Lucene search
K

9 matches found

EUVD
EUVD
added 2026/06/21 1:27 p.m.6 views

EUVD-2026-38159

Craft CMS 4.x = 4.0.0-RC1, = 5.0.0-RC1, 5.9.0-beta.1 contain multiple stored cross-site scripting vulnerabilities where settings names and field option labels are rendered without sanitization e.g., via the checkbox.twig template, which used label|raw . An authenticated administrator with...

4.8CVSS5.9AI score0.00183EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/21 1:26 p.m.3 views

CVE-2026-56381

Craft CMS from version 5.0.0-RC1 contains a stored cross-site scripting vulnerability in the User Permissions page where user group names are rendered without proper HTML escaping. Attackers with admin access can inject arbitrary JavaScript via the user group name field that executes when other...

4.8CVSS5.8AI score0.00148EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/21 1:26 p.m.29 views

CVE-2026-56381 Craft CMS - Stored XSS via User Group Name in User Permissions Page

Craft CMS from version 5.0.0-RC1 contains a stored cross-site scripting vulnerability in the User Permissions page where user group names are rendered without proper HTML escaping. Attackers with admin access can inject arbitrary JavaScript via the user group name field that executes when other...

4.8CVSS0.00148EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/11 2:56 p.m.6 views

Cross-site Scripting (XSS)

Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the rendering process of user group names on the user permissions page. An attacker can execute arbitrary JavaScript code in the context of another user's browser...

4.8CVSS5.9AI score0.00148EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/10/14 7:42 a.m.5 views

CVE-2025-11672

Uniweb/SoliPACS WebServer developed by EBM Technologies has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to access a specific page to obtain user group names...

6.9CVSS7AI score0.00347EPSS
Exploits0References1
NVD
NVD
added 2025/10/13 8:15 a.m.15 views

CVE-2025-11672

Uniweb/SoliPACS WebServer developed by EBM Technologies has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to access a specific page to obtain user group names...

6.9CVSS0.00347EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/13 7:32 a.m.8 views

CVE-2025-11672 EBM Technologies|Uniweb/SoliPACS WebServer - Missing Authentication

Uniweb/SoliPACS WebServer developed by EBM Technologies has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to access a specific page to obtain user group names...

6.9CVSS0.00347EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/13 7:32 a.m.4 views

CVE-2025-11672 EBM Technologies|Uniweb/SoliPACS WebServer - Missing Authentication

Uniweb/SoliPACS WebServer developed by EBM Technologies has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to access a specific page to obtain user group names...

6.9CVSS6.7AI score0.00347EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/10/13 12:0 a.m.4 views

PT-2025-41772

Name of the Vulnerable Software and Affected Versions Uniweb/SoliPACS WebServer versions affected versions not specified Description The Uniweb/SoliPACS WebServer developed by EBM Technologies has a missing authentication control. This allows unauthenticated remote attackers to access a specific...

6.9CVSS6.7AI score0.00347EPSS
Exploits0References5
Rows per page
Query Builder