Lucene search
K

154 matches found

ATTACKERKB
ATTACKERKB
added 2026/03/15 6:34 p.m.4 views

CVE-2015-20119

Next Click Ventures RealtyScript 4.0.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious HTML and iframe elements through the text parameter in the pages.php admin interface. Attackers can submit POST requests to the add page action with...

5.7AI score0.00207EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/20 11:26 a.m.6 views

CVE-2026-2486

The Master Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'maelbhtablebtntext' parameter in versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.7AI score0.00152EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/19 8:38 a.m.28 views

CVE-2026-2735 Stored Cross-Site Scripting (XSS) vulnerability in Alkacon's OpenCms

Stored Cross-Site Scripting XSS in Alkacon's OpenCms v18.0, which occurs when user input is not properly validated when sending a POST request to ‘/blog/new-article/org.opencms.ugc.CmsUgcEditService.gwt’ using the ‘text’ parameter...

5.1CVSS0.00177EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/19 8:38 a.m.6 views

CVE-2026-2735

Stored Cross-Site Scripting XSS in Alkacon's OpenCms v18.0, which occurs when user input is not properly validated when sending a POST request to ‘/blog/new-article/org.opencms.ugc.CmsUgcEditService.gwt’ using the ‘text’ parameter...

5.1CVSS5.5AI score0.00177EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2026/02/11 12:0 a.m.6 views

Huawei HarmonyOS OS Command Injection Vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS 0.1.0 version exists operating system command injection vulnerability, the vulnerability stems from the function inputtext parameter text...

8.8CVSS6.6AI score0.15052EPSS
Exploits1
CVE
CVE
added 2026/01/23 4:47 p.m.12 views

CVE-2021-47906

CVE-2021-47906 affects BloofoxCMS 0.5.2.1, with a stored cross-site scripting (XSS) vulnerability in the articles text parameter. The root cause is unfiltered user input in the text field, allowing authenticated attackers to inject JavaScript payloads that can execute in other users’ browsers and...

6.4CVSS5.2AI score0.00197EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/01/23 4:47 p.m.36 views

CVE-2021-47906 BloofoxCMS 0.5.2.1 - 'text' Stored Cross Site Scripting

BloofoxCMS 0.5.2.1 contains a stored cross-site scripting vulnerability in the articles text parameter that allows authenticated attackers to inject malicious scripts. Attackers can insert malicious javascript payloads in the text field to execute scripts and potentially steal authenticated users...

6.4CVSS0.00197EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/01/23 12:0 a.m.9 views

PT-2026-4519

Name of the Vulnerable Software and Affected Versions BloofoxCMS version 0.5.2.1 Description BloofoxCMS contains a stored cross-site scripting issue. Authenticated attackers can inject malicious scripts through the text parameter in the articles section. This allows for the execution of scripts a...

6.4CVSS5AI score0.00197EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/12/21 12:0 a.m.11 views

PT-2025-52572

Name of the Vulnerable Software and Affected Versions WishSuite versions up to and including 1.5.1 Description The WishSuite plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is due to insufficient input sanitization and output escaping in the 'button text' parameter of the...

6.4CVSS5.8AI score0.00197EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2025/12/17 8:7 a.m.5 views

CVE-2025-51962

A HTML Injection vulnerability in the comment section of the project page in MicroStudio 24.01.29 allows remote attackers to inject arbitrary web script or HTML via the text parameter of addprojectcomment function...

6.1CVSS6.8AI score0.00184EPSS
Exploits0References1
NVD
NVD
added 2025/12/15 7:16 p.m.6 views

CVE-2025-51962

A HTML Injection vulnerability in the comment section of the project page in MicroStudio 24.01.29 allows remote attackers to inject arbitrary web script or HTML via the text parameter of addprojectcomment function...

6.1CVSS0.00184EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/15 12:0 a.m.9 views

PT-2025-51274

Name of the Vulnerable Software and Affected Versions MicroStudio version 24.01.29 Description A HTML Injection issue exists in the comment section of the project page. This allows remote attackers to inject arbitrary web script or HTML through the text parameter of the add project comment...

6.1CVSS6.6AI score0.00184EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2025/12/15 12:0 a.m.3 views

CVE-2025-51962

A HTML Injection vulnerability in the comment section of the project page in MicroStudio 24.01.29 allows remote attackers to inject arbitrary web script or HTML via the text parameter of addprojectcomment function...

6.5AI score0.00184EPSS
Exploits0References2
CVE
CVE
added 2025/12/15 12:0 a.m.9 views

CVE-2025-51962

CVE-2025-51962 describes an HTML Injection in MicroStudio 24.01.29’s project page comments. The vulnerability arises in the add_project_comment function, allowing remote attackers to inject arbitrary scripts/HTML via the text parameter. CVSSv3.1 base score 6.1 (Medium) with NETWORK attack vector,...

6.1CVSS6.5AI score0.00184EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2025/12/15 12:0 a.m.4 views

CVE-2025-51962

A HTML Injection vulnerability in the comment section of the project page in MicroStudio 24.01.29 allows remote attackers to inject arbitrary web script or HTML via the text parameter of addprojectcomment function...

6.1CVSS6.7AI score0.00184EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/12/13 3:20 a.m.23 views

CVE-2025-14477 404 Solution <= 3.1.0 - Authenticated (Admin+) SQL Injection via 'filterText' Parameter

The 404 Solution plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 3.1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This is due to improper sanitization of the filterText paramet...

4.9CVSS0.00308EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/12/09 12:0 a.m.5 views

PT-2025-49866

Name of the Vulnerable Software and Affected Versions Social Reviews & Recommendations plugin for WordPress versions prior to 2.6 Description The Social Reviews & Recommendations plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is due to insufficient input sanitization and...

7.2CVSS6AI score0.00327EPSS
Exploits0References9
EUVD
EUVD
added 2025/12/06 6:30 a.m.6 views

EUVD-2025-201518

The Yet Another WebClap for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'text' parameter of the webclapbutton shortcode in all versions up to, and including, 0.2 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS4.6AI score0.00205EPSS
Exploits0References4
NVD
NVD
added 2025/12/06 6:15 a.m.4 views

CVE-2025-13857

The Yet Another WebClap for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'text' parameter of the webclapbutton shortcode in all versions up to, and including, 0.2 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS0.00205EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/12/06 12:0 a.m.7 views

PT-2025-49347

The Yet Another WebClap for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'text' parameter of the webclap button shortcode in all versions up to, and including, 0.2 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS5AI score0.00205EPSS
Exploits0References4
Rows per page
Query Builder