Lucene search
K

10 matches found

RedhatCVE
RedhatCVE
added 2026/06/19 3:59 a.m.9 views

CVE-2026-12048

A flaw was found in pgAdmin 4. This stored cross-site scripting XSS vulnerability allows a remote attacker to inject arbitrary HTML into the pgAdmin user interface. This occurs when text returned by a PostgreSQL server, such as error messages or object names, is not properly sanitized. An attacke...

9.3CVSS5.3AI score0.0021EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 12:9 a.m.10 views

CVE-2025-65640

Cross Site Scripting XSS vulnerability in the "Task in Progress / Recent" page in Arket Globe Document Intelligence 5.0.0.559 due to improper sanitization of user input in text fields when creating a new document. Specifically, when an authenticated attacker submits data containing JavaScript cod...

6.3CVSS6.1AI score0.00216EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/04 12:0 a.m.11 views

CVE-2025-65640

Cross Site Scripting XSS vulnerability in the "Task in Progress / Recent" page in Arket Globe Document Intelligence 5.0.0.559 due to improper sanitization of user input in text fields when creating a new document. Specifically, when an authenticated attacker submits data containing JavaScript cod...

6.1AI score0.00216EPSS
Exploits0References2
Snyk
Snyk
added 2026/01/14 4:53 p.m.3 views

Cross-site Scripting (XSS)

Overview org.webjars.npm:html2pdf.js is a Client-side HTML-to-PDF rendering using pure JS Affected versions of this package are vulnerable to Cross-site Scripting XSS via the html2pdf function when processing unsanitized text not element sources. An attacker can execute arbitrary scripts in the...

8.7CVSS5.4AI score0.00324EPSS
Exploits1References2
Snyk
Snyk
added 2025/01/27 10:0 p.m.3 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS at the /admin/compass endpoint, which passes data from GET requests to the index function. This function can return unsanitized text in error message popups when it receives a file deletion request. As a result,...

6.1CVSS5.3AI score0.24095EPSS
Exploits1References2
OSV
OSV
added 2023/05/31 1:18 p.m.6 views

DRUPAL-CONTRIB-2023-017

The Consent Popup provides a configurable popup that requires acceptance of a question before the visitor can continue, typically used for age consent. The module doesn't sufficiently sanitizes the text on the block leading to a cross site scripting XSS vulnerability. This vulnerability is...

5.9AI score
Exploits0References1
OSV
OSV
added 2022/08/22 3:15 p.m.2 views

CVE-2022-0446

The Simple Banner WordPress plugin before 2.12.0 does not properly sanitize its "Simple Banner Text" Settings allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

4.8CVSS5.8AI score0.00444EPSS
Exploits1References1
Prion
Prion
added 2021/05/12 3:15 p.m.11 views

Hardcoded credentials

An issue was discovered in Smartstore aka SmartStoreNET through 4.1.1. Views/Boards/Partials/ForumPost.cshtml does not call HtmlUtils.SanitizeHtml on certain text for a forum post...

7.5CVSS9.3AI score0.33442EPSS
Exploits1References2Affected Software1
RedHat Linux
RedHat Linux
added 2018/03/26 9:39 a.m.5 views

rubygems: Escape sequence in the "summary" field of gemspec

A vulnerability was found where rubygems did not properly sanitize gems' specification text. A specially crafted gem could interact with the terminal via the use of escape sequences...

9.8CVSS7.3AI score0.1081EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2017/12/19 8:37 a.m.5 views

rubygems: Escape sequence in the "summary" field of gemspec

A vulnerability was found where rubygems did not properly sanitize gems' specification text. A specially crafted gem could interact with the terminal via the use of escape sequences...

9.8CVSS7.3AI score0.1081EPSS
Exploits1References5
Rows per page
Query Builder