Lucene search
+L

6 matches found

NVD
NVD
added 2026/04/21 8:17 p.m.8 views

CVE-2026-40875

mailcow: dockerized is an open source groupware/email suite based on docker. In versions prior to 2026-03b, the user dashboard's "Seen successful connections" login history renders the client IP from login logs without HTML escaping. Because the server trusts the X-Real-IP header as the source IP...

7CVSS0.00182EPSS
Exploits0References1
EUVD
EUVD
added 2026/01/08 9:49 a.m.6 views

EUVD-2026-1478

NiceGUI is a Python-based UI framework. From versions 2.13.0 to 3.4.1, there is a XSS risk in NiceGUI when developers pass attacker-controlled strings into ui.navigate.history.push or ui.navigate.history.replace. These helpers are documented as History API wrappers for updating the browser URL...

6.1CVSS6.1AI score0.00243EPSS
Exploits1References4
OSV
OSV
added 2023/07/17 2:15 p.m.4 views

CVE-2023-1893

The Login Configurator WordPress plugin through 2.1 does not properly escape a URL parameter before outputting it to the page, leading to a reflected cross-site scripting vulnerability targeting site administrators...

6.1CVSS7.1AI score0.00718EPSS
Exploits3References2
SUSE CVE
SUSE CVE
added 2023/02/15 4:50 a.m.3 views

SUSE CVE-2017-5453

A mechanism to inject static HTML into the RSS reader preview page due to a failure to escape characters sent as URL parameters for a feed's "TITLE" element. This vulnerability allows for spoofing but no scripted content can be run. This vulnerability affects Firefox 53...

4.3CVSS8.3AI score0.01097EPSS
Exploits0References5
CNNVD
CNNVD
added 2021/08/02 12:0 a.m.5 views

WordPress 插件跨站脚本漏洞

WordPress is a set of blogging platform developed by Wordpress Foundation using PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.Steam Group Viewer plugin is an application plugin for WordPress. A cross-site scripting vulnerability exists in WordPre...

5.4CVSS5.4AI score0.0062EPSS
Exploits2References1
RedHat Linux
RedHat Linux
added 2020/11/10 1:28 p.m.9 views

python-httplib2: CRLF injection via an attacker controlled unescaped part of uri for httplib2.Http.request function

A flaw was found in python-httplib2. An attacker controlling an unescaped part of uri for httplib2.Http.request could change request headers and body, send additional hidden requests to same server. This vulnerability impacts software that uses httplib2 with uri constructed by string concatenatio...

6.8CVSS5.8AI score0.02593EPSS
Exploits0References5
Rows per page
Query Builder