Lucene search
K

6250 matches found

EUVD
EUVD
added 2026/05/27 5:31 a.m.9 views

EUVD-2026-32053

The Responsive Video Embedder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'remvideo' shortcode in versions up to, and including, 0.1. This is due to insufficient input sanitization and output escaping on user supplied attributes notably 'id' and 'list' in the...

6.4CVSS6AI score0.00235EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/22 9:45 p.m.17 views

EUVD-2026-31507

NukeViet CMS is a multi Content Management System. Versions 4.5.07 and prior contain a Stored Cross-Site Scripting XSS vulnerability caused by insufficient server-side input sanitization in the Request class. The application relies primarily on client-side filtering to sanitize HTML tags and...

8.7CVSS5.8AI score0.00349EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.13 views

PT-2026-42501

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ics213rr.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the frm add str POST parameter directly into an HTML form hidden input value attribute...

5.4CVSS5.8AI score0.00212EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.14 views

PT-2026-42500

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ics213.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the frm add str POST parameter directly into an HTML form hidden input value attribute...

5.4CVSS5.8AI score0.00212EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/20 9:11 p.m.8 views

CVE-2026-39960 MantisBT is Vulnerable to Stored XSS through Custom Field Textarea Values

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and below contain flawed logic that causes improper escaping of a textarea custom field's contents in the Update Issue page, bugupdatepage.php allowing an attacker to inject HTML and, if CSP settings permit, execute...

5.4CVSS6AI score0.0023EPSS
Exploits0References2
NVD
NVD
added 2026/05/20 8:16 p.m.16 views

CVE-2026-35009

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in addnote.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ticketid GET parameter directly into a hidden input field VALUE attribute. Attacker...

5.1CVSS0.00221EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/05/20 2:9 p.m.12 views

WordPress WPB Floating Menu or Categories – Sticky Floating Side Menu & Categories with Icons plugin <= 1.0.8 - Authenticated (Editor+) Stored Cross-Site Scripting vulnerability

Authenticated Editor+ Stored Cross-Site Scripting vulnerability discovered by BaroHaf - fpt in WordPress Plugin WPB Floating Menu or Categories – Sticky Floating Side Menu & Categories with Icons versions = 1.0.8...

4.9CVSS5.8AI score0.00311EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/05/20 5:31 a.m.11 views

EUVD-2026-31064

The AI Chatbot & Workflow Automation by AIWU plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'X-Forwarded-For' header in versions up to, and including, 1.4.14 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers...

6.4CVSS6AI score0.00223EPSS
Exploits0References2
NVD
NVD
added 2026/05/20 5:16 a.m.15 views

CVE-2026-9056

A stored cross-site scripting vulnerability has been found in the Talend Administration Center. An attacker with permission to manage servers can store a XSS payload that can be triggered by a different user...

5.4CVSS0.00178EPSS
Exploits0References1
CVE
CVE
added 2026/05/20 1:25 a.m.21 views

CVE-2026-6549

Technical details about CVE-2026-6549 are not publicly available in the provided documents; monitor for updates.

6.4CVSS6AI score0.00245EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.12 views

PT-2026-42075

Name of the Vulnerable Software and Affected Versions Faces of Users versions prior to 0.0.4 Description The Faces of Users plugin for WordPress contains a Stored Cross-Site Scripting issue. This occurs due to insufficient input sanitization and output escaping within the default attribute of the...

6.4CVSS6AI score0.00246EPSS
Exploits0References6
NVD
NVD
added 2026/05/19 10:16 p.m.22 views

CVE-2026-34246

CtrlPanel is open-source billing software for hosting providers. Versions 1.1.1 and prior contain a Stored Cross-Site Scripting XSS vulnerability exists in the admin role management interface. In app/Http/Controllers/Admin/RoleController.php, the datatable method interpolates $role-name and...

4.8CVSS0.00216EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/05/19 12:4 p.m.10 views

WordPress Sticky plugin <= 2.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zaim in WordPress Plugin Sticky versions = 2.5.6...

6.4CVSS5.8AI score0.00245EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/05/16 3:26 p.m.16 views

CVE-2021-47975

Vulnerability summary (CVE-2021-47975) : The WordPress plugin WP Learn Manager 1.1.2 contains a stored cross-site scripting (XSS) flaw in the fieldtitle parameter. An unauthenticated attacker can submit POST requests to the jslm_fieldordering page with XSS payloads in fieldtitle, enabling arbitra...

7.2CVSS5.9AI score0.00214EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/16 12:0 a.m.17 views

PT-2026-41440

Queue Management System 4.0.0 contains a stored cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through user creation fields. Attackers can insert JavaScript payloads in the First Name, Last Name, and Email fields during user creation, which...

6.4CVSS5.7AI score0.00243EPSS
Exploits0References5
CVE
CVE
added 2026/05/15 9:26 p.m.17 views

CVE-2026-45315

Open WebUI (self-hosted offline AI platform) is affected by CVE-2026-45315. Before version 0.9.3, the audio transcription upload endpoint accepts a user-supplied filename extension and saves the file under CACHE_DIR/audio/transcriptions, then serves /cache/{path} via FileResponse using the on-dis...

8.7CVSS5.8AI score0.0018EPSS
Exploits1References1Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/15 4:45 p.m.10 views

NukeViet CMS: Stored Cross-Site Scripting (XSS) via insufficient server-side input sanitization in Request class

Impact NukeViet CMS , which are stored server-side and executed in the browser of any user who views the content. Who is impacted: - Administrators and moderators who view user-submitted content e.g., contact messages, comments, or any module using the Request class for HTML input. - The Contact...

8.7CVSS5.8AI score0.00349EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/15 7:46 a.m.7 views

CVE-2026-6415

The Advanced Custom Fields: Font Awesome plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 5.0.2. This is due to insufficient input validation of JSON field values and unsafe client-side HTML construction in the updatepreview JavaScript function. Th...

6.4CVSS6AI score0.00274EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/05/14 8:44 p.m.9 views

CVE-2026-44212 PrestaShop: Stored XSS executable in customer service view

PrestaShop is an open source e-commerce web application. Prior to 8.2.6 and 9.1.1, there is a stored Cross-Site Scripting XSS vulnerability in the PrestaShop back-office Customer Service view. An unauthenticated attacker can submit the public Contact Us form with a malicious email address. The...

9.3CVSS5.8AI score0.00331EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/14 8:24 a.m.12 views

CVE-2026-6504 Royal Addons for Elementor <= 1.7.1058 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title_tag' Parameter

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'titletag' parameter in all versions up to, and including, 1.7.1058 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...

6.4CVSS6AI score0.00255EPSS
Exploits0References3
Rows per page
Query Builder