Lucene search
+L

16333 matches found

nuclei
nuclei
added yesterday1019 views

Moodle LTI module Reflected - Cross-Site Scripting

A reflected XSS issue was identified in the LTI module of Moodle. The vulnerability exists due to insufficient sanitization of user-supplied data in the LTI module. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's brows...

6.1CVSS6.5AI score0.03747EPSS
Exploits0References5
nuclei
nuclei
added yesterday43 views

Agentejo Cockpit 0.10.2 - Cross-Site Scripting

Agentejo Cockpit 0.10.2 contains a reflected cross-site scripting vulnerability due to insufficient sanitization of the to parameter in the /auth/login route, which allows for injection of arbitrary JavaScript code into a web page's content. id: CVE-2020-14408 info: name: Agentejo Cockpit 0.10.2 ...

6.1CVSS6.5AI score0.03003EPSS
Exploits1References5
nuclei
nuclei
added yesterday84 views

FortiWeb - Cross Site Scripting

FortiWeb 6.3.0 through 6.3.7 and versions before 6.2.4 contain an unauthenticated cross-site scripting vulnerability. Improper neutralization of input during web page generation can allow a remote attacker to inject malicious payload in vulnerable API end-points. id: CVE-2021-22122 info: name:...

6.1CVSS6.4AI score0.1052EPSS
Exploits0References5
circl
circl
added 2 days ago5 views

CVE-2026-52870

creationtimestamp| type| source ---|---|--- 2026-07-15 21:00:25+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mqpmifoxio25...

7.6CVSS6.1AI score0.00227EPSS
Exploits0References1
cvelist
cvelist
added 2 days ago31 views

CVE-2026-9007 Reflected XSS in HCL Notes

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in HCL Notes from HCL Software allows reflected Cross-Site Scripting XSS. Successful exploitation allows an attacker to execute arbitrary JavaScript in the context of another user. This issue affects...

5.5CVSS0.00258EPSS
Exploits0References1
nvd
nvd
added 2 days ago9 views

CVE-2026-59838

A improper neutralization of script-related html tags in a web page basic xss vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4, FortiSIEM 7.2.0 through 7.2.6, FortiSIEM 7.1 all versions, FortiSIEM 7.0 all versions, FortiSIEM 6.7 all versions, FortiSIEM 6.6 all versions,...

5.9CVSS0.00142EPSS
Exploits0References1
cve
cve
added 2 days ago5 views

CVE-2026-59838

CVE-2026-59838 is an XSS-type vulnerability described as improper neutralization of script-related HTML tags in Fortinet FortiSIEM. Affected versions span FortiSIEM 7.4.0; 7.3.0–7.3.4; 7.2.0–7.2.6; 7.1.x; 7.0.x; and all 6.x versions (6.4–6.7). The issue could allow an attacker to execute unauthor...

5.9CVSS6.2AI score0.00142EPSS
Exploits0References1Affected Software1
redhatcve
redhatcve
added 2 days ago5 views

CVE-2026-49458

A flaw was found in DOMPurify, a tool designed to prevent cross-site scripting XSS attacks by sanitizing HTML, MathML, and SVG content. When processing certain types of web page elements, DOMPurify failed to properly identify and sanitize malicious code. This oversight could allow an attacker to...

6.1CVSS6.1AI score0.00288EPSS
Exploits0References6
nvd
nvd
added 3 days ago6 views

CVE-2026-48287

CAI Content Credentials is affected by an Untrusted Search Path vulnerability that could result in arbitrary code execution in the context of the current user. Exploit depends on conditions beyond the attacker's control. Exploitation of this issue requires user interaction in that a victim must...

7.4CVSS0.00139EPSS
Exploits0References1
attackerkb
attackerkb
added 3 days ago4 views

CVE-2026-48290

CAI Content Credentials is affected by a Server-Side Request Forgery SSRF vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated access o...

8.2CVSS6.4AI score0.00177EPSS
Exploits0References2
nvd
nvd
added 3 days ago4 views

CVE-2026-15768

Insufficient policy enforcement in HTML-in-Canvas in Google Chrome prior to 150.0.7871.125 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: High...

6.5CVSS0.00208EPSS
Exploits0References2
nvd
nvd
added 3 days ago3 views

CVE-2026-15772

Use after free in GPU in Google Chrome on Android prior to 150.0.7871.125 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS0.00221EPSS
Exploits0References2
cve
cve
added 3 days ago10 views

CVE-2026-15774

CVE-2026-15774 is a Use-after-free in Skia affecting Google Chrome prior to 150.0.7871.125. The issue could allow a remote attacker (with renderer access) to escape the Chrome sandbox via a crafted HTML page. Public references show a Chrome security update (Stable Channel) and list this CVE among...

8.3CVSS6.1AI score0.00221EPSS
Exploits0References2Affected Software1
cve
cve
added 3 days ago11 views

CVE-2026-58647

CVE-2026-58647 affects Microsoft Power BI Power BI Report Server. The issue is an improper neutralization of input during web page generation, enabling cross-site scripting. Attackers must be authorized, require user interaction, and can exploit over the network to perform spoofing with high impa...

8CVSS6.1AI score0.00538EPSS
Exploits0References1Affected Software1
cve
cve
added 3 days ago43 views

CVE-2026-55008

CVE-2026-55008 affects Microsoft Exchange Server and is caused by improper neutralization of input during web page generation, enabling cross-site scripting. The NVD entry lists a high-severity CVSS 3.1 base score of 9.6 (NETWORK, LOW attack complexity, NONE privileges, user interaction required,...

9.6CVSS6.1AI score0.00725EPSS
Exploits0References1
mscve
mscve
added 3 days ago10 views

Visual Studio Code Security Feature Bypass Vulnerability

Improper neutralization of input during web page generation 'cross-site scripting' in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally...

7.1CVSS6.1AI score0.00422EPSS
Exploits0
mscve
mscve
added 3 days ago12 views

Microsoft SharePoint Server Spoofing Vulnerability

Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...

5.4CVSS6.1AI score0.00283EPSS
Exploits0
mscve
mscve
added 3 days ago9 views

Microsoft SharePoint Server Spoofing Vulnerability

Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...

8.7CVSS6.1AI score0.0065EPSS
Exploits0
mscve
mscve
added 3 days ago4 views

Microsoft PowerBI Report Server Spoofing Vulnerability

Improper neutralization of input during web page generation 'cross-site scripting' in Power BI allows an authorized attacker to perform spoofing over a network...

8CVSS6.1AI score0.00538EPSS
Exploits0
ptsecurity
ptsecurity
added 3 days ago8 views

PT-2026-58504

Name of the Vulnerable Software and Affected Versions Active Directory Federation Services affected versions not specified Description Improper neutralization of input during web page generation leads to cross-site scripting, which allows an authorized attacker to perform spoofing over a network...

4.8CVSS6AI score0.0038EPSS
Exploits0References5
Rows per page
Query Builder