Lucene search
+L

13 matches found

cvelist
cvelist
added last week37 views

CVE-2026-0279 PAN-OS: Multiple Cross-Site Scripting (XSS) Vulnerabilities

Multiple cross site scripting vulnerabilities in the User-ID™ Authentication Portal aka Captive Portal service, GlobalProtect™ gateway/portal features and Clientless VPN of Palo Alto Networks PAN-OS® software enables a malicious unauthenticated user to store or execute malicious JavaScript payloa...

5.3CVSS0.0061EPSS
Exploits0References1
cve
cve
added last week9 views

CVE-2026-0279

PAN-OS 11.1.x before 11.1.16, 11.2.x before 11.2.13, and 12.1.x before 12.1.8 are affected by multiple cross-site scripting (XSS) flaws in the User-ID Authentication Portal (Captive Portal), GlobalProtect gateway/portal features, and Clientless VPN. An unauthenticated attacker can store or execut...

6.1CVSS5.4AI score0.0061EPSS
Exploits0References1Affected Software1
ptsecurity
ptsecurity
added 2026/06/25 12:0 a.m.11 views

PT-2026-52196

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 18.10 through 18.11.5 GitLab CE/EE versions 19.0 through 19.0.2 GitLab CE/EE versions 19.1 through 19.1.0 Description An issue exists in the Web IDE workbench where improper path validation allows an unauthenticated...

8CVSS6.1AI score0.00222EPSS
Exploits0References13
cvelist
cvelist
added 2026/05/26 3:51 p.m.42 views

CVE-2025-36148 IBM Financial Transaction Manager for SWIFT Services for Multiplatforms is vulnerable to cross-site scripting.

IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4.0 through 3.2.4.15 IBM Financial Transaction Manager SWIFT is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the...

5.4CVSS0.00193EPSS
Exploits0References1
nessus
nessus
added 2026/04/22 12:0 a.m.7 views

GitLab 18.10 < 18.10.4 / 18.11 < 18.11.1 (CVE-2026-5816)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.10 before 18.10.4 and 18.11 before 18.11.1 that could have allowed an unauthenticated user to execute arbitrary JavaScript...

8.1CVSS6AI score0.00407EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2026/02/17 12:0 a.m.18 views

PT-2026-20245

Name of the Vulnerable Software and Affected Versions IBM Concert versions 1.0.0 through 2.1.0 Description The IBM Concert Z hub framework is susceptible to cross-site scripting. An unauthenticated attacker can inject arbitrary JavaScript code into the Web UI, potentially modifying the intended...

6.1CVSS5AI score0.00162EPSS
Exploits0References3
redhatcve
redhatcve
added 2026/01/15 10:32 p.m.5 views

CVE-2026-0601

A reflected cross-site scripting vulnerability exists in Nexus Repository 3 that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser through a specially crafted request requiring user interaction...

5.1CVSS6.6AI score0.00389EPSS
Exploits0References1
euvd
euvd
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-25273

Malicious code in bioql PyPI...

6.9CVSS6.4AI score0.00182EPSS
Exploits0References5
vulnrichment
vulnrichment
added 2025/09/27 1:16 a.m.4 views

CVE-2025-36239 IBM Storage TS4500 Library cross-site scripting

IBM Storage TS4500 Library 1.11.0.0 and 2.11.0.0 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

6.1CVSS6.1AI score0.00197EPSS
Exploits0References1
github
github
added 2025/08/08 6:32 p.m.11 views

Liferay Portal Reflected XSS in blogs-web

A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.0 through 7.4.3.133, and Liferay DXP 2025.Q1.0 through 2025.Q1.4 ,2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15, 7.4 GA through update 92 allows an...

6.9CVSS5.7AI score0.00588EPSS
Exploits0References5Affected Software1
ptsecurity
ptsecurity
added 2025/02/06 12:0 a.m.4 views

PT-2025-5864 · Ibm · Ibm Jazz For Service Management

Name of the Vulnerable Software and Affected Versions: IBM Jazz for Service Management versions 1.1.3 through 1.1.3.23 Description: This issue allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to...

6.4CVSS6.8AI score0.00248EPSS
Exploits0References7
osv
osv
added 2021/10/08 4:15 p.m.3 views

CVE-2021-41565

TadTools special page parameter does not properly restrict the input of specific characters, thus remote attackers can inject JavaScript syntax without logging in, and further perform reflective XSS attacks...

6.1CVSS5.8AI score0.00722EPSS
Exploits0References1
redhatcve
redhatcve
added 2018/08/22 7:49 a.m.39 views

CVE-2018-1000225

Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Cross Site Scripting XSS vulnerability in cobbler-web that can result in Privilege escalation to admin.. This attack appear to...

9.6CVSS4.2AI score0.01262EPSS
Exploits0References2
Rows per page
Query Builder