Lucene search
K

10 matches found

RedhatCVE
RedhatCVE
added 2026/03/26 3:9 p.m.4 views

CVE-2026-33061

Jexactyl is a customisable game management panel and billing system. Commits after 025e8dbb0daaa04054276bda814d922cf4af58da and before e28edb204e80efab628d1241198ea4f079779cfd inject server-side objects into client-side JavaScript through resources/views/templates/wrapper.blade.php. Using unescap...

5.8CVSS5.9AI score0.00165EPSS
Exploits1References1
CVE
CVE
added 2026/03/24 7:18 p.m.14 views

CVE-2026-33331

CVE-2026-33331 affects orpc prior to version 1.13.9, exposing a stored XSS in the OpenAPI documentation generation. If an OpenAPI spec field (eg. info.description) is attacker-controlled, the rendered docs can break out of a JSON context and execute arbitrary JavaScript in a user’s browser. Red H...

8.2CVSS5.8AI score0.00288EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2026/03/20 8:16 a.m.12 views

CVE-2026-33061

Jexactyl is a customisable game management panel and billing system. Commits after 025e8dbb0daaa04054276bda814d922cf4af58da and before e28edb204e80efab628d1241198ea4f079779cfd inject server-side objects into client-side JavaScript through resources/views/templates/wrapper.blade.php. Using unescap...

5.8CVSS0.00165EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/03/20 7:34 a.m.2 views

CVE-2026-33061 Jexactyl has Stored DOM Cross-Site Scripting (XSS) via unescaped JSON in Blade template

Jexactyl is a customisable game management panel and billing system. Commits after 025e8dbb0daaa04054276bda814d922cf4af58da and before e28edb204e80efab628d1241198ea4f079779cfd inject server-side objects into client-side JavaScript through resources/views/templates/wrapper.blade.php. Using unescap...

5.8CVSS5.9AI score0.00165EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/20 7:34 a.m.2 views

CVE-2026-33061

exactyl is a customisable game management panel and billing system. Commits after 025e8dbb0daaa04054276bda814d922cf4af58da and before e28edb204e80efab628d1241198ea4f079779cfd inject server-side objects into client-side JavaScript through resources/views/templates/wrapper.blade.php. Using unescape...

5.8CVSS5.9AI score0.00165EPSS
Exploits1References3
EUVD
EUVD
added 2026/03/20 7:34 a.m.5 views

EUVD-2026-13622

exactyl is a customisable game management panel and billing system. Commits after 025e8dbb0daaa04054276bda814d922cf4af58da and before e28edb204e80efab628d1241198ea4f079779cfd inject server-side objects into client-side JavaScript through resources/views/templates/wrapper.blade.php. Using unescape...

5.8CVSS5.9AI score0.00165EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/03/20 7:34 a.m.21 views

CVE-2026-33061 Jexactyl has Stored DOM Cross-Site Scripting (XSS) via unescaped JSON in Blade template

Jexactyl is a customisable game management panel and billing system. Commits after 025e8dbb0daaa04054276bda814d922cf4af58da and before e28edb204e80efab628d1241198ea4f079779cfd inject server-side objects into client-side JavaScript through resources/views/templates/wrapper.blade.php. Using unescap...

5.8CVSS0.00165EPSS
Exploits1References2
OSV
OSV
added 2026/03/20 7:34 a.m.4 views

CVE-2026-33061 Jexactyl has Stored DOM Cross-Site Scripting (XSS) via unescaped JSON in Blade template

Jexactyl is a customisable game management panel and billing system. Commits after 025e8dbb0daaa04054276bda814d922cf4af58da and before e28edb204e80efab628d1241198ea4f079779cfd inject server-side objects into client-side JavaScript through resources/views/templates/wrapper.blade.php. Using unescap...

5.8CVSS5.9AI score0.00165EPSS
Exploits1References4
NVD
NVD
added 2026/03/20 2:16 a.m.5 views

CVE-2026-32880

ChurchCRM is an open-source church management system. Versions prior to 7.0.2 allow an admin user to edit JSON type system settings to store a JavaScript payload that can execute when any admin views the system settings. The JSON input is left unescaped/unsanitized in SystemSettings.php, leading ...

6.4CVSS0.0032EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/09/06 12:0 a.m.7 views

PT-2024-31552 · Alf.Io · Alf.Io

Name of the Vulnerable Software and Affected Versions: alf.io versions prior to 2.0-M5 Description: The issue concerns an open source ticket reservation system for events. Prior to version 2.0-M5, the preloaded data as JSON is not escaped correctly. This allows an administrator or event admin to...

6.5CVSS7.2AI score0.00716EPSS
Exploits1References8
Rows per page
Query Builder