Lucene search
K

174978 matches found

Nuclei
Nuclei
added 11 hours ago71 views

BIBLIOsoft BIBLIOpac 2008 - Cross-Site Scripting

BIBLIOsoft BIBLIOpac 2008 contains a cross-site scripting vulnerability via the db or action parameter to bin/wxis.exe/bibliopac/, which allows a remote attacker to inject arbitrary web script or HTML. id: CVE-2018-16139 info: name: BIBLIOsoft BIBLIOpac 2008 - Cross-Site Scripting author:...

6.1CVSS6.5AI score0.02285EPSS
Exploits1References4
Nuclei
Nuclei
added 11 hours ago31 views

JustRows WordPress - Cross-Site Scripting

JustRows free WordPress plugin v0.2 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to craft a...

7.1CVSS7AI score0.00556EPSS
Exploits1References1
Nuclei
Nuclei
added 11 hours ago41 views

Site Reviews < 7.2.5 - Unauthenticated Stored XSS

Site Reviews WordPress plugin before 7.2.5 contains a stored cross-site scripting caused by improper sanitization and escaping of review fields, letting unauthenticated users execute malicious scripts, exploit requires no authentication. id: CVE-2025-1232 info: name: Site Reviews 7.2.5 -...

8.8CVSS7AI score0.01856EPSS
Exploits1References3
Cvelist
Cvelist
added yesterday14 views

CVE-2026-57167 PeerTube: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

PeerTube is an ActivityPub-federated video streaming platform. Prior to 8.2.2, server-side-rendered video watch pages embed a schema.org JSON-LD block by JSON.stringify-ing video metadata without escaping less-than, greater-than, or slash characters, allowing a value containing the byte sequence...

5.1CVSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 3 days ago4 views

CVE-2026-55877

Symfony UX is a JavaScript ecosystem for Symfony. From 2.17.0 before 2.36.1 and from 3.0.0 before 3.2.0, the uxicon Twig function is marked issafe='html' and Icon::toHtml inlines SVG source verbatim, allowing unsanitized local SVG files or Iconify on-demand JSON body responses containing nested...

6.1CVSS5.6AI score0.00194EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 3 days ago36 views

CVE-2026-55877 Symfony UX: XSS in symfony/ux-icons via unsanitized SVG content in local files and Iconify on-demand responses

Symfony UX is a JavaScript ecosystem for Symfony. From 2.17.0 before 2.36.1 and from 3.0.0 before 3.2.0, the uxicon Twig function is marked issafe='html' and Icon::toHtml inlines SVG source verbatim, allowing unsanitized local SVG files or Iconify on-demand JSON body responses containing nested...

6.1CVSS0.00194EPSS
Exploits0References4
NVD
NVD
added 4 days ago13 views

CVE-2026-48949

Lack of validation leads to an XSS vulnerability in the MFA management views...

8.4CVSS0.00147EPSS
Exploits0References1
NVD
NVD
added 4 days ago7 views

CVE-2026-48950

Lack of escaping leads to an XSS vulnerability in the file management view of comtemplates...

8.4CVSS0.00147EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 4 days ago7 views

CVE-2026-48952 Joomla! Core - [20260706] - XSS in com_installer

Lack of escaping leads to an XSS vulnerability in the update list view of cominstaller...

8.4CVSS5.9AI score0.00147EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago34 views

CVE-2026-48950 Joomla! Core - [20260704] - XSS in com_templates

Lack of escaping leads to an XSS vulnerability in the file management view of comtemplates...

8.4CVSS0.00147EPSS
Exploits0References1
CVE
CVE
added 4 days ago10 views

CVE-2026-48950

CVE-2026-48950 affects Joomla! Core via the file management view in com_templates. The root cause is lack of escaping, enabling an XSS vulnerability. Multiple sources (NVD, CVE lists, and Joomla security advisory) confirm an XSS in the core component with the vulnerable entry labeled for core/com...

8.4CVSS5.9AI score0.00147EPSS
Exploits0References1Affected Software1
CVE
CVE
added 4 days ago13 views

CVE-2026-48953

CVE-2026-48953 affects Joomla! Core. The issue is an XSS in the generic image output layout caused by a lack of escaping in the rendering path. Affected software is Joomla! Core (security entry notes this under 2026-07-07). The root cause is input/output escaping not being applied when generating...

8.4CVSS5.9AI score0.00147EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 4 days ago8 views

CVE-2026-48953 Joomla! Core - [20260707] - XSS in the generic image output layout

Lack of escaping leads to an XSS vulnerability in the generic image output layout...

8.4CVSS5.9AI score0.00147EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago32 views

CVE-2026-48949 Joomla! Core - [20260703] - XSS in MFA method management

Lack of validation leads to an XSS vulnerability in the MFA management views...

8.4CVSS0.00147EPSS
Exploits0References1
NVD
NVD
added 4 days ago11 views

CVE-2026-7380

Improper neutralization of Script-Related HTML tags in a web page basic XSS vulnerability in Armiya Information Technologies Ltd. Co. Access Control System GKS allows XSS Targeting HTML Attributes. This issue affects Access Control System GKS: before Version 2...

6.1CVSS0.00149EPSS
Exploits0References1
OSV
OSV
added 5 days ago4 views

BIT-TOMCAT-2026-50229 Apache Tomcat: XSS in number guess example

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in the number guess example for Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0 through 11.0.22, from 10.1.0 through 10.1.55, from 9.0.0 through 9.0.118, from 8.5.0 through 8.5.100, from 7.0.0...

6.1CVSS5.9AI score0.00423EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/07/02 11:15 a.m.34 views

CVE-2026-57755 WordPress Mosaic Gallery &#8211; Advanced Gallery plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability

Contributor Cross Site Scripting XSS in Mosaic Gallery Advanced Gallery = 1.2.0 versions...

6.5CVSS0.00139EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/07/02 9:21 a.m.8 views

WordPress Surbma | Yoast SEO Breadcrumb Shortcode plugin <= 1.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by zaim in WordPress Plugin Surbma | Yoast SEO Breadcrumb Shortcode versions = 1.2...

6.5CVSS5.8AI score0.00139EPSS
Exploits0Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/02 5:35 a.m.7 views

CVE-2026-13704

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sequoiaintroductionimage' parameter in all versions up to, and including, 4.16.1 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS5.9AI score0.00235EPSS
Exploits0References10
Cvelist
Cvelist
added 2026/07/01 9:2 p.m.36 views

CVE-2026-54720 Silverstripe Framework: Possible XSS attack through media embed

Silverstripe Framework is a PHP framework which powers the Silverstripe CMS. In versions prior to 6.2.2, the "Insert media from web" functionality in the CMS is vulnerable to XSS from a specially crafted embed. This issue was fixed in version 6.2.2/...

5.4CVSS0.00263EPSS
Exploits0References2
Rows per page
Query Builder