Lucene search
K

74 matches found

ATTACKERKB
ATTACKERKB
added 5 days ago7 views

CVE-2026-0279

Multiple cross site scripting vulnerabilities in the User-ID™ Authentication Portal aka Captive Portal service, GlobalProtect™ gateway/portal features and Clientless VPN of Palo Alto Networks PAN-OS® software enables a malicious unauthenticated user to store or execute malicious JavaScript payloa...

5.3CVSS5.4AI score0.01172EPSS
Exploits0References2Affected Software2
ATTACKERKB
ATTACKERKB
added 2026/07/06 6:0 a.m.6 views

CVE-2026-11766

The Ultimate Member WordPress plugin before 2.12.0 does not properly sanitise and escape the value of custom textarea profile fields before outputting it on user profiles, allowing authenticated users with Subscriber-level access and above to store JavaScript that executes when any user, includin...

8CVSS6AI score0.00247EPSS
Exploits0References1
CNVD
CNVD
added 2026/04/07 12:0 a.m.3 views

Endian Firewall name parameter cross-site scripting vulnerability

Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall name parameter, which stems from improper cleanup of the name parameter input in /manage/qos/classes/, and can be exploited by an attacker to inject malicious...

6.4CVSS5AI score0.00168EPSS
Exploits0
CNVD
CNVD
added 2026/04/07 12:0 a.m.5 views

Endian Firewall remark parameter cross-site scripting vulnerability

Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall remark parameter, which originates from improperly cleaning up the input of the remark parameter in /cgi-bin/routing.cgi, and can be exploited by an attacker to...

6.4CVSS5AI score0.00172EPSS
Exploits0
CNVD
CNVD
added 2026/04/07 12:0 a.m.5 views

Endian Firewall ADDRESS BCC Parameter Cross-Site Scripting Vulnerability

Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall ADDRESS BCC parameter, which originates from improper handling of the ADDRESS BCC parameter in /cgi-bin/smtprouting.cgi, and can be exploited by an attacker to...

6.4CVSS5AI score0.00138EPSS
Exploits0
CNVD
CNVD
added 2026/04/07 12:0 a.m.6 views

Endian Firewall group parameter cross-site scripting vulnerability

Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall group parameter, which stems from improper handling of the group parameter in /cgi-bin/proxygroup.cgi, and can be exploited by an attacker to inject malicious...

6.4CVSS5AI score0.00138EPSS
Exploits0
CNVD
CNVD
added 2026/04/07 12:0 a.m.8 views

Endian Firewall domain parameter cross-site scripting vulnerability

Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall domain parameter, which originates from improper handling of the domain parameter in /manage/smtpscan/domainrouting/, and can be exploited by an attacker to inject...

6.4CVSS5AI score0.00138EPSS
Exploits0
CNVD
CNVD
added 2026/04/07 12:0 a.m.4 views

Endian Firewall remark parameter cross-site scripting vulnerability (CNVD-2026-18402)

Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall remark parameter, which stems from improper handling of the remark parameter in /cgi-bin/zonefw.cgi, and can be exploited by an attacker to inject malicious...

6.4CVSS5AI score0.00138EPSS
Exploits0
CNVD
CNVD
added 2026/04/07 12:0 a.m.9 views

Endian Firewall REMARK Parameter Cross-Site Scripting Vulnerability

Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall REMARK parameter, which stems from improper handling of the REMARK parameter in /cgi-bin/openvpnclient.cgi, and can be exploited by an attacker to inject malicious...

6.4CVSS5AI score0.00179EPSS
Exploits0
CNVD
CNVD
added 2026/04/07 12:0 a.m.5 views

Endian Firewall user parameter cross-site scripting vulnerability

Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall user parameter, which stems from improper handling of the user parameter in /cgi-bin/proxyuser.cgi, and can be exploited by an attacker to inject malicious...

6.4CVSS5AI score0.00173EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/04/02 2:46 p.m.2 views

CVE-2026-34817

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting XSS via the ADDRESS BCC parameter to /cgi-bin/smtprouting.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page...

6.4CVSS5.9AI score0.00138EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/04/02 12:0 a.m.8 views

Endian Firewall 跨站脚本漏洞

Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall ADDRESS BCC parameter, which originates from improper handling of the ADDRESS BCC parameter in /cgi-bin/smtprouting.cgi, and can be exploited by an attacker to...

6.4CVSS5.7AI score0.00138EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/02 12:0 a.m.5 views

Endian Firewall 跨站脚本漏洞

Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall group parameter, which stems from improper handling of the group parameter in /cgi-bin/proxygroup.cgi, and can be exploited by an attacker to inject malicious...

6.4CVSS5.7AI score0.00138EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/02 12:0 a.m.7 views

Endian Firewall 跨站脚本漏洞

Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall remark parameter, which stems from improper handling of the remark parameter in /cgi-bin/vpnfw.cgi, and can be exploited by an attacker to inject malicious...

6.4CVSS5.7AI score0.00138EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/02 12:0 a.m.10 views

Endian Firewall 跨站脚本漏洞

Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall remark parameter, which stems from improper handling of the remark parameter in /manage/dnsmasq/localdomains/, and can be exploited by an attacker to inject...

6.4CVSS5.7AI score0.00138EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/02 12:0 a.m.9 views

Endian Firewall 跨站脚本漏洞

Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall dscp parameter, which stems from improper handling of the dscp parameter in /manage/qos/rules/, and can be exploited by an attacker to inject malicious JavaScript...

6.4CVSS5.7AI score0.00168EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/02 12:0 a.m.7 views

Endian Firewall 跨站脚本漏洞

Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall remark parameter, which stems from improperly cleaning up the input of the remark parameter in /manage/dhcp/fixedleases/, and can be exploited by an attacker to...

6.4CVSS5.7AI score0.00205EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/01 9:27 p.m.24 views

CVE-2026-34566 CI4MS: Pages Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input within the Page Management functionality when creating or editi...

9.1CVSS0.00269EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/15 6:34 p.m.3 views

CVE-2015-20115

Next Click Ventures RealtyScript 4.0.2 fails to properly sanitize file uploads, allowing attackers to store malicious scripts through the file POST parameter in admin/tools.php. Attackers can upload files containing JavaScript code that executes in the context of admin/tools.php when accessed by...

5.9AI score0.00267EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/25 12:0 a.m.12 views

PT-2026-21841

Name of the Vulnerable Software and Affected Versions Bugsink versions prior to 2.0.13 Description Bugsink is a self-hosted error tracking tool affected by a stored cross-site scripting XSS issue. An unauthenticated attacker who can submit events to a Bugsink project can store arbitrary JavaScrip...

9.3CVSS6AI score0.00286EPSS
Exploits1References16
Rows per page
Query Builder