Lucene search
K

8 matches found

OSV
OSV
added 2026/04/07 8:43 a.m.5 views

BIT-DISCOURSE-2026-32243 Discourse: Stored XSS in discourse-ai shared conversations onebox

Discourse is an open-source discussion platform. From versions 2026.1.0 to before 2026.1.3, and 2026.2.0 to before 2026.2.2, an attacker with the ability to create shared AI conversations could inject arbitrary HTML and JavaScript via crafted conversation titles. This payload would execute in the...

6.1CVSS5.9AI score0.00169EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/12/23 11:29 p.m.10 views

CVE-2023-53978

myBB Forums 1.8.26 contains a stored cross-site scripting vulnerability in the forum announcement system that allows authenticated administrators to inject malicious scripts when creating announcements. Attackers can exploit this vulnerability by inserting script payloads in the announcement titl...

5.4CVSS6.1AI score0.00198EPSS
Exploits1References1
Packet Storm
Packet Storm
added 2025/07/08 12:0 a.m.88 views

📄 bludit 3.16.2 Directory Traversal

bludit version 3.16.2 suffers from a directory traversal vulnerability. Exploit Title: Directory Traversal "Site Title" - bluditv3.16.2 Date: 07/2025 Exploit Author: Andrey Stoykov Version: 3.16.2 Tested on: Debian 12 Blog: https://msecureltd.blogspot.com/ Directory Traversal "Site Title" 1: Step...

7.3AI score
Exploits0
GithubExploit
GithubExploit
added 2024/09/06 6:16 a.m.86 views

Exploit for Cross-site Scripting in Martinbarker Rendertune

RenderTune RCE A Proof-Of-Concept for CVE-2024-25292 vulnerab...

9.6CVSS9.1AI score0.01485EPSS
Exploits2
OSV
OSV
added 2023/10/06 11:15 a.m.4 views

CVE-2023-44758

GDidees CMS 3.0 is affected by a Cross-Site Scripting XSS vulnerability that allows attackers to execute arbitrary code via a crafted payload to the Page Title...

5.4CVSS6.1AI score0.00476EPSS
Exploits1References1
OSV
OSV
added 2023/09/07 7:15 p.m.9 views

CVE-2023-37798

A stored cross-site scripting XSS vulnerability in the new REDCap project creation function of Vanderbilt REDCap 13.1.35 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the project title parameter...

5.4CVSS5.9AI score0.00346EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/03/27 12:0 a.m.3 views

Notable 安全漏洞

Notable is a Markdown-based note-taking software with cross-platform support from the individual developers of Notable. A security vulnerability exists in Notable version 1.8.4, which stems from unfiltered text editing and allows an attacker to execute arbitrary code via a crafted payload injecte...

9.8CVSS8.8AI score0.01582EPSS
Exploits1References2
wpexploit
wpexploit
added 2021/05/12 12:0 a.m.98 views

Photo Gallery < 1.5.67 - Authenticated Stored Cross-Site Scripting via Gallery Title

The plugin did not properly sanitise the gallery title, allowing high privilege users to create one with XSS payload in it, which will be triggered when another user will view the gallery list or the affected gallery in the admin dashboard. This is due to an incomplete fix of CVE-2019-16117 Creat...

6.1CVSS1.4AI score0.04609EPSS
Exploits6
Rows per page
Query Builder