Lucene search
K

47 matches found

NVD
NVD
added 2026/07/03 8:16 a.m.11 views

CVE-2026-9148

The Comments – wpDiscuz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the guest commenter 'Website' field in versions up to, and including, 7.6.56 This is due to insufficient output escaping in the getCommentAuthor function, which interpolates the stored commentauthorurl...

7.2CVSS0.00305EPSS
Exploits0References11
Cvelist
Cvelist
added 2026/07/03 6:50 a.m.38 views

CVE-2026-9148 Comments <= 7.6.56 - Unauthenticated Stored Cross-Site Scripting via 'Website' Field

The Comments – wpDiscuz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the guest commenter 'Website' field in versions up to, and including, 7.6.56 This is due to insufficient output escaping in the getCommentAuthor function, which interpolates the stored commentauthorurl...

7.2CVSS0.00305EPSS
Exploits0References11
ATTACKERKB
ATTACKERKB
added 2026/07/03 6:50 a.m.6 views

CVE-2026-9148

The Comments – wpDiscuz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the guest commenter 'Website' field in versions up to, and including, 7.6.56 This is due to insufficient output escaping in the getCommentAuthor function, which interpolates the stored commentauthorurl...

7.2CVSS6.1AI score0.00305EPSS
Exploits0References12
EUVD
EUVD
added 2026/07/03 6:50 a.m.7 views

EUVD-2026-41514

The Comments – wpDiscuz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the guest commenter 'Website' field in versions up to, and including, 7.6.56 This is due to insufficient output escaping in the getCommentAuthor function, which interpolates the stored commentauthorurl...

7.2CVSS6.1AI score0.00305EPSS
Exploits0References11
CVE
CVE
added 2026/07/03 6:50 a.m.18 views

CVE-2026-9148

The Comments – wpDiscuz plugin for WordPress (affected: versions up to 7.6.56) is vulnerable to Stored XSS via the guest commenter field Website. The root cause is insufficient output escaping in getCommentAuthor(), which interpolates the stored comment_author_url directly into single-quoted HTML...

7.2CVSS6.1AI score0.00305EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.9 views

PT-2026-55508

Name of the Vulnerable Software and Affected Versions wpDiscuz versions prior to 7.6.57 Description Stored Cross-Site Scripting occurs when the plugin fails to properly escape output in the getCommentAuthor function. This happens because the comment author url value, provided in the guest comment...

7.2CVSS6AI score0.00305EPSS
Exploits0References16
Snyk
Snyk
added 2026/04/06 4:10 p.m.3 views

Improper Encoding or Escaping of Output

Overview glpi/glpi is a free Asset and IT Management Software package with ITIL Service Desk, licenses tracking and software auditing. Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the Website field in the supplier component. An attacker can execu...

8.6CVSS6.1AI score0.0028EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/06 2:31 p.m.3 views

CVE-2026-25932 GLPI has Stored XSS in Supplier 'Website' field

GLPI is a Free Asset and IT Management Software package. From 0.60 to before 10.0.24, an authenticated technician user can store an XSS payload in a supplier fields. This vulnerability is fixed in 10.0.24...

7.2CVSS5.9AI score0.0028EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/06 2:31 p.m.33 views

CVE-2026-25932 GLPI has Stored XSS in Supplier 'Website' field

GLPI is a Free Asset and IT Management Software package. From 0.60 to before 10.0.24, an authenticated technician user can store an XSS payload in a supplier fields. This vulnerability is fixed in 10.0.24...

7.2CVSS0.0028EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/30 12:0 a.m.7 views

PT-2026-29030

A Stored Cross-Site Scripting XSS vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the update details.php file. The application fails to sanitize the "website" parameter provided in a POST request. This allows authenticated attackers to inject...

6.1CVSS6AI score0.00174EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/03/19 9:52 p.m.24 views

CVE-2026-32099 Discourse prevents hidden profile data leak via user onebox

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, when a user has hideprofile enabled, their bio, location, and website were still exposed through the user onebox preview. An authenticated user could request a onebox for a hidden user's...

4.3CVSS0.00302EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/02/24 4:3 p.m.12 views

Isso affected by Stored XSS via comment website field

Impact This is a stored Cross-Site Scripting XSS vulnerability affecting the website and author comment fields. The website field was HTML-escaped using quote=False, which left single and double quotes unescaped. Since the frontend inserts the website value directly into a single-quoted href...

6.1CVSS5.8AI score0.00216EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/02/24 4:3 p.m.17 views

GHSA-9FWW-8CPR-Q66R Isso affected by Stored XSS via comment website field

Impact This is a stored Cross-Site Scripting XSS vulnerability affecting the website and author comment fields. The website field was HTML-escaped using quote=False, which left single and double quotes unescaped. Since the frontend inserts the website value directly into a single-quoted href...

6.1CVSS5.9AI score0.00216EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/02/23 1:31 p.m.8 views

CVE-2026-27469

Isso is a lightweight commenting server written in Python and JavaScript. In commits before 0afbfe0691ee237963e8fb0b2ee01c9e55ca2144, there is a stored Cross-Site Scripting XSS vulnerability affecting the website and author comment fields. The website field was HTML-escaped using quote=False, whi...

6.1CVSS5.5AI score0.00216EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/21 7:24 a.m.5 views

CVE-2026-27469

Isso is a lightweight commenting server written in Python and JavaScript. In commits before 0afbfe0691ee237963e8fb0b2ee01c9e55ca2144, there is a stored Cross-Site Scripting XSS vulnerability affecting the website and author comment fields. The website field was HTML-escaped using quote=False, whi...

6.1CVSS5.7AI score0.00216EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/02/21 7:24 a.m.4 views

CVE-2026-27469 Isso: Stored XSS via comment website field

Isso is a lightweight commenting server written in Python and JavaScript. In commits before 0afbfe0691ee237963e8fb0b2ee01c9e55ca2144, there is a stored Cross-Site Scripting XSS vulnerability affecting the website and author comment fields. The website field was HTML-escaped using quote=False, whi...

6.1CVSS5.5AI score0.00216EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/21 7:24 a.m.25 views

CVE-2026-27469 Isso: Stored XSS via comment website field

Isso is a lightweight commenting server written in Python and JavaScript. In commits before 0afbfe0691ee237963e8fb0b2ee01c9e55ca2144, there is a stored Cross-Site Scripting XSS vulnerability affecting the website and author comment fields. The website field was HTML-escaped using quote=False, whi...

6.1CVSS0.00216EPSS
Exploits0References3
OSV
OSV
added 2026/02/21 7:24 a.m.7 views

CVE-2026-27469 Isso: Stored XSS via comment website field

Isso is a lightweight commenting server written in Python and JavaScript. In commits before 0afbfe0691ee237963e8fb0b2ee01c9e55ca2144, there is a stored Cross-Site Scripting XSS vulnerability affecting the website and author comment fields. The website field was HTML-escaped using quote=False, whi...

6.1CVSS5.8AI score0.00216EPSS
Exploits0References5
CVE
CVE
added 2026/02/21 7:24 a.m.28 views

CVE-2026-27469

Isso is a lightweight Python/JavaScript commenting server affected by a stored XSS in commits prior to 0afbfe0691ee237963e8fb0b2ee01c9e55ca2144. The vulnerability affects the website field and author comments because quotes were not properly escaped; the frontend inserts the website value into a ...

6.1CVSS5.7AI score0.00216EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/21 12:0 a.m.8 views

Isso 安全漏洞

Isso is a comment server open-source project developed by Isso Comments. Isso has a security vulnerability, which stems from insufficient cleaning and escaping of fields related to website and author comments. This vulnerability may lead to storage-side cross-site scripting attacks...

6.1CVSS5.6AI score0.00216EPSS
Exploits0References3
Rows per page
Query Builder