Lucene search
K

4 matches found

Patchstack
Patchstack
added 2026/05/11 7:40 p.m.11 views

NPM: Kysely: JSON-path traversal injection via unsanitized path-leg metacharacters in `JSONPathBuilder.key()` / `.at()`

NPM: Kysely: JSON-path traversal injection via unsanitized path-leg metacharacters in JSONPathBuilder.key / .at vulnerability discovered by ? in WordPress Npm kysely versions = 0.26.0, 0.28.17...

5.8AI score0.00362EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2025/11/06 5:15 p.m.4 views

CVE-2025-63589

A reflected XSS vulnerability exists in CMSimpleXH 1.8's index.php router when attacker-controlled path segments are not sanitized or encoded before being inserted into the generated HTML navigation links, breadcrumbs, search form action, footer links. An attacker-controlled string placed in the...

7.1CVSS0.00323EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/11/06 12:0 a.m.9 views

CVE-2025-63589

A reflected XSS vulnerability exists in CMSimpleXH 1.8's index.php router when attacker-controlled path segments are not sanitized or encoded before being inserted into the generated HTML navigation links, breadcrumbs, search form action, footer links. An attacker-controlled string placed in the...

0.00323EPSS
Exploits1References2
OSV
OSV
added 2025/11/06 12:0 a.m.4 views

CVE-2025-63589

A reflected XSS vulnerability exists in CMSimpleXH 1.8's index.php router when attacker-controlled path segments are not sanitized or encoded before being inserted into the generated HTML navigation links, breadcrumbs, search form action, footer links. An attacker-controlled string placed in the...

7.1CVSS6.2AI score0.00323EPSS
Exploits1References4
Rows per page
Query Builder