Lucene search
+L

13 matches found

NVD
NVD
added 2026/07/01 10:16 p.m.6 views

CVE-2026-55793

Craft CMS is a content management system CMS. In versions 5.0.0-RC1 through 5.9.22, an author-level control panel user can store a malicious JavaScript payload in an entry title. When an admin, or any control panel user with saveEntries for the same Structure section, drags another entry under th...

5.9CVSS0.00412EPSS
Exploits0References2
CVE
CVE
added 2026/04/17 7:25 p.m.36 views

CVE-2026-32107

xrdp (open source RDP server) versions up to 0.10.5 are affected by a privilege drop handling flaw in the session execution component. The issue allows an authenticated local attacker to escalate to root and execute arbitrary code due to improper privilege management during privilege drop. An add...

8.8CVSS6.2AI score0.00159EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/04/17 7:25 p.m.1 views

CVE-2026-32107 xrdp: Fail-open privilege drop in sesexec — child processes may execute as root if setuid fails

xrdp is an open source RDP server. In versions through 0.10.5, the session execution component did not properly handle an error during the privilege drop process. This improper privilege management could allow an authenticated local attacker to escalate privileges to root and execute arbitrary co...

8.8CVSS7.6AI score0.00159EPSS
Exploits0References4
OSV
OSV
added 2025/11/07 10:15 p.m.9 views

CVE-2025-63420

CrushFTP11 before 11.3.757 is vulnerable to stored HTML injection in the CrushFTP Admin Panel Reports / "Who Created Folder", enabling persistent HTML execution in admin sessions...

4.1CVSS5.9AI score0.00264EPSS
Exploits2References2
CVE
CVE
added 2025/03/21 12:0 a.m.66 views

CVE-2025-30342

OpenSlides

6.1CVSS6.1AI score0.00238EPSS
Exploits1References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/03/19 2:22 p.m.8 views

CVE-2025-0598

A stored Cross-site Scripting XSS vulnerability affecting Relations in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session...

8.7CVSS6.1AI score0.00228EPSS
Exploits0References1
Exploit DB
Exploit DB
added 2024/07/01 12:0 a.m.305 views

Microweber 2.0.15 - Stored XSS

Exploit Title: Stored XSS in Microweber Date: 06/18/2024 Exploit Author: tmrswrr Vendor Homepage: https://microweber.me/ Version: 2.0.15 Tested on: http://active.demo.microweber.me/ Vulnerability Description A Stored Cross-Site Scripting XSS vulnerability has been identified in Microweber version...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/06/18 12:0 a.m.262 views

Microweber 2.0.15 Cross Site Scripting

Exploit Title: Stored XSS in Microweber Date: 06/18/2024 Exploit Author: tmrswrr Vendor Homepage: https://microweber.me/ Version: 2.0.15 Tested on: http://active.demo.microweber.me/ Vulnerability Description A Stored Cross-Site Scripting XSS vulnerability has been identified in Microweber version...

7.4AI score
Exploits0
Vulnrichment
Vulnrichment
added 2024/01/10 1:2 p.m.4 views

CVE-2023-48254

The vulnerability allows a remote attacker to inject and execute arbitrary client-side script code inside a victim’s session via a crafted URL or HTTP request...

5.3CVSS7.8AI score0.00306EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/06/13 12:0 a.m.10 views

TerraMaster TOS 安全漏洞

TerraMaster TOS is a Linux-based operating system from China's TerraMaster, dedicated to the TerraMaster Cloud Storage NAS server. A security vulnerability exists in TerraMaster TOS 4.2.15 and earlier versions, which can be exploited by an attacker to execute a session for privilege escalation...

8.6AI score
Exploits3References1
Prion
Prion
added 2023/04/04 10:15 p.m.17 views

Cross site request forgery (csrf)

SvelteKit is a web development framework. The SvelteKit framework offers developers an option to create simple REST APIs. This is done by defining a +server.js file, containing endpoint handlers for different HTTP methods. SvelteKit provides out-of-the-box cross-site request forgery CSRF protecti...

6.8CVSS8.8AI score0.00557EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2021/10/14 4:15 p.m.4 views

CVE-2021-38344

The Brizy Page Builder plugin = 2.3.11 for WordPress was vulnerable to stored XSS by lower-privileged users such as a subscribers. It was possible to add malicious JavaScript to a page by modifying the request sent to update the page via the brizyupdateitem AJAX action and adding JavaScript to th...

5.4CVSS6.1AI score0.00609EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2021/10/14 3:56 p.m.13 views

CVE-2021-38344 Brizy <= 2.3.11 Authenticated Stored Cross-Site Scripting

The Brizy Page Builder plugin = 2.3.11 for WordPress was vulnerable to stored XSS by lower-privileged users such as a subscribers. It was possible to add malicious JavaScript to a page by modifying the request sent to update the page via the brizyupdateitem AJAX action and adding JavaScript to th...

6.4CVSS6.2AI score0.00609EPSS
Exploits1References1
Rows per page
Query Builder