Lucene search
K

5 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/14 7:52 p.m.6 views

CVE-2026-8539

Script injection in SanitizerAPI in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: High...

5.4CVSS6AI score0.00159EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/05/06 6:12 p.m.17 views

CVE-2026-7939

CVE-2026-7939 affects Google Chrome’s SanitizerAPI: an inappropriate implementation allows UXSS via a crafted HTML page, prior to Chrome 148.0.7778.96. Remote script/HTML injection is possible. Remediation is to upgrade to Chrome 148.0.7778.96 or later (as per Chrome stable release notes and Debi...

5.4CVSS6AI score0.00165EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2025/08/10 12:15 a.m.12 views

CVE-2020-9322

The /users endpoint in Statamic Core before 2.11.8 allows XSS to add an administrator user. This can be exploited via CSRF. Stored XSS can occur via a JavaScript payload in a username during account registration. Reflected XSS can occur via the /users PATHINFO...

8.8CVSS5.6AI score0.00238EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/06/17 6:0 a.m.24 views

CVE-2025-5209 Ivory Search < 5.5.10 - Admin+ Stored XSS

The Ivory Search WordPress plugin before 5.5.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

0.00218EPSS
Exploits1References1
Cvelist
Cvelist
added 2022/10/31 12:0 a.m.16 views

CVE-2022-3420 Official Integration for Billingo < 3.4.0 - ShopManager+ Stored XSS

The Official Integration for Billingo WordPress plugin before 3.4.0 does not sanitise and escape some of its settings, which could allow high privilege users with a role as low as Shop Manager to perform Stored Cross-Site Scripting attacks...

5.1AI score0.0047EPSS
Exploits2References1
Rows per page
Query Builder