Lucene search
K

10 matches found

SUSE CVE
SUSE CVE
added 2026/06/12 2:26 a.m.8 views

SUSE CVE-2026-45106

Weblate is a web based localization tool. Prior to version 2026.5, Weblate's live search preview renders unit source and context as HTML without escaping. Any contributor whose content reaches those fields stores HTML and CSS that runs inside the authenticated editor of every user who runs a...

4.6CVSS5.2AI score0.00208EPSS
Exploits0References3
NVD
NVD
added 2026/06/10 8:17 p.m.11 views

CVE-2026-45106

Weblate is a web based localization tool. Prior to version 2026.5, Weblate's live search preview renders unit source and context as HTML without escaping. Any contributor whose content reaches those fields stores HTML and CSS that runs inside the authenticated editor of every user who runs a...

4.6CVSS0.00208EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/10 7:56 p.m.9 views

EUVD-2026-36114

Weblate is a web based localization tool. Prior to version 2026.5, Weblate's live search preview renders unit source and context as HTML without escaping. Any contributor whose content reaches those fields stores HTML and CSS that runs inside the authenticated editor of every user who runs a...

4.6CVSS5.3AI score0.00208EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/10 7:56 p.m.8 views

CVE-2026-45106 Weblate: Stored HTML injection in editor search preview

Weblate is a web based localization tool. Prior to version 2026.5, Weblate's live search preview renders unit source and context as HTML without escaping. Any contributor whose content reaches those fields stores HTML and CSS that runs inside the authenticated editor of every user who runs a...

4.6CVSS5.3AI score0.00208EPSS
Exploits0References3
CVE
CVE
added 2026/06/10 7:56 p.m.17 views

CVE-2026-45106

Weblate (web-based localization tool) is affected by a stored HTML injection/XSS in the live search preview prior to version 2026.5, where unit source and context are rendered without escaping, allowing HTML/CSS that runs in authenticated editors of other users performing a matching search. The i...

4.6CVSS5.3AI score0.00208EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/10 7:56 p.m.30 views

CVE-2026-45106 Weblate: Stored HTML injection in editor search preview

Weblate is a web based localization tool. Prior to version 2026.5, Weblate's live search preview renders unit source and context as HTML without escaping. Any contributor whose content reaches those fields stores HTML and CSS that runs inside the authenticated editor of every user who runs a...

4.6CVSS0.00208EPSS
Exploits0References3
OSV
OSV
added 2026/05/15 5:14 p.m.6 views

GHSA-6WXC-8MGQ-W26M Weblate: Stored HTML injection in editor search preview

Impact Weblate's live search preview renders unit source and context as HTML without escaping. Any contributor whose content reaches those fields stores HTML and CSS that runs inside the authenticated editor of every user who runs a matching search. Patches...

4.6CVSS5.8AI score0.00208EPSS
Exploits0References6
Snyk
Snyk
added 2026/05/15 5:14 p.m.9 views

Cross-site Scripting (XSS)

Overview weblate is an A web-based continuous localization system with tight version control integration Affected versions of this package are vulnerable to Cross-site Scripting XSS in the search preview process. An attacker can execute arbitrary HTML or CSS in the authenticated editor interface ...

5.1CVSS5.8AI score0.00208EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/11/07 12:0 a.m.6 views

HumHub 跨站脚本漏洞

HumHub is the HumHub open source suite of open source social networking software written on the Yii PHP framework. A cross-site scripting vulnerability exists in HumHub versions prior to 1.17.4, which stems from a cross-site scripting vulnerability in the Meta-Search functionality that could caus...

7.1CVSS5.9AI score0.00199EPSS
Exploits0References4
Packet Storm
Packet Storm
added 2007/01/05 12:0 a.m.26 views

cmsms102-xss.txt

/|| \ | || \ / ||\ / || |\| || / || \ \ || | \ || |/| || / ||| ||| |||/ http://www.nanoy.org Hacker.: NanoyMaster CMS....: CMS Made Simple Version: 1.0.2 --------exploits---------- 1 Search XSS non-permanent 2 preview XSS non-permanent 3 Admin login XSS non-permanent 4 Outro...

7.4AI score
Exploits0
Rows per page
Query Builder