Lucene search
K

5 matches found

Vulnrichment
Vulnrichment
added 2026/05/12 1:57 p.m.9 views

CVE-2026-43938 YAF.NET: Unauthenticated Stored Second-Order XSS in Admin Event Log via Reflected `User-Agent` Header

YetAnotherForum.NET YAF.NET is a C ASP.NET forum. Prior to 4.0.5 and 3.2.12, the application's database logger YAFNET.Core/Logger/DbLogger.cs captures the incoming request's User-Agent header into a JObject, serializes it with JsonConvert, and stores the result in the EventLog.Description column...

8.1CVSS5.8AI score0.00282EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/20 3:42 p.m.3 views

CVE-2026-32986

Textpattern CMS version 4.9.0 contains a second-order cross-site scripting vulnerability that allows attackers to inject malicious scripts by exploiting improper sanitization of user-supplied input in Atom feed XML elements. Attackers can embed unescaped payloads in parameters such as category th...

6.1CVSS5.7AI score0.0016EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2021/12/03 2:42 p.m.42 views

CVE-2021-43991

CVE-2021-43991 affects Kentico Xperience CMS, version 13.0–13.0.43, with a persistent (stored/second‑order) XSS vulnerability. The public description notes that attacker‑supplied script content stored by the app can be retrieved and executed by other users, enabling attacks such as session hijack...

6.8CVSS5.5AI score0.00545EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2021/11/19 4:15 p.m.33 views

CVE-2021-43409

The “WPO365 | LOGIN” WordPress plugin up to and including version 15.3 by wpo365.com is vulnerable to a persistent Cross-Site Scripting XSS vulnerability also known as Stored or Second-Order XSS. Persistent XSS vulnerabilities occur when the application stores and retrieves client supplied data...

9.3CVSS0.00937EPSS
Exploits2References2
securityvulns
securityvulns
added 2006/01/03 12:0 a.m.31 views

[KAPDA::#19] - Html Injection in vBulletin 3.5.2

KAPDA New advisory Vendor: http://www.vbulletin.com Vulnerable Version: 3.5.2 prior versions also may be affected Bug: Html Injection Second order cross site scripting Exploitation: Remote with browser Description: -------------------- vBulletin is a powerful, scalable and fully customizable foru...

6.3AI score
Exploits0
Rows per page
Query Builder