Lucene search
K

61 matches found

Cvelist
Cvelist
added 5 days ago29 views

CVE-2026-49276 Kirby: Self cross-site scripting (self-XSS) in the writer field

Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, Kirby sites using the writer field in any blueprint allowed a scripting link to be included as the target of a link or email link in writer mark components, making the target clickable by the user who entered it and...

7.4CVSS0.00289EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.13 views

PT-2026-50721

Name of the Vulnerable Software and Affected Versions Kirby versions prior to 4.9.4 Kirby versions prior to 5.4.4 Description Kirby sites using the writer field in any blueprint are susceptible to cross-site scripting XSS. The link and email marks within the writer components fail to prevent the...

7.4CVSS5.9AI score0.00289EPSS
Exploits0References6
PyPA
PyPA
added 2026/05/04 6:16 p.m.30 views

PYSEC-2026-105

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to version 7.0.0, the Command Sender UI uses an unsafe eval function on array-like command parameters, which allows a user-supplied payload to execute in the browser when...

4.6CVSS6AI score0.002EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2026/05/04 5:15 p.m.32 views

CVE-2026-42086 OpenC3 COSMOS: Self-XSS in the Command Sender

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to version 7.0.0, the Command Sender UI uses an unsafe eval function on array-like command parameters, which allows a user-supplied payload to execute in the browser when...

4.6CVSS0.002EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/26 2:45 a.m.8 views

CVE-2026-7015 MaxSite CMS Guestbook Plugin cross site scripting

A vulnerability has been found in MaxSite CMS up to 109.3. This issue affects some unknown processing of the component Guestbook Plugin. Such manipulation of the argument ftext/fslug/flimit/femail leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed t...

4.8CVSS3.2AI score0.00215EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/03/02 1:51 a.m.8 views

CVE-2026-28355

Canarytokens help track activity and actions on a network. Versions prior to sha-7ff0e12 have a Self Cross-Site Scripting vulnerability in the "PWA" Canarytoken, whereby the Canarytoken's creator can attack themselves or someone they share the link with. The creator of a PWA Canarytoken can inser...

5.3CVSS6AI score0.00397EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/27 9:4 p.m.31 views

CVE-2026-28355 "PWA" Canarytoken Vulnerable to Stored Self Cross-Site Scripting

Canarytokens help track activity and actions on a network. Versions prior to sha-7ff0e12 have a Self Cross-Site Scripting vulnerability in the "PWA" Canarytoken, whereby the Canarytoken's creator can attack themselves or someone they share the link with. The creator of a PWA Canarytoken can inser...

5.3CVSS0.00397EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/27 9:4 p.m.8 views

CVE-2026-28355

Canarytokens help track activity and actions on a network. Versions prior to sha-7ff0e12 have a Self Cross-Site Scripting vulnerability in the "PWA" Canarytoken, whereby the Canarytoken's creator can attack themselves or someone they share the link with. The creator of a PWA Canarytoken can inser...

5.3CVSS6AI score0.00397EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/07 9:33 a.m.21 views

CVE-2019-7171

A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/blocks/blocks/edit/8...

4.8CVSS6.1AI score0.0061EPSS
Exploits1References1
Veracode
Veracode
added 2025/12/13 6:46 a.m.9 views

Self Cross-Site Scripting (Self-XSS)

privatebin/privatebin is vulnerable to self cross-site scripting Self-XSS. The vulnerability is due to improper handling and reflection of HTML content in filenames via the drag-and-drop helper, which allows an attacker to trick a macOS or Linux user into attaching a maliciously crafted file and...

5.4CVSS5.8AI score0.00118EPSS
Exploits1References3Affected Software1
FreeBSD
FreeBSD
added 2025/11/09 12:0 a.m.9 views

privatebin XSS

privatebin reports: Dragging a file whose filename contains HTML is reflected verbatim into the page via the drag-and-drop helper, so any user who drops a crafted file on PrivateBin will execute arbitrary JavaScript within their own session self-XSS. This allows an attacker who can entice a victi...

5.8CVSS6.8AI score0.00277EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.9 views

EUVD-2018-20684

Malware in sbrugna...

4.7CVSS5.3AI score0.0055EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-29160

Malware in sbrugna...

5.4CVSS5.5AI score0.00903EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2017-16814

Malware in sbrugna...

6.1CVSS7.7AI score0.01143EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2021-31050

Malicious code in bioql PyPI...

5.4CVSS5.7AI score0.00451EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.17 views

EUVD-2025-9623

Malicious code in bioql PyPI...

4.6CVSS6.5AI score0.0019EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.13 views

EUVD-2025-22334

Malicious code in bioql PyPI...

6.1CVSS6.4AI score0.00281EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-51987

Malicious code in bioql PyPI...

6.1CVSS6.3AI score0.00653EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-52725

Malicious code in bioql PyPI...

6.1CVSS4AI score0.003EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/07/24 12:23 a.m.11 views

CVE-2025-51863

Self Cross Site Scripting XSS vulnerability in ChatGPT Unli ChatGPTUnli.com thru 2025-05-26 allows attackers to execute arbitrary code via a crafted SVG file to the chat interface...

6.1CVSS6AI score0.00281EPSS
Exploits1References1
Rows per page
Query Builder