Lucene search
K

38 matches found

OSV
OSV
added 2026/06/03 9:6 p.m.7 views

GHSA-CH57-39Q2-4CRM malla: Stored XSS via Meshtastic node names in multiple frontend pages

Node names longname, shortname received via MQTT are stored in SQLite without sanitization and rendered into the DOM without escaping. Any participant on a public Meshtastic MQTT broker can set a malicious node name that executes JavaScript in the browser of every Malla dashboard visitor. Affecte...

6.3CVSS6.1AI score0.00174EPSS
Exploits0References3
OSV
OSV
added 2026/05/11 6:24 p.m.3 views

MINI-CG44-C6X7-V55J

Bulletin has no description...

5.9CVSS5.7AI score0.0017EPSS
Exploits0
NVD
NVD
added 2026/05/10 1:16 p.m.38 views

CVE-2021-47951

WordPress Picture Gallery 1.4.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the Edit Content URL field in the Access Control settings. Attackers can enter JavaScript payloads in the plugin options that are stored in...

6.4CVSS0.00187EPSS
Exploits0References3
CVE
CVE
added 2026/05/10 12:44 p.m.23 views

CVE-2021-47948

The CVE-2021-47948 entry concerns WordPress GetPaid Plugin 2.4.6 with an HTML-injection vulnerability. It allows authenticated attackers to inject arbitrary HTML via the Help Text field in payment forms, with the injected HTML stored in the database and executed in the browser when the form is vi...

5.4CVSS6AI score0.00169EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/10 12:44 p.m.51 views

CVE-2021-47948 WordPress GetPaid Plugin 2.4.6 HTML Injection via Help Text

WordPress GetPaid Plugin 2.4.6 contains an HTML injection vulnerability that allows authenticated attackers to inject arbitrary HTML code by exploiting the Help Text field in payment forms. Attackers can inject malicious HTML including image tags and scripts into the Help Text field during paymen...

5.4CVSS0.00169EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/08 7:15 p.m.3 views

Cross-site Scripting (XSS)

Overview ci4-cms-erp/ci4ms is a composer create-project ci4-cms-erp/ci4ms Affected versions of this package are vulnerable to Cross-site Scripting XSS via the ajaxblackListpost process. An attacker can execute arbitrary JavaScript in the browser of other administrators by injecting malicious inpu...

4.8CVSS5.8AI score0.0023EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/04/07 7:49 p.m.3 views

CVE-2026-39380 Open Source Point of Sale has Stored XSS in Stock Location (Configuration)

Open Source Point of Sale is a web based point-of-sale application written in PHP using CodeIgniter framework. Prior to 3.4.3, a Stored Cross-Site Scripting XSS vulnerability exists in the Stock Locations configuration feature. The application fails to properly sanitize user input supplied throug...

5.4CVSS6AI score0.00162EPSS
Exploits1References1
Snyk
Snyk
added 2026/04/01 12:13 a.m.4 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the form title input field. An attacker can execute arbitrary JavaScript code in the browser of users who view the affected page by injecting malicious scripts into the form title field, which are then store...

7.1CVSS6AI score0.00213EPSS
Exploits1References3
OSV
OSV
added 2025/12/16 7:15 p.m.3 views

CVE-2025-65592

nopCommerce 4.90.0 is vulnerable to Cross Site Scripting XSS in the product management functionality. Malicious payloads inserted into the "Product Name" and "Short Description" fields are stored in the backend database and executed automatically whenever a user views the affected pages...

6.1CVSS6AI score
Exploits0References3
CVE
CVE
added 2025/12/16 12:0 a.m.9 views

CVE-2025-65592

CVE-2025-65592 affects nopCommerce 4.90.0. The vulnerability is a Cross Site Scripting (XSS) issue in the product management functionality, where malicious payloads entered into the Product Name and Short Description fields are stored in the backend database and then executed when affected pages ...

6.1CVSS5.6AI score0.00218EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2025/09/18 7:53 p.m.4 views

CVE-2025-59424 LinkAce Vulnerable to Stored XSS on the Audit Page

LinkAce is a self-hosted archive to collect website links. Prior to 2.3.1, a Stored Cross-Site Scripting XSS vulnerability has been identified on the /system/audit page. The application fails to properly sanitize the username field before it is rendered in the audit log. An authenticated attacker...

7.3CVSS5.1AI score0.00321EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/09/07 12:0 a.m.4 views

PT-2025-36405

Name of the Vulnerable Software and Affected Versions: IBM MQ LTS versions 9.1.0.0 through 9.1.0.29 IBM MQ LTS versions 9.2.0.0 through 9.2.0.36 IBM MQ LTS versions 9.3.0.0 through 9.3.0.30 IBM MQ LTS versions 9.4.0.0 through 9.4.0.12 IBM MQ CD versions 9.3.0.0 through 9.3.5.1 IBM MQ CD versions...

5.1CVSS6.1AI score0.00094EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2024/05/23 6:29 a.m.35 views

Important: Red Hat Security Advisory: OpenShift Virtualization 4.15.2 Images security update

Red Hat OpenShift Virtualization release 4.15.2 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which...

7.5CVSS7AI score0.91969EPSS
Exploits3References20
Github Security Blog
Github Security Blog
added 2024/01/03 9:48 p.m.22 views

PrestaShop XSS can be stored in DB from "add a message form" in order detail page (FO)

Impact The isCleanHtml method is not used on this this form, which makes it possible to store an xss in DB. The impact is low because the html is not interpreted in BO, thanks to twig's escape mechanism. In FO, the xss is effective, but only impacts the customer sending it, or the customer sessio...

6.1CVSS7AI score0.00389EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2023/10/26 1:10 p.m.23 views

CVE-2023-41096 Keys Stored in Plaintext on Secure Vault High for Silabs Ember ZNet devices

Missing Encryption of Security Keys vulnerability in Silicon Labs Ember ZNet SDK on 32 bit, ARM SecureVault High modules allows potential modification or extraction of network credentials stored in flash. This issue affects Silicon Labs Ember ZNet SDK: 7.3.1 and earlier...

6.8CVSS6.8AI score0.00107EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/10/26 1:10 p.m.18 views

CVE-2023-41096 Keys Stored in Plaintext on Secure Vault High for Silabs Ember ZNet devices

Missing Encryption of Security Keys vulnerability in Silicon Labs Ember ZNet SDK on 32 bit, ARM SecureVault High modules allows potential modification or extraction of network credentials stored in flash. This issue affects Silicon Labs Ember ZNet SDK: 7.3.1 and earlier...

6.8CVSS6.4AI score0.00107EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/10/26 1:10 p.m.11 views

CVE-2023-41095 Keys Stored in Plaintext on Secure Vault High for Silabs OpenThread devices

Missing Encryption of Security Keys vulnerability in Silicon Labs OpenThread SDK on 32 bit, ARM SecureVault High modules allows potential modification or extraction of network credentials stored in flash. This issue affects Silicon Labs OpenThread SDK: 2.3.1 and earlier...

6.8CVSS8AI score0.00206EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/10/26 1:10 p.m.23 views

CVE-2023-41095 Keys Stored in Plaintext on Secure Vault High for Silabs OpenThread devices

Missing Encryption of Security Keys vulnerability in Silicon Labs OpenThread SDK on 32 bit, ARM SecureVault High modules allows potential modification or extraction of network credentials stored in flash. This issue affects Silicon Labs OpenThread SDK: 2.3.1 and earlier...

6.8CVSS9.4AI score0.00206EPSS
Exploits0References1
OSV
OSV
added 2023/09/27 11:15 p.m.3 views

CVE-2023-43191

SpringbootCMS 1.0 foreground message can be embedded malicious code saved in the database. When users browse the comments, these malicious codes embedded in the HTML will be executed, and the user's browser will be controlled by the attacker, so as to achieve the special purpose of the attacker,...

5.4CVSS5.8AI score0.00346EPSS
Exploits1References1
CNNVD
CNNVD
added 2023/09/05 12:0 a.m.5 views

Cacti Cross-Site Scripting Vulnerability

Cacti is a set of open source network traffic monitoring and analysis tools from the Cacti team. The tool obtains data via snmpget, analyzes it using RRDtool drawing graphs, and provides data and user management features. Cacti suffers from a cross-site scripting vulnerability that originates fro...

6.1CVSS6.2AI score0.00713EPSS
Exploits1References7
Rows per page
Query Builder