Lucene search
K

192 matches found

CNNVD
CNNVD
added 2026/02/11 12:0 a.m.11 views

Mealie 安全漏洞

Mealie is a self-hosted recipe manager and meal planner developed by Hayden from the United States. Version 3.3.1 of Mealie contains a security vulnerability, which stems from a storage-type HTML injection in the Recipe Notes rendering component, potentially leading to user interface spoofing...

5.4CVSS5.8AI score0.0023EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/02/10 12:0 a.m.7 views

WordPress plugin Name Directory 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...

7.2CVSS5.7AI score0.00256EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/02/07 12:0 a.m.8 views

WordPress plugin Bold Page Builder 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.4CVSS5.7AI score0.00245EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/02/06 12:0 a.m.7 views

WordPress plugin Orange Confort+ 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.4CVSS5.7AI score0.00235EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/02/06 12:0 a.m.9 views

OrcaStatLLM Researcher 跨站脚本漏洞

OrcaStatLLM Researcher is an open-source research paper generator based on large models, developed by AlgoNet Lab. OrcaStatLLM Researcher has a cross-site scripting vulnerability. This vulnerability arises from improper handling of malicious research topic inputs in the log messages of the sessio...

5.4CVSS5.6AI score0.00163EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/02/06 12:0 a.m.9 views

lute 跨站脚本漏洞

Lute is a structured Markdown engine developed by D individual. Versions of Lute 1.7.6 and earlier had a cross-site scripting vulnerability. This vulnerability stemmed from the Markdown rendering engine’s storage-based cross-site scripting feature, which could allow malicious JavaScript to be...

5.4CVSS5.6AI score0.00204EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/02/06 12:0 a.m.11 views

Millhouse-Project 跨站脚本漏洞

Millhouse-Project is a blog page developed by Thérèse Scott Rossi as an individual project. Version 1.414 of Millhouse-Project has a cross-site scripting vulnerability. This vulnerability stems from a storage-based cross-site scripting feature in the comment submission function, which may allow...

6.4CVSS5.9AI score0.00217EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/05 12:0 a.m.7 views

WordPress plugin Robin Image Optimizer 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.4CVSS5.7AI score0.00205EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/04 12:0 a.m.8 views

Karel Electronics ViPort 跨站脚本漏洞

Karel Electronics ViPort is an IP video phone terminal produced by the Turkish company Karel Electronics. Versions of Karel Electronics ViPort from 23012026 and earlier contained a cross-site scripting vulnerability. This vulnerability stemmed from improper input during web page generation, and...

8.8CVSS5.7AI score0.00322EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/04 12:0 a.m.9 views

Apidog Web Platform 跨站脚本漏洞

The Apidog Web Platform is an interface calling tool provided by the Apidog company. Version 2.7.15 of the Apidog Web Platform contains a cross-site scripting vulnerability. This vulnerability stems from improper handling of SVG image uploads during cleanup, and it may lead to storage-based...

5.1CVSS5.6AI score0.00243EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/04 12:0 a.m.10 views

Movable Type 跨站脚本漏洞

Movable Type is a content management system developed by Movable Type Inc. Movable Type has a cross-site scripting vulnerability, which stems from a storage-based cross-site scripting vulnerability present in exported sites. This vulnerability may allow arbitrary scripts to be executed on the web...

5.4CVSS6.2AI score0.00208EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/02/03 12:0 a.m.11 views

LUNA software 跨站脚本漏洞

LUNA software is a digital audio workstation developed by the British company LUNA. Version 7.5.5.6 of LUNA software contains a cross-site scripting vulnerability. This vulnerability stems from the improper handling of user input in the Edit Batch Name function, which may lead to storage-based...

5.1CVSS5.6AI score0.00243EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/03 12:0 a.m.6 views

Craft Commerce 跨站脚本漏洞

Craft Commerce is an e-commerce platform derived from the open-source Craft CMS. Versions of Craft Commerce from 4.0.0-RC1 to 4.10.0, as well as from 5.0.0 to 5.5.1, have a cross-site scripting vulnerability. This vulnerability arises due to the transport category names and descriptions being...

6.2CVSS6.5AI score0.00261EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/02/03 12:0 a.m.8 views

Craft Commerce 跨站脚本漏洞

Craft Commerce is an e-commerce platform derived from the open-source Craft CMS. Versions of Craft Commerce from 4.0.0-RC1 to 4.10.0, as well as from 5.0.0 to 5.5.1, have a cross-site scripting vulnerability. This vulnerability stems from the address line 1 field in the inventory location not bei...

6.1CVSS7AI score0.00261EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/02/03 12:0 a.m.10 views

Zendesk SweetHawk Survey 跨站脚本漏洞

Zendesk SweetHawk Survey is a satisfaction survey plugin developed by Zendesk, a Japanese company. Version 1.6 of Zendesk SweetHawk Survey contains a cross-site scripting vulnerability. This vulnerability stems from a storage-based cross-site scripting issue in the ticket submission feature, whic...

6.4CVSS5.8AI score0.00239EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/02/02 12:0 a.m.8 views

Talishar 跨站脚本漏洞

Talishar is an open-source game client developed by Talishar. Talishar has a cross-site scripting vulnerability, which stems from the lack of cleaning and escaping of the playerID parameter. This vulnerability may lead to storage-based cross-site scripting attacks...

5.3CVSS5.6AI score0.00251EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/01 12:0 a.m.10 views

WordPress plugin Stripe Green Downloads 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.4CVSS5.6AI score0.00391EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/01/30 12:0 a.m.10 views

Dolibarr cross-site scripting vulnerabilities

Dolibarr is an open-source application developed by Dolibarr developers. It helps manage activities of user organizations. Version Dolibarr 11.0.3 contained a cross-site scripting vulnerability. This vulnerability stemmed from improper cleaning of the host, slave, and port parameters in LDAP...

6.4CVSS5.7AI score0.00244EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/01/30 12:0 a.m.7 views

forma.lms cross-site scripting vulnerability

forma.lms is an open-source, web-based online learning platform developed by individual developers. Version 2.3.0.2 of forma.lms contains a cross-site scripting vulnerability. This vulnerability arises from improper cleaning of inputs for course code, name, description fields, and email parameter...

6.4CVSS5.6AI score0.00252EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/01/30 12:0 a.m.8 views

Sellacious eCommerce cross-site scripting vulnerability

Sellacious eCommerce is an e-commerce platform software developed by the Sellacious company. Version 4.6 of Sellacious eCommerce contains a cross-site scripting vulnerability. This vulnerability arises from improper cleaning of input fields such as names, companies, and addresses in the Manage Yo...

6.4CVSS5.6AI score0.00252EPSS
Exploits0References5
Rows per page
Query Builder