Lucene search
K

320 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 3:21 p.m.11 views

CVE-2020-25270

PHPGurukul hostel-management-system 2.1 allows XSS via Guardian Name, Guardian Relation, Guardian Contact no, Address, or City...

5.4CVSS5.8AI score0.03185EPSS
Exploits3
RedhatCVE
RedhatCVE
added 2025/05/22 8:25 a.m.9 views

CVE-2019-0281

SAPUI5 and OpenUI5, before versions 1.38.39, 1.44.39, 1.52.25, 1.60.6 and 1.63.0, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...

6.1CVSS6AI score0.01325EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:23 a.m.8 views

CVE-2019-0385

SAP Enable Now, before version 1908, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...

6.5CVSS6AI score0.00526EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:43 a.m.9 views

CVE-2019-0326

SAP BusinessObjects Business Intelligence Platform BI Workspace Enterprise, versions 4.1, 4.2, 4.3, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...

6.1CVSS6AI score0.01325EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:38 a.m.6 views

CVE-2010-4500

Multiple SQL injection vulnerabilities in contact.php in MRCGIGUY MCG FreeTicket 1.0.0, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via the 1 name, 2 email, 3 subject, and 4 message parameters in a sendmess action. NOTE: the provenance of this...

6.8CVSS8.7AI score0.00917EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:9 a.m.6 views

CVE-2019-0376

SAP BusinessObjects Business Intelligence Platform Web Intelligence HTML interface, before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows an attacker to save malicious scripts in the publication name, which can be executed later by the victim, resulting in...

5.4CVSS6.4AI score0.00526EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2025/05/19 1:25 a.m.4 views

CVE-2025-23166

The C++ method SignTraits::DeriveBits may incorrectly call ThrowException based on user-supplied inputs when executing in a background thread, crashing the Node.js process. Such cryptographic operations are commonly applied to untrusted inputs. Thus, this mechanism potentially allows an adversary...

7.5CVSS6.8AI score0.00763EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/15 12:10 a.m.18 views

CVE-2025-26662

The Data Services Management Console does not sufficiently encode user-controlled inputs, allowing an attacker to inject malicious script. When a targeted victim, who is already logged in, clicks on the compromised link, the injected script gets executed within the scope of victim�s browser. This...

4.4CVSS7AI score0.0017EPSS
Exploits0References1
Snyk
Snyk
added 2025/05/13 9:0 p.m.4 views

Uncaught Exception

Overview Affected versions of this package are vulnerable to Uncaught Exception in the SignTraits::DeriveBits function, which incorrectly invokes ThrowException based on user inputs when executing in a background thread. This allows an attacker to trigger a runtime crash. Note: The cryptographic...

8.7CVSS8AI score0.00763EPSS
Exploits0References2
NVD
NVD
added 2025/05/13 1:15 a.m.13 views

CVE-2025-26662

The Data Services Management Console does not sufficiently encode user-controlled inputs, allowing an attacker to inject malicious script. When a targeted victim, who is already logged in, clicks on the compromised link, the injected script gets executed within the scope of victim�s browser. This...

4.4CVSS0.0017EPSS
Exploits0References2
CVE
CVE
added 2025/05/13 12:9 a.m.63 views

CVE-2025-26662

CVE-2025-26662 describes a Cross-Site Scripting vulnerability in the SAP Data Services Management Console caused by insufficient encoding of user-controlled input. If a logged-in user clicks a crafted link, injected script executes in the victim’s browser, potentially impacting confidentiality an...

4.4CVSS4.8AI score0.0017EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/05/13 12:0 a.m.9 views

PT-2025-20804 · Sap Se · Sap Data Services Management Console

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: The issue concerns insufficient encoding of user-controlled inputs, allowing an attacker to inject malicious script. When a targeted victim, who is already logged in, clicks on a compromised...

4.4CVSS6.2AI score0.0017EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/04/08 7:10 a.m.16 views

CVE-2025-26653 Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP (applications based on SAP GUI for HTML)

SAP NetWeaver Application Server ABAP does not sufficiently encode user-controlled inputs, leading to Stored Cross-Site Scripting XSS vulnerability. This enables an attacker, without requiring any privileges, to inject malicious JavaScript into a website. When a user visits the compromised page,...

4.7CVSS0.00209EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/04/08 12:0 a.m.6 views

PT-2025-15364 · Sap · Sap Netweaver Application Server Abap

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver Application Server ABAP affected versions not specified Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability. It occurs because the software does not properly encode user-controlled inputs, allowi...

4.7CVSS5.1AI score0.00209EPSS
Exploits0References8
NVD
NVD
added 2025/04/07 3:15 p.m.26 views

CVE-2025-31138

tarteaucitron.js is a compliant and accessible cookie banner. A vulnerability was identified in tarteaucitron.js prior to 1.20.1, where user-controlled inputs for element dimensions width and height were not properly validated. This allowed an attacker with direct access to the site's source code...

6.6CVSS0.00233EPSS
Exploits0References2
OSV
OSV
added 2025/04/07 2:44 p.m.13 views

CVE-2025-31138 tarteaucitron.js allows UI manipulation via unrestricted CSS injection

tarteaucitron.js is a compliant and accessible cookie banner. A vulnerability was identified in tarteaucitron.js prior to 1.20.1, where user-controlled inputs for element dimensions width and height were not properly validated. This allowed an attacker with direct access to the site's source code...

5.5CVSS6.6AI score0.00233EPSS
Exploits0References4
CVE
CVE
added 2025/03/11 12:36 a.m.55 views

CVE-2025-26659

CVE-2025-26659 – SAP NetWeaver ABAP (WebGUI) is a DOM-based XSS vulnerability caused by insufficient encoding of user-controlled inputs in the SAP NetWeaver Application Server ABAP. The flaw allows an attacker with no privileges to craft a malicious web message that executes JavaScript in the vic...

6.1CVSS6.2AI score0.00221EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/02/22 4:21 a.m.17 views

CVE-2024-12038 Frontend Content Forms for User Submissions (UGC) <= 2.8.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'buddyforms_nav' Shortcode

The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions UGC plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'buddyformsnav' shortcode in all versions up to, and including, 2.8.15 due to insufficient input...

6.4CVSS0.00227EPSS
Exploits0References2
CVE
CVE
added 2025/02/19 11:10 a.m.45 views

CVE-2024-13534

CVE-2024-13534 affects the WordPress plugin “Small Package Quotes – Worldwide Express Edition.” The issue is an unauthenticated SQL Injection via the edit_id and dropship_edit_id parameters in all versions up to and including 5.2.18, stemming from insufficient escaping and inadequate preparation ...

7.5CVSS7.2AI score0.00436EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2025/02/14 5:20 a.m.12 views

CVE-2024-36673

Sourcecodester Pharmacy/Medical Store Point of Sale System 1.0 is vulnerable SQL Injection via login.php. This vulnerability stems from inadequate validation of user inputs for the email and password parameters, allowing attackers to inject malicious SQL queries...

9.8CVSS8.2AI score0.00524EPSS
Exploits1References1
Rows per page
Query Builder