Lucene search
K

26 matches found

RedhatCVE
RedhatCVE
added 2026/05/11 8:26 p.m.9 views

CVE-2021-47931

Exponent CMS 2.6 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the Title and Text Block parameters in the text editing endpoint. Attackers can inject iframe payloads with embedded SVG onload events to execute arbitrary...

6.4CVSS5.9AI score0.00213EPSS
Exploits0References1
CVE
CVE
added 2025/11/11 3:30 a.m.19 views

CVE-2025-11859

CVE-2025-11859 affects the WordPress plugin Paypal Donation Shortcode (versions

6.4CVSS4.8AI score0.00161EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.1 views

EUVD-2022-30762

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.01582EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-46381

Malicious code in bioql PyPI...

5.4CVSS5.8AI score0.00485EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/05/23 7:31 a.m.9 views

CVE-2024-25876

A cross-site scripting XSS vulnerability in the Header module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title text field...

6.1CVSS5.7AI score0.00443EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:15 a.m.23 views

CVE-2022-41431

xzs v3.8.0 was discovered to contain a cross-site scripting XSS vulnerability in the component /admin/question/edit. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title text field...

5.4CVSS6AI score0.00628EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:33 p.m.8 views

CVE-2022-26198

Notable v1.8.4 does not filter text editing, allowing attackers to execute arbitrary code via a crafted payload injected into the Title text field...

9.8CVSS7.8AI score0.01582EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2024/02/22 3:30 p.m.19 views

Enhavo Cross-site Scripting vulnerability

A cross-site scripting XSS vulnerability in the Header module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title text field...

6.1CVSS5.7AI score0.00443EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2024/02/22 2:15 p.m.27 views

CVE-2024-25876

A cross-site scripting XSS vulnerability in the Header module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title text field...

6.1CVSS5.5AI score0.00443EPSS
Exploits1References2
OSV
OSV
added 2024/02/22 2:15 p.m.6 views

CVE-2024-25876

A cross-site scripting XSS vulnerability in the Header module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title text field...

6.1CVSS5.9AI score
Exploits0References2
Cvelist
Cvelist
added 2024/02/22 12:0 a.m.34 views

CVE-2024-25876

A cross-site scripting XSS vulnerability in the Header module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title text field...

5.7AI score0.00443EPSS
Exploits1References2
OSV
OSV
added 2024/01/18 10:15 p.m.4 views

CVE-2023-43824

A stack based buffer overflow exists in Delta Electronics Delta Industrial Automation DOPSoft when parsing the wTitleTextLen field of a DPS file. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve remote code...

7.8CVSS6.3AI score
Exploits0References1
OSV
OSV
added 2022/10/17 9:15 p.m.11 views

CVE-2022-41431

xzs v3.8.0 was discovered to contain a cross-site scripting XSS vulnerability in the component /admin/question/edit. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title text field...

5.4CVSS6AI score
Exploits0References4
wpexploit
wpexploit
added 2022/06/06 12:0 a.m.208 views

NextCellent Gallery <= 1.9.35 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its image settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup Create/edit a gallery with at least one image, pu...

4.8CVSS4.7AI score0.00552EPSS
Exploits2
Prion
Prion
added 2022/03/27 12:15 a.m.10 views

Code injection

Notable v1.8.4 does not filter text editing, allowing attackers to execute arbitrary code via a crafted payload injected into the Title text field...

7.5CVSS9.5AI score0.01582EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2022/03/26 11:18 p.m.14 views

CVE-2022-26198

Notable v1.8.4 does not filter text editing, allowing attackers to execute arbitrary code via a crafted payload injected into the Title text field...

9.8AI score0.01582EPSS
Exploits1References1
OSV
OSV
added 2021/06/17 4:15 p.m.5 views

CVE-2020-19202

An authenticated Stored XSS Cross-site Scripting exists in the "captive.cgi" Captive Portal via the "Title of Login Page" text box or "TITLE" parameter in IPFire 2.21 x8664 - Core Update 130. It allows an authenticated WebGUI user with privileges to execute Stored Cross-site Scripting in the...

5.4CVSS5.9AI score0.00573EPSS
Exploits1References2
0day.today
0day.today
added 2019/12/17 12:0 a.m.229 views

Serv-U FTP Server 15.1.7 Persistent Cross Site Scripting Vulnerability

Exploit for windows platform in category web applications Issue: Serv-U FTP Server 15.1.7 Persistent Cross Site Scripting Vulnerability CVE: CVE-2019-13182 Security researcher: Richard Tan @ The Missing Link Security Product name: Serv-U FTP Server Product version: Tested on 15.1.7 Fixed in: Serv...

5.8AI score0.06397EPSS
Exploits2
OSV
OSV
added 2019/02/05 6:29 p.m.2 views

CVE-2019-7413

In the Parallax Scroll aka adamrob-parallax-scroll plugin before 2.1 for WordPress, includes/adamrob-parralax-shortcode.php allows XSS via the title text. "parallax" has a spelling change within the PHP filename...

6.1CVSS6.3AI score0.00932EPSS
Exploits0References2
Cvelist
Cvelist
added 2019/02/05 6:0 p.m.16 views

CVE-2019-7413

In the Parallax Scroll aka adamrob-parallax-scroll plugin before 2.1 for WordPress, includes/adamrob-parralax-shortcode.php allows XSS via the title text. "parallax" has a spelling change within the PHP filename...

6.1AI score0.00932EPSS
Exploits0References2
Rows per page
Query Builder