Lucene search
K

661 matches found

Nuclei
Nuclei
added 14 hours ago64 views

Joomla! Component & Plugin JE Tooltip 1.0 - Local File Inclusion

A directory traversal vulnerability in the JE Form Creator comjeformcr component for Joomla!, when magicquotesgpc is disabled, allows remote attackers to read arbitrary files via directory traversal sequences in the view parameter to index.php. NOTE -- the original researcher states that the...

4.3CVSS6.2AI score0.06429EPSS
Exploits1References5
NVD
NVD
added 3 days ago7 views

CVE-2026-12141

The Premium Addons for Elementor – Powerful Elementor Templates & Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'premiumtooltiptext' parameter in all versions up to, and including, 4.11.84 due to insufficient input sanitization and output escaping. This makes i...

4.9CVSS0.00193EPSS
Exploits0References5
Cvelist
Cvelist
added 3 days ago32 views

CVE-2026-12141 Premium Addons for Elementor <= 4.11.84 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'premium_tooltip_text' Parameter

The Premium Addons for Elementor – Powerful Elementor Templates & Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'premiumtooltiptext' parameter in all versions up to, and including, 4.11.84 due to insufficient input sanitization and output escaping. This makes i...

4.9CVSS0.00193EPSS
Exploits0References5
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-43142

The Premium Addons for Elementor – Powerful Elementor Templates & Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'premiumtooltiptext' parameter in all versions up to, and including, 4.11.84 due to insufficient input sanitization and output escaping. This makes i...

4.9CVSS6.2AI score0.00193EPSS
Exploits0References5
EUVD
EUVD
added 4 days ago9 views

EUVD-2026-42863

The Logo Slider – Logo Carousel, Client Logo Slider & Brand Showcase for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'lgxtooltipposition' parameter in all versions up to, and including, 5.5 due to insufficient input sanitization and output escaping. This...

6.4CVSS6.2AI score0.00193EPSS
Exploits0References5
CVE
CVE
added 4 days ago15 views

CVE-2026-13247

CVE-2026-13247 affects the WordPress plugin Logo Slider – Logo Carousel, Client Logo Slider & Brand Showcase (versions up to 5.5). The vulnerability is a stored cross-site scripting via the lgx_tooltip_position parameter caused by insufficient input sanitization and output escaping. Exploitation ...

6.4CVSS6.2AI score0.00193EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 4 days ago6 views

CVE-2026-13247

The Logo Slider – Logo Carousel, Client Logo Slider & Brand Showcase for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'lgxtooltipposition' parameter in all versions up to, and including, 5.5 due to insufficient input sanitization and output escaping. This...

6.4CVSS6.2AI score0.00193EPSS
Exploits0References6
Cvelist
Cvelist
added 4 days ago35 views

CVE-2026-13247 Logo Slider <= 5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'lgx_tooltip_position' Parameter

The Logo Slider – Logo Carousel, Client Logo Slider & Brand Showcase for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'lgxtooltipposition' parameter in all versions up to, and including, 5.5 due to insufficient input sanitization and output escaping. This...

6.4CVSS0.00193EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/07/01 6:48 p.m.8 views

CVE-2026-14358 Stored XSS in Wikimedia Chart pie tooltip via Data:*.tab field title

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in The Wikimedia Foundation Mediawiki - Charts Extension allows Cross-Site Scripting XSS. This issue affects Mediawiki - Charts Extension: from before 1.43.9,1.44.6,1.45.4...

6.9CVSS5.8AI score0.00175EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 6:48 p.m.22 views

CVE-2026-14358

The CVE-2026-14358 affects the Wikimedia Foundation MediaWiki Charts Extension and indicates a Cross-Site Scripting (XSS) flaw caused by improper input neutralization during web page generation. Affected versions are before 1.43.9, 1.44.6, and 1.45.4. The vulnerability is described as a stored XS...

6.9CVSS5.8AI score0.00175EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/07/01 6:48 p.m.36 views

CVE-2026-14358 Stored XSS in Wikimedia Chart pie tooltip via Data:*.tab field title

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in The Wikimedia Foundation Mediawiki - Charts Extension allows Cross-Site Scripting XSS. This issue affects Mediawiki - Charts Extension: from before 1.43.9,1.44.6,1.45.4...

6.9CVSS0.00175EPSS
Exploits0References2
CVE
CVE
added 2026/06/23 8:15 p.m.19 views

CVE-2026-47383

CVE-2026-47383 affects NocoDB prior to 2026.05.1, where an authenticated commenter could store HTML in row comments that executed as script when other users hovered over the comment in the expanded form view. The root cause is that write paths persisted the raw comment body with no server-side sa...

7.4CVSS5.9AI score0.00288EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/22 3:20 p.m.32 views

CVE-2026-50178 Angular: Remote Code Execution via JSDoc Hover Command Injection in VS Code Angular Language Service Extension

The Angular Language Service VS Code Extension provides a rich editing experience for Angular templates. the client-side Angular Language Service VS Code extension configures the tooltip Markdown renderer with the isTrusted: true option located in client/src/client.ts. This setting instructs VS...

8.7CVSS0.00275EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/12 8:48 p.m.31 views

CVE-2026-45014 Apostrophe Vulnerable to Stored Cross-Site Scripting via Unsanitized User Display Name in Draft Version Tooltip

ApostropheCMS is an open-source Node.js content management system. Versions up to and including 4.29.0 are vulnerable to stored cross-site scripting via unsanitized user display name in draft version tooltip. As of time of publication, no known patched versions are available...

5.3CVSS0.00286EPSS
Exploits0References1
CVE
CVE
added 2026/06/12 8:48 p.m.23 views

CVE-2026-45014

ApostropheCMS (Node.js) is vulnerable to stored cross-site scripting in draft version tooltips via an unsanitized user display name. Affected: versions up to and including 4.29.0. Root cause: unsanitized displayName in draft tooltip output. Impact: potential stored XSS in admin/editor UI when ren...

5.3CVSS4.9AI score0.00286EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/12 8:48 p.m.8 views

CVE-2026-45014 Apostrophe Vulnerable to Stored Cross-Site Scripting via Unsanitized User Display Name in Draft Version Tooltip

ApostropheCMS is an open-source Node.js content management system. Versions up to and including 4.29.0 are vulnerable to stored cross-site scripting via unsanitized user display name in draft version tooltip. As of time of publication, no known patched versions are available...

5.3CVSS4.9AI score0.00286EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:24 p.m.8 views

CVE-2026-8894

The iWR Tooltip plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's iwrtooltip shortcode in versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping on user supplied attributes in the iwrtooltip shortcode handler — the...

6.4CVSS5.7AI score0.00187EPSS
Exploits0References1
NVD
NVD
added 2026/06/04 8:16 p.m.23 views

CVE-2026-41518

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In versions 4.9.0 through 5.0.0, an authenticated user with project-editor permissions can store arbitrary HTML/JavaScript in the ChartDatasetConfig.legend field. The...

7.6CVSS0.002EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/04 7:28 p.m.34 views

CVE-2026-41518 Chartbrew has a stored DOM XSS via Chart Tooltip innerHTML (ChartDatasetConfig.legend)

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In versions 4.9.0 through 5.0.0, an authenticated user with project-editor permissions can store arbitrary HTML/JavaScript in the ChartDatasetConfig.legend field. The...

7.6CVSS0.002EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/04 7:28 p.m.10 views

CVE-2026-41518

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In versions 4.9.0 through 5.0.0, an authenticated user with project-editor permissions can store arbitrary HTML/JavaScript in the ChartDatasetConfig.legend field. The...

7.6CVSS6AI score0.002EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder