Lucene search
K

17 matches found

Tenable Nessus
Tenable Nessus
added 6 days ago2 views

Mozilla Thunderbird < 140.12.1

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 140.12.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-64 advisory. - An attacker who can send HTML chat messages via Matrix or XMPP can inject arbitrary styled content,...

6.5CVSS6.2AI score0.00217EPSS
Exploits0References3
NVD
NVD
added 2026/06/25 3:16 p.m.8 views

CVE-2026-57533

Malicious HTML content could be injected into the page pretix shows when redirection to an untrusted page occurs. Since this page has a Content-Security-Policy, this can mainly be used for phishing purposes...

2.1CVSS0.00248EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.9 views

CVE-2026-5090

Template::Plugin::HTML versions through 3.102 for Perl allows HTML and JavaScript to be injected. The htmlfilter function did not escape single quotes. HTML attributes inside of single quotes could be have code injected. For example, the variable "var" in would not be properly escaped. An attacke...

6.1CVSS5.7AI score0.00282EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/14 7:23 p.m.5 views

CVE-2026-31281

Totara LMS v19.1.5 and before is vulnerable to HTML Injection. An attacker can inject malicious HTML code in a message and send it to all the users in the application, resulting in executing the code and may lead to session hijacking and executing commands on the victim's browser. NOTE: The...

8CVSS5.5AI score0.00302EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:41 a.m.9 views

CVE-2022-26596

Cross-site scripting XSS vulnerability in Journal module's web content display configuration page in Liferay Portal 7.1.0 through 7.3.3, and Liferay DXP 7.0 before fix pack 94, 7.1 before fix pack 19, and 7.2 before fix pack 8, allows remote attackers to inject arbitrary web script or HTML via we...

6.1CVSS5.9AI score0.00681EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2017-1492

Malware in sbrugna...

5.4CVSS5.5AI score0.00498EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-31151

Malicious code in bioql PyPI...

6.1CVSS6.2AI score0.00681EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/08/25 5:32 a.m.5 views

CVE-2025-43765

A Stored cross-site scripting vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.13 and 7.4 GA through update 92 allows an remote non-authenticated attacker to inject...

6.9CVSS6.3AI score0.00181EPSS
Exploits0References1
NVD
NVD
added 2025/08/20 12:15 p.m.5 views

CVE-2025-43742

A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.3, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14 and 7.4 GA through update 92 allows ...

6.9CVSS0.00182EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 1:17 a.m.8 views

CVE-2017-1000223

A stored web content injection vulnerability WCI, a.k.a XSS is present in MODX Revolution CMS version 2.5.6 and earlier. An authenticated user with permissions to edit users can save malicious JavaScript as a User Group name and potentially take control over victims' accounts. This can lead to an...

5.4CVSS7.1AI score0.00498EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2022/04/26 12:0 a.m.6 views

Liferay Portal and Liferay DXP allows arbitrary injection via web content template names

Cross-site scripting XSS vulnerability in Journal module's web content display configuration page before 5.0.15 in Liferay Portal 7.1.0 through 7.3.3, and Liferay DXP 7.0 before fix pack 94, 7.1 before fix pack 19, and 7.2 before fix pack 8, allows remote attackers to inject arbitrary web script ...

6.1CVSS6AI score0.00681EPSS
Exploits0References5Affected Software2
OSV
OSV
added 2022/04/26 12:0 a.m.4 views

GHSA-W7F2-6896-6MM2 Liferay Portal and Liferay DXP allows arbitrary injection via web content template names

Cross-site scripting XSS vulnerability in Journal module's web content display configuration page before 5.0.15 in Liferay Portal 7.1.0 through 7.3.3, and Liferay DXP 7.0 before fix pack 94, 7.1 before fix pack 19, and 7.2 before fix pack 8, allows remote attackers to inject arbitrary web script ...

6.1CVSS6AI score0.00681EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2022/01/19 9:15 p.m.4 views

CVE-2021-3816

Cacti 1.1.38 allows authenticated users with User Management permissions to inject arbitrary HTML in the groupprefix field during the creation of a new group via "Copy" method at usergroupadmin.php...

5.4CVSS6.2AI score0.00533EPSS
Exploits0References2
Prion
Prion
added 2017/11/17 5:29 a.m.13 views

Design/Logic Flaw

A stored web content injection vulnerability WCI, a.k.a XSS is present in MODX Revolution CMS version 2.5.6 and earlier. An authenticated user with permissions to edit users can save malicious JavaScript as a User Group name and potentially take control over victims' accounts. This can lead to an...

3.5CVSS5.8AI score0.00498EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2017/11/17 5:29 a.m.13 views

CVE-2017-1000223

A stored web content injection vulnerability WCI, a.k.a XSS is present in MODX Revolution CMS version 2.5.6 and earlier. An authenticated user with permissions to edit users can save malicious JavaScript as a User Group name and potentially take control over victims' accounts. This can lead to an...

5.4CVSS7.1AI score
Exploits0References1
CVE
CVE
added 2017/11/17 5:0 a.m.54 views

CVE-2017-1000223

MODX Revolution CMS

5.4CVSS5.7AI score0.00498EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2017/11/17 5:0 a.m.21 views

CVE-2017-1000223

A stored web content injection vulnerability WCI, a.k.a XSS is present in MODX Revolution CMS version 2.5.6 and earlier. An authenticated user with permissions to edit users can save malicious JavaScript as a User Group name and potentially take control over victims' accounts. This can lead to an...

5.8AI score0.00498EPSS
Exploits0References1
Rows per page
Query Builder