This template tests for javascript:alert payload injection. id: CVE-2024-21485 info: name: Dash Framework - Cross-site Scripting author: Lee Changhyuneeche severity: medium...

6.5CVSS6.4AI score0.01475EPSS
Exploits1References1
Nuclei
Nuclei
added 14 hours ago50 views

Zarafa WebApp <=2.0.1.47791 - Cross-Site Scripting

Zarafa WebApp 2.0.1.47791 and earlier contains an unauthenticated reflected cross-site scripting vulnerability. An attacker can execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. id: CVE-2019-7219 info: name: Zarafa WebApp =2.0.1.47791 -...

6.1CVSS6.5AI score0.05173EPSS
Exploits0References5
Nuclei
Nuclei
added 14 hours ago210 views

Gitea 1.22.0 - Cross-Site Scripting

Gitea 1.22.0 is vulnerable to a Stored Cross-Site Scripting XSS vulnerability. This vulnerability allows an attacker to inject malicious scripts that get stored on the server and executed in the context of another user's session. id: CVE-2024-6886 info: name: Gitea 1.22.0 - Cross-Site Scripting...

10CVSS7.2AI score0.40321EPSS
Exploits3References2
ATTACKERKB
ATTACKERKB
added yesterday7 views

CVE-2026-4322

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Raera - Ankara Web Design and Digital Advertising Agency Destekz allows Reflected XSS. This issue affects Destekz: through 02062026. NOTE: The vendor was contacted and it was learned that the produ...

6.1CVSS5.9AI score
Exploits0References2
CVE
CVE
added 2 days ago6 views

CVE-2025-69155

CVE-2025-69155 affects the Fitness Zone WordPress Theme up to version 5.7. It is described as an unauthenticated Cross Site Scripting (XSS) vulnerability in the theme, with CVSS v3.1 base score 7.1 (HIGH). Attack vector: NETWORK; Attack complexity: LOW; Privileges required: NONE; User interaction...

7.1CVSS5.8AI score0.0018EPSS
Exploits0References1
CVE
CVE
added 2 days ago13 views

CVE-2026-13704

Summary: CVE-2026-13704 affects the GiveWP – Donation Plugin and Fundraising Platform for WordPress. The vulnerability is a Stored Cross‑Site Scripting issue exploitable via the parameter sequoia[introduction][image] and exists in all versions up to and including 4.16.1 due to insufficient input ...

6.4CVSS5.9AI score0.00235EPSS
Exploits0References9
Cvelist
Cvelist
added 3 days ago29 views

CVE-2026-58030 SyntaxHighlight stored XSS via unsanitized 'linelinks' attribute

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation SyntaxHighlightGeSHi. This vulnerability is associated with program files includes/SyntaxHighlight.Php. This issue affects SyntaxHighlightGeSHi: from before 1.46.0,...

5.3CVSS0.0039EPSS
Exploits0References1
EUVD
EUVD
added 4 days ago6 views

EUVD-2025-210382

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a...

6.4CVSS5.5AI score0.00251EPSS
Exploits0References1
CVE
CVE
added 5 days ago14 views

CVE-2026-13557

The CVE-2026-13557 affects itsourcecode Online Hotel Management System 1.0. An attacker can manipulate the Name argument in the POST handler at /admin/mod_room/controller.php?action=add, triggering cross-site scripting. The vulnerability is exploitable remotely, and public exploit code appears to...

5.3CVSS4.2AI score0.00443EPSS
Exploits0References6
NVD
NVD
added 2026/06/27 6:16 a.m.8 views

CVE-2026-13245

The MaxButtons – Create buttons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'view' parameter in all versions up to, and including, 9.8.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS0.00211EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/27 1:27 a.m.8 views

CVE-2026-11356

The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'menutitle' and 'menumagnifiercolor' Settings in all versions up to, and including, 5.5.15 due to insufficient input sanitization and output escaping. This makes it possible for...

4.4CVSS5.9AI score0.00251EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/27 12:0 a.m.10 views

PT-2026-53051

Name of the Vulnerable Software and Affected Versions Dokan: AI Powered WooCommerce Multivendor Marketplace Solution versions prior to 5.0.5 Description Stored Cross-Site Scripting occurs due to insufficient input sanitization and output escaping. Authenticated attackers with custom-level access ...

6.4CVSS5.8AI score0.0022EPSS
Exploits0References14
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/24 10:13 p.m.22 views

Security Bulletin: Multiple vulnerabilities in Open Source affect IBM Cloud Pak System

Summary Multiple vulnerabilities in Open Source affect IBM Cloud Pak System. Vulnerability Details CVEID:CVE-2024-21538 DESCRIPTION: Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are vulnerable to Regular Expression Denial of Service ReDoS due to improper input...

9.8CVSS6.8AI score0.01009EPSS
Exploits4Affected Software1
NVD
NVD
added 2026/06/24 4:16 p.m.8 views

CVE-2026-50712

A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the frappe.ui.Tree component...

4.8CVSS0.00239EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/24 2:29 a.m.8 views

EUVD-2026-38644

The ARForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the value parameter of the arfsaveincompleteformdata AJAX action in all versions up to, and including, 7.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

7.2CVSS6AI score0.0019EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.7 views

PT-2026-51664

Name of the Vulnerable Software and Affected Versions Email JavaScript Cloak versions prior to 1.04 Description The Email JavaScript Cloak plugin for WordPress contains a Stored Cross-Site Scripting issue. This occurs due to insufficient input sanitization and output escaping on user-supplied...

7.2CVSS6AI score0.00264EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/06/23 7:44 p.m.24 views

CVE-2026-53929 NocoDB: Stored Cross-Site Scripting via Secure Attachment

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, with NCSECUREATTACHMENTS=true, an authenticated uploader could deliver .html or .svg attachments that the browser rendered inline from the NocoDB origin instead of forcing a download. The signed attachment handler stor...

5.1CVSS0.00288EPSS
Exploits0References1
NVD
NVD
added 2026/06/18 2:17 p.m.16 views

CVE-2026-56007

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in OceanWP Ocean Product Sharing allows Stored XSS. This issue affects Ocean Product Sharing: from n/a through 2.2.2...

5.9CVSS0.00143EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 8:18 p.m.26 views

CVE-2026-42663 WordPress Simple Membership plugin <= 4.7.2 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Simple Membership = 4.7.2 versions...

6.5CVSS0.00161EPSS
Exploits0References1
NVD
NVD
added 2026/06/13 12:16 p.m.14 views

CVE-2026-5513

The Online Scheduling and Appointment Booking System – Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'bookly-customer-full-name' cookie in versions up to, and including, 27.2 due to insufficient input sanitization and output escaping. This makes it possible for...

7.2CVSS0.00312EPSS
Exploits1References2
Rows per page
Query Builder