Lucene search
+L

5 matches found

cve
cve
added 2026/07/01 9:2 p.m.14 views

CVE-2026-54720

Silverstripe Framework (PHP) contains an XSS vulnerability in the CMS “Insert media from web” feature, exploitable via a specially crafted embed. The issue affects versions prior to 6.2.2 and is mitigated by upgrading to 6.2.2 or later. The vulnerability stems from the media embed handling and co...

5.4CVSS5.8AI score0.00263EPSS
Exploits0References2
redhatcve
redhatcve
added 2025/05/23 8:35 a.m.8 views

CVE-2024-32472

excalidraw is an open source virtual hand-drawn style whiteboard. A stored XSS vulnerability in Excalidraw's web embeddable component. This allows arbitrary JavaScript to be run in the context of the domain where the editor is hosted. There were two vectors. One rendering untrusted string as...

6.1CVSS5.8AI score0.00561EPSS
Exploits0References1
github
github
added 2024/11/21 10:21 p.m.93 views

Flowise OverrideConfig security vulnerability

Impact Flowise allows developers to inject configuration into the Chainflow during execution through the overrideConfig option. This is supported in both the frontend web integration and the backend Prediction API. This has a range of fundamental issues that are a major security vulnerability...

7.7AI score
Exploits0References2Affected Software1
osv
osv
added 2024/04/17 9:32 p.m.24 views

GHSA-M64Q-4JQH-F72F Stored Cross-site Scripting (XSS) in excalidraw's web embed component

Summary A stored XSS vulnerability in Excalidraw's web embeddable component. This allows arbitrary JavaScript to be run in the context of the domain where the editor is hosted. Poc Inserting an embed with the below url can be copy/pasted onto canvas to insert as embed will log 42 to the console:...

6.1CVSS6.1AI score0.00561EPSS
Exploits0References5
cvelist
cvelist
added 2024/04/17 9:23 p.m.44 views

CVE-2024-32472 excalidraw vulnerable to a Stored XSS in excalidraw's web embed component

excalidraw is an open source virtual hand-drawn style whiteboard. A stored XSS vulnerability in Excalidraw's web embeddable component. This allows arbitrary JavaScript to be run in the context of the domain where the editor is hosted. There were two vectors. One rendering untrusted string as...

6.1CVSS6.3AI score0.00561EPSS
Exploits0References3
Rows per page
Query Builder