Lucene search
K

9 matches found

Snyk
Snyk
added 2026/05/18 9:45 a.m.10 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the error page composition process. An attacker can execute arbitrary JavaScript code in the context of affected users by injecting malicious content into unescaped variables when editing certain site...

5.1CVSS5.8AI score0.00143EPSS
Exploits0References2
CVE
CVE
added 2026/05/18 6:58 a.m.24 views

CVE-2026-3495

CVE-2026-3495 affects Mattermost versions 11.5.x up to 11.5.1 and 10.11.x up to 10.11.13. The root cause is failure to escape certain variables during error page composition, enabling an attacker with access to edit site configuration to inject JavaScript and execute malicious code. The connected...

4.8CVSS5.9AI score0.00143EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/05/18 6:58 a.m.48 views

CVE-2026-3495 Unescaped variables during error page composition

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13 fail to escape some variables that could contain malicious content during error page composition which allows an attacker with access to edit some site configuration to execute some malicious code via injecting some JS as part of those...

3.8CVSS0.00143EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/18 6:58 a.m.13 views

CVE-2026-3495 Unescaped variables during error page composition

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13 fail to escape some variables that could contain malicious content during error page composition which allows an attacker with access to edit some site configuration to execute some malicious code via injecting some JS as part of those...

3.8CVSS5.9AI score0.00143EPSS
Exploits0References1
OSV
OSV
added 2025/12/16 7:36 p.m.5 views

GHSA-JHGF-2H8H-GGXV Parse Server has a Cross-Site Scripting (XSS) vulnerability via Unescaped Mustache Template Variables

Impact A Reflected Cross-Site Scripting XSS vulnerability exists in Parse Server's password reset and email verification HTML pages. Patches The patch escapes user controlled values that are inserted into the HTML pages. Workarounds None. Resources -...

5.3CVSS5.8AI score0.00183EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-17333

Malware in sbrugna...

8.8CVSS8.7AI score0.01496EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/05/22 4:51 a.m.5 views

CVE-2019-10395

Jenkins Build Environment Plugin 1.6 and earlier did not escape variables shown on its views, resulting in a cross-site scripting vulnerability in Jenkins 2.145, 2.138.1, or older, exploitable by users able to change various job/build properties...

5.4CVSS6.1AI score0.00688EPSS
Exploits0References1
OSV
OSV
added 2024/05/14 3:17 p.m.4 views

DEBIAN-CVE-2024-29894

Cacti provides an operational monitoring and fault management framework. Versions of Cacti prior to 1.2.27 contain a residual cross-site scripting vulnerability caused by an incomplete fix for CVE-2023-50250. raisemessagejavascript from lib/functions.php now uses purify.js to fix CVE-2023-50250...

4.7CVSS8.2AI score0.00897EPSS
Exploits1References1
OSV
OSV
added 2019/09/12 2:15 p.m.6 views

CVE-2019-10395

Jenkins Build Environment Plugin 1.6 and earlier did not escape variables shown on its views, resulting in a cross-site scripting vulnerability in Jenkins 2.145, 2.138.1, or older, exploitable by users able to change various job/build properties...

5.4CVSS6AI score
Exploits0References2
Rows per page
Query Builder