Lucene search
K

15 matches found

CVE
CVE
added 2026/06/26 1:11 a.m.12 views

CVE-2026-50742

CVE-2026-50742 describes a stored XSS in Revive Adserver 6.0.7, occurring in the maintenance tools, specifically in the files maintenance-acl-check.php and maintenance-banners-check.php . The root cause is that entity names are displayed without proper escaping when inconsistencies are detected, ...

5.4CVSS5.8AI score0.00199EPSS
Exploits1References1Affected Software1
EUVD
EUVD
added 2026/05/14 6:13 p.m.6 views

EUVD-2026-30356

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, SiYuan's Bazaar community marketplace renders the name and version fields of a package's plugin.json and the equivalent theme.json / template.json / widget.json / icon.json into the Settings → Marketplace UI without HT...

9CVSS5.8AI score0.00361EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/07 2:26 p.m.1 views

CVE-2026-35460 Papra has an HTML Injection in Transactional Emails via Unescaped User Display Name

Papra is a minimalistic document management and archiving platform. Prior to 26.4.0, transactional email templates in Papra interpolate user.name directly into HTML without escaping or sanitization. An attacker who registers with a display name containing HTML tags will have those tags injected...

4.3CVSS5.9AI score0.00192EPSS
Exploits1References1
EUVD
EUVD
added 2026/04/07 2:26 p.m.5 views

EUVD-2026-19653

Papra is a minimalistic document management and archiving platform. Prior to 26.4.0, transactional email templates in Papra interpolate user.name directly into HTML without escaping or sanitization. An attacker who registers with a display name containing HTML tags will have those tags injected...

4.3CVSS5.9AI score0.00192EPSS
Exploits1References1
CVE
CVE
added 2026/04/07 2:26 p.m.17 views

CVE-2026-35460

Papra (document management platform) is affected by an HTML injection in transactional emails prior to version 26.4.0, where user.display name is interpolated into email HTML without escaping. An attacker registering with a display name containing HTML could inject tags into verification and pass...

5.4CVSS5.9AI score0.00192EPSS
Exploits1References1Affected Software1
EUVD
EUVD
added 2026/03/31 5:40 p.m.7 views

EUVD-2026-17552

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, when the hidden prioritizefullnameinux site setting is enabled defaults to false, requires console access to change, user...

2.1CVSS5.8AI score0.00167EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/03/11 5:29 p.m.4 views

SUSE CVE-2025-13523

Mattermost Confluence plugin version 1.7.0 fails to properly escape user-controlled display names in HTML template rendering which allows authenticated Confluence users with malicious display names to execute arbitrary JavaScript in victim browsers via sending a specially crafted OAuth2 connectio...

7.7CVSS6AI score0.00189EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/06 3:52 p.m.4 views

CVE-2025-13523 Cross-Site Scripting (XSS) via Unescaped Display Names in Mattermost Confluence Plugin OAuth2 Flow

Mattermost Confluence plugin version 1.7.0 fails to properly escape user-controlled display names in HTML template rendering which allows authenticated Confluence users with malicious display names to execute arbitrary JavaScript in victim browsers via sending a specially crafted OAuth2 connectio...

7.7CVSS5.8AI score0.00189EPSS
Exploits0References1
CVE
CVE
added 2026/02/06 3:52 p.m.17 views

CVE-2025-13523

CVE-2025-13523 affects Mattermost Confluence plugin versions prior to 1.7.0. The root cause is improper escaping of user-controlled display names during HTML template rendering. This allows authenticated Confluence users with malicious display names to trigger arbitrary JavaScript execution in a ...

7.7CVSS5.8AI score0.00189EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-3290

Malicious code in bioql PyPI...

5.4CVSS5.7AI score0.00688EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/01/23 12:0 a.m.3 views

WordPress plugin WP Popups 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

5.4CVSS5.4AI score0.00471EPSS
Exploits2References2
CNNVD
CNNVD
added 2022/06/23 12:0 a.m.3 views

Jenkins 跨站脚本漏洞

Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins versions 2.340 through 2.355 contain a cross-site scripting vulnerability that stems from the tooling of the build...

5.4CVSS5.9AI score0.01361EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/05/24 5:28 p.m.31 views

Stored XSS vulnerability in Pipeline Maven Integration Plugin via unescaped display name

Pipeline Maven Integration Plugin 3.9.2 and earlier does not escape the upstream job’s display name shown as part of a build cause. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission. Pipeline Maven Integration Plugin 3.9.3 escap...

5.4CVSS5AI score0.00735EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/28 5:18 p.m.153 views

Cross-site scripting

Two kinds of XSS were found: 1. As mentioned in https://github.com/mongo-express/mongo-express/issues/577 when the content of a cell grows larger than supported size, clicking on a row will show full document unescaped, however this needs admin interaction on cell. 2. Data cells identified as med...

8.1CVSS6.2AI score0.0157EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2019/12/17 12:0 a.m.9 views

PT-2019-14718 · Jenkins · Jenkins Mission Control Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Mission Control Plugin versions 0.9.16 and earlier Description: The issue concerns a stored XSS vulnerability. It occurs because the plugin does not properly escape job display names and build names shown on its view. This can be...

5.4CVSS5.1AI score0.00688EPSS
Exploits0References4
Rows per page
Query Builder