Lucene search
K

1043 matches found

EUVD
EUVD
added 2026/04/06 6:33 p.m.4 views

EUVD-2026-19275

An authenticated stored cross-site scripting XSS vulnerability in the creation/editing module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Title parameter...

4.8CVSS6AI score0.00181EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/04/06 6:33 p.m.3 views

Feehi CMS has an authenticated stored cross-site scripting (XSS) vulnerability via the creation/editing module

An authenticated stored cross-site scripting XSS vulnerability in the creation/editing module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Title parameter...

4.8CVSS6AI score0.00181EPSS
Exploits1References4Affected Software1
Snyk
Snyk
added 2026/04/06 4:10 p.m.1 views

Cross-site Scripting (XSS)

Overview feehi/cms is a Feehi CMS project template. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the creation/editing process via the Title parameter. An attacker can execute arbitrary web scripts or HTML by injecting a crafted payload. Details Cross-site...

6.9CVSS6AI score0.00181EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/04/06 12:0 a.m.4 views

CVE-2026-31351

An authenticated stored cross-site scripting XSS vulnerability in the creation/editing module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Title parameter...

6AI score0.00181EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/04/06 12:0 a.m.5 views

PT-2026-30652

An authenticated stored cross-site scripting XSS vulnerability in the creation/editing module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Title parameter...

6AI score0.00181EPSS
Exploits1References3
CVE
CVE
added 2026/04/06 12:0 a.m.8 views

CVE-2026-31351

The CVE-2026-31351 entry describes an authenticated stored XSS vulnerability in Feehi CMS v2.1.1, exploitable via crafting payloads in the Title field during creation/editing. The issue is confirmed across multiple connected sources (RH Red Hat, EUVD ENISA, GHSA advisories, NVD/NVD-linked records...

4.8CVSS6AI score0.00181EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2026/04/05 5:16 p.m.3 views

CVE-2026-5580

A vulnerability was identified in CodeAstro Online Classroom 1.0. Impacted is an unknown function of the file /OnlineClassroom/addvideos.php of the component Parameter Handler. The manipulation of the argument videotitle leads to sql injection. It is possible to initiate the attack remotely. The...

6.5CVSS0.00257EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/04 12:31 p.m.9 views

EUVD-2026-18995

The Visitor Traffic Real Time Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pagetitle' parameter in all versions up to, and including, 8.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

7.2CVSS6.1AI score0.00257EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/04 11:16 a.m.1 views

CVE-2026-2936

The Visitor Traffic Real Time Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pagetitle' parameter in all versions up to, and including, 8.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

7.2CVSS6.1AI score0.00257EPSS
Exploits0References3
CVE
CVE
added 2026/04/04 11:16 a.m.32 views

CVE-2026-2936

The CVE concerns the WordPress plugin Visitor Traffic Real Time Statistics, affected up to version 8.4. It is vulnerable to Stored Cross-Site Scripting via the page_title parameter due to insufficient input sanitization and output escaping. The vulnerability allows unauthenticated attackers to in...

7.2CVSS6.1AI score0.00257EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/04 11:16 a.m.4 views

CVE-2026-2936 Visitor Traffic Real Time Statistics <= 8.4 - Unauthenticated Stored Cross-Site Scripting

The Visitor Traffic Real Time Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pagetitle' parameter in all versions up to, and including, 8.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

7.2CVSS6.1AI score0.00257EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/04 12:0 a.m.3 views

PT-2026-30345

Name of the Vulnerable Software and Affected Versions Visitor Traffic Real Time Statistics plugin for WordPress versions up to and including 8.4 Description The Visitor Traffic Real Time Statistics plugin for WordPress is susceptible to Stored Cross-Site Scripting through the page title parameter...

7.2CVSS6.1AI score0.00257EPSS
Exploits0References6
Snyk
Snyk
added 2026/03/26 6:15 p.m.5 views

SQL Injection

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to SQL Injection via the fixCleanTitle function. An attacker can access sensitive database information by injecting crafted input into the cleantitle or id parameters...

9.8CVSS6AI score0.00492EPSS
Exploits1References2
OSV
OSV
added 2026/03/25 10:44 p.m.3 views

CVE-2026-33911 OpenEMR vulnerable to reflected XSS in graphs.php via title parameter

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, the POST parameter title is reflected back in a JSON response built with jsonencode. Because the response is served with a text/html Content-Type, the browser...

5.4CVSS6AI score0.00228EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/03/25 10:44 p.m.22 views

CVE-2026-33911 OpenEMR vulnerable to reflected XSS in graphs.php via title parameter

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, the POST parameter title is reflected back in a JSON response built with jsonencode. Because the response is served with a text/html Content-Type, the browser...

5.4CVSS0.00228EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/25 10:44 p.m.5 views

CVE-2026-33911 OpenEMR vulnerable to reflected XSS in graphs.php via title parameter

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, the POST parameter title is reflected back in a JSON response built with jsonencode. Because the response is served with a text/html Content-Type, the browser...

5.4CVSS6AI score0.00228EPSS
Exploits0References3
CVE
CVE
added 2026/03/25 10:44 p.m.15 views

CVE-2026-33911

CVE-2026-33911 : OpenEMR prior to 8.0.0.3 is vulnerable to a reflected XSS via the POST parameter title in graphs.php. The parameter is echoed back inside a JSON response built with json_encode(), but served with content-type text/html, causing the browser to execute injected HTML/script instead ...

5.4CVSS6AI score0.00228EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/03/24 12:16 a.m.11 views

CVE-2026-4616

CVE-2026-4616 affects bolo-blog 2.6.4, specifically the Article Title Handler component in /console/article/. The vulnerability arises from manipulating the articleTitle argument, enabling cross-site scripting. Exploitation is remote and an exploit has been publicly released; the project was info...

4.8CVSS4.3AI score0.00274EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/03/24 12:0 a.m.7 views

bolo-solo 代码注入漏洞

Bolo-Solo is a blog system developed under the open source Bolo-Blog project. Version 2.6.4 of Bolo-Solo contains a code injection vulnerability. This vulnerability stems from incorrect handling of the parameter articleTitle in the file /console/article/. It may lead to cross-site scripting attac...

4.8CVSS5.7AI score0.00274EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/21 12:0 a.m.9 views

PT-2026-26825

The Twitter Feeds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tweet title' parameter in the 'TwitterFeeds' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS6AI score0.00187EPSS
Exploits0References4
Rows per page
Query Builder