Lucene search
K

88 matches found

Nuclei
Nuclei
added yesterday95 views

SuperWebMailer 9.00.0.01710 - Cross-Site Scripting

An issue was discovered in SuperWebMailer 9.00.0.01710 allowing XSS via crafted incorrect passwords. id: CVE-2023-38192 info: name: SuperWebMailer 9.00.0.01710 - Cross-Site Scripting author: ritikchaddha severity: medium description: | An issue was discovered in SuperWebMailer 9.00.0.01710 allowi...

6.1CVSS6.4AI score0.01116EPSS
Exploits1References3
Nuclei
Nuclei
added 2 days ago23 views

osTicket - Arbitrary File Read

Enhancesoft osTicket versions 1.18.x prior to 1.18.3 and 1.17.x prior to 1.17.7 contain an arbitrary file read vulnerability in the ticket PDF export functionality. A remote attacker can submit a ticket containing crafted rich-text HTML that includes PHP filter expressions which are insufficientl...

8.7CVSS6.3AI score0.73125EPSS
Exploits3References3
NVD
NVD
added 5 days ago5 views

CVE-2026-59802

PasswordPusher before 2.8.1 accepts data URI schemes in URL push payloads due to insufficient validation in the validurl function. Attackers can create malicious pushes containing data:text/html URIs that execute arbitrary JavaScript in victims' browsers when clicked, enabling phishing and...

8.2CVSS0.00192EPSS
Exploits0References2
OSV
OSV
added 6 days ago6 views

GO-2026-5313 Hugo: XSS via text/html content files in github.com/gohugoio/hugo

Hugo: XSS via text/html content files in github.com/gohugoio/hugo...

6.1CVSS5.9AI score0.00187EPSS
Exploits0References3
CVE
CVE
added last week21 views

CVE-2026-50133

CVE-2026-50133 affects Hugo, a static site generator. The issue: before v0.162.0, content files mapped to text/html (e.g., HTML under /content or via adapters setting content.mediaType = "text/html") had their body emitted verbatim, enabling stored cross-site scripting if untrusted HTML content i...

6.1CVSS5.4AI score0.00187EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2026/06/16 7:22 p.m.4 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the text/html content processing. An attacker can inject and execute arbitrary scripts in the context of the rendered page by supplying malicious HTML content files from untrusted sources. This is only...

5.4CVSS5.9AI score0.00187EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/16 7:22 p.m.4 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the text/html content processing. An attacker can inject and execute arbitrary scripts in the context of the rendered page by supplying malicious HTML content files from untrusted sources. This is only...

5.4CVSS5.9AI score0.00187EPSS
Exploits0References2
OSV
OSV
added 2026/06/16 7:22 p.m.5 views

GHSA-C54G-XJWJ-8G82 Hugo: XSS via text/html content files

Commit: e41a06447d — Disallow HTML content by default Affected versions: all Hugo versions prior to v0.162.0. Fixed in: v0.162.0. Severity: Low to Medium, depending on threat model. Not an issue if you fully trust every file under /content and every content adapter you load. Description. Hugo...

5.1CVSS5.1AI score0.00187EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/06/16 7:22 p.m.9 views

Hugo: XSS via text/html content files

Commit: e41a06447d — Disallow HTML content by default Affected versions: all Hugo versions prior to v0.162.0. Fixed in: v0.162.0. Severity: Low to Medium, depending on threat model. Not an issue if you fully trust every file under /content and every content adapter you load. Description. Hugo...

6.1CVSS5.1AI score0.00187EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.12 views

PT-2026-50156

Name of the Vulnerable Software and Affected Versions Hugo versions prior to 0.162.0 Description Hugo accepts content files in various markup formats. Files mapped to the text/html media type, such as .html files located under /content or pages generated by a content adapter where content.mediaTy...

6.1CVSS5.7AI score0.00187EPSS
Exploits0References13
NVD
NVD
added 2026/05/25 8:16 p.m.12 views

CVE-2026-48845

In Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16 and 1.7.x before 1.7.1, remote image blocking was not honored for URLs pointing to local/private destinations, which may lead to information disclosure or privilege escalation via a text/html email message...

6.5CVSS0.00315EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/25 7:18 p.m.26 views

CVE-2026-48845

In Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16 and 1.7.x before 1.7.1, remote image blocking was not honored for URLs pointing to local/private destinations, which may lead to information disclosure or privilege escalation via a text/html email message...

6.5CVSS0.00315EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/25 12:0 a.m.10 views

PT-2026-43108

Name of the Vulnerable Software and Affected Versions Roundcube Webmail versions 1.6.14 through 1.6.16 Roundcube Webmail versions prior to 1.7.1 Description Remote image blocking is not honored for URLs pointing to local or private destinations. This issue can be triggered via a text/html email...

6.5CVSS5.8AI score0.00315EPSS
Exploits0References16
ATTACKERKB
ATTACKERKB
added 2026/05/11 9:47 p.m.8 views

CVE-2026-42554

Fiber is a web framework for Go. Prior to 2.52.12 and 3.1.0, Cross-Site Scripting vulnerability in Go Fiber allows a remote attacker to inject arbitrary HTML/JavaScript by supplying Accept: text/html on any request whose handler passes attacker-influenced data to the AutoFormat feature. The...

5.3CVSS6AI score0.00212EPSS
Exploits1References2Affected Software1
Packet Storm News
Packet Storm News
added 2026/04/13 12:0 a.m.6 views

Saleor Cross Site Scripting

Saleor was allowing users to modify rich text fields with HTML without running any backend HTML cleaners thus allowing malicious actors to perform persistent cross site scripting attacks on dashboards and storefronts. This issue has been patched in versions 3.22.27, 3.21.43, and 3.20.108...

5.1AI score
Exploits0
Snyk
Snyk
added 2026/04/03 6:31 a.m.5 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the preview process. An attacker can execute arbitrary scripts in the context of the user's browser by convincing a victim to preview a specially crafted text/html attachment. Details Cross-site scripting or...

6.1CVSS6AI score0.00251EPSS
Exploits0References2
NVD
NVD
added 2026/04/03 5:16 a.m.6 views

CVE-2026-35539

An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. XSS exists because of insufficient HTML attachment sanitization in preview mode. A victim must preview a text/html attachment...

6.1CVSS0.00251EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/04/03 3:39 a.m.7 views

CVE-2026-35539

An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. XSS exists because of insufficient HTML attachment sanitization in preview mode. A victim must preview a text/html attachment...

6.1CVSS5.9AI score0.00251EPSS
Exploits0References8Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/01 8:34 p.m.2 views

CVE-2026-4364

IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 allows certificate listings retrieved via a browser session to return a...

5.4CVSS5.7AI score0.00092EPSS
Exploits0References2Affected Software4
EUVD
EUVD
added 2026/03/25 10:44 p.m.3 views

EUVD-2026-16019

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, the POST parameter title is reflected back in a JSON response built with jsonencode. Because the response is served with a text/html Content-Type, the browser...

5.4CVSS6AI score0.00228EPSS
Exploits0References3
Rows per page
Query Builder