CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

40 matches found

Snyk•added 2026/04/06 4:10 p.m.•2 views

Improper Encoding or Escaping of Output

Overview glpi/glpi is a free Asset and IT Management Software package with ITIL Service Desk, licenses tracking and software auditing. Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the Website field in the supplier component. An attacker can execu...

8.6CVSS6.1AI score0.00013EPSS

Exploits0References2

Cvelist•added 2026/04/06 2:31 p.m.•29 views

CVE-2026-25932 GLPI has Stored XSS in Supplier 'Website' field

GLPI is a Free Asset and IT Management Software package. From 0.60 to before 10.0.24, an authenticated technician user can store an XSS payload in a supplier fields. This vulnerability is fixed in 10.0.24...

7.2CVSS0.00013EPSS

Exploits0References1

Vulnrichment•added 2026/04/06 2:31 p.m.•2 views

CVE-2026-25932 GLPI has Stored XSS in Supplier 'Website' field

7.2CVSS5.9AI score0.00013EPSS

Exploits0References1

Positive Technologies•added 2026/03/30 12:0 a.m.•1 views

PT-2026-29030

A Stored Cross-Site Scripting XSS vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the update details.php file. The application fails to sanitize the "website" parameter provided in a POST request. This allows authenticated attackers to inject...

6.1CVSS6AI score0.00051EPSS

Exploits1References2

Cvelist•added 2026/03/19 9:52 p.m.•20 views

CVE-2026-32099 Discourse prevents hidden profile data leak via user onebox

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, when a user has hideprofile enabled, their bio, location, and website were still exposed through the user onebox preview. An authenticated user could request a onebox for a hidden user's...

4.3CVSS0.0002EPSS

Exploits0References1

Github Security Blog•added 2026/02/24 4:3 p.m.•5 views

Isso affected by Stored XSS via comment website field

Impact This is a stored Cross-Site Scripting XSS vulnerability affecting the website and author comment fields. The website field was HTML-escaped using quote=False, which left single and double quotes unescaped. Since the frontend inserts the website value directly into a single-quoted href...

6.1CVSS5.8AI score0.00108EPSS

Exploits0References5Affected Software1

OSV•added 2026/02/24 4:3 p.m.•4 views

GHSA-9FWW-8CPR-Q66R Isso affected by Stored XSS via comment website field

6.1CVSS5.9AI score0.00108EPSS

Exploits0References5

RedhatCVE•added 2026/02/23 1:31 p.m.•3 views

CVE-2026-27469

Isso is a lightweight commenting server written in Python and JavaScript. In commits before 0afbfe0691ee237963e8fb0b2ee01c9e55ca2144, there is a stored Cross-Site Scripting XSS vulnerability affecting the website and author comment fields. The website field was HTML-escaped using quote=False, whi...

6.1CVSS5.5AI score0.00108EPSS

Exploits0References1

CVE•added 2026/02/21 7:24 a.m.•10 views

CVE-2026-27469

Isso is a lightweight Python/JavaScript commenting server affected by a stored XSS in commits prior to 0afbfe0691ee237963e8fb0b2ee01c9e55ca2144. The vulnerability affects the website field and author comments because quotes were not properly escaped; the frontend inserts the website value into a ...

6.1CVSS5.7AI score0.00108EPSS

Exploits0References3

OSV•added 2026/02/21 7:24 a.m.•4 views

CVE-2026-27469 Isso: Stored XSS via comment website field

6.1CVSS5.8AI score0.00108EPSS

Exploits0References5

ATTACKERKB•added 2026/02/21 7:24 a.m.•4 views

CVE-2026-27469

6.1CVSS5.7AI score0.00108EPSS

Exploits0References4

Cvelist•added 2026/02/21 7:24 a.m.•19 views

CVE-2026-27469 Isso: Stored XSS via comment website field

6.1CVSS0.00108EPSS

Exploits0References3

Vulnrichment•added 2026/02/21 7:24 a.m.•3 views

CVE-2026-27469 Isso: Stored XSS via comment website field

6.1CVSS5.5AI score0.00108EPSS

Exploits0References3

CNNVD•added 2026/02/21 12:0 a.m.•4 views

Isso 安全漏洞

Isso is a comment server open-source project developed by Isso Comments. Isso has a security vulnerability, which stems from insufficient cleaning and escaping of fields related to website and author comments. This vulnerability may lead to storage-side cross-site scripting attacks...

6.1CVSS5.6AI score0.00108EPSS

Exploits0References3

Positive Technologies•added 2026/02/21 12:0 a.m.•5 views

PT-2026-21366

Name of the Vulnerable Software and Affected Versions Isso versions prior to 0afbfe0691ee237963e8fb0b2ee01c9e55ca2144 Description Isso, a lightweight commenting server written in Python and JavaScript, contains a stored Cross-Site Scripting XSS issue. The website and author comment fields are...

6.1CVSS5.6AI score0.00108EPSS

Exploits0References12

NVD•added 2025/12/29 3:16 p.m.•2 views

CVE-2025-68928

Frappe CRM is an open-source customer relationship management tool. Prior to version 1.56.2, authenticated users could set crafted URLs in a website field, which were not sanitized, causing cross-site scripting. Version 1.56.2 fixes the issue. No known workarounds are available...

5.4CVSS0.00024EPSS

Exploits0References3

OSV•added 2025/12/29 3:6 p.m.•4 views

CVE-2025-68928 Frappe CRM vulnerable to authenticated XSS via website field

5.4CVSS6.2AI score0.00024EPSS

Exploits0References5

CVE•added 2025/12/29 3:6 p.m.•7 views

CVE-2025-68928

Frappe CRM suffers an authenticated XSS in the web-site field due to unsanitized crafted URLs prior to v1.56.2. Impact described as cross-site scripting; upgrade to v1.56.2 fixes the issue. No workarounds are documented. Exploitation status is not provided in the available sources.

5.4CVSS5.9AI score0.00024EPSS

Exploits0References3Affected Software1