Page 6 of 8526 results (0.017 seconds)

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0

21 May 2025 — The MapSVG plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 8.6.4 due to insufficient input sanitization and output escaping. • source=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0

21 May 2025 — Cross Site Scripting vulnerability in Jeppesen JetPlanner Pro v.1.6.2.20 allows a remote attacker to execute arbitrary code. • https://medium.com/@a77777mad/xss-vulnerability-discovered-in-jetplanner-pro-a-popular-flight-planning-solution-2dd48a7f6e72 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0

19 May 2025 — A cross-site scripting (XSS) vulnerability in the component mcgs/admin/aboutus.php of PHPGURUKUL Medical Card Generation System using PHP and MySQL v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the pagetitle parameter. • https://github.com/0xBhushan/Writeups/blob/main/CVE/phpGurukul/Medical%20Card%20Generation%20System/Stored%20XSS-About%20Us.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0

19 May 2025 — Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled SimpleLightbox JavaScript library (version 2.1.5) in various versions due to insufficient input sanitization and output escaping on user supplied attributes. ... Múltiples complementos para WordPress son vulnerables a Cross-Site Scripting almacenado a través de la librería JavaScript SimpleLightbox (versión 2.1.5) incluida en el complemento en varias versiones, debido a una depuración de entra... • source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

16 May 2025 — IBM Content Navigator 3.0.11, 3.0.15, and 3.1.0 is vulnerable to HTML injection. • https://www.ibm.com/support/pages/node/7233695 • CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1

15 May 2025 — The AVIF Uploader WordPress plugin before 1.1.1 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. • https://wpscan.com/vulnerability/a7de0cf6-3064-4595-9037-f8407fe40724 •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

14 May 2025 — Prior to versions 3.1.3 and 3.2.1, by filling malicious code in a CSV content, a cross-site scripting attack can be performed when importing this content. • https://github.com/Combodo/iTop/security/advisories/GHSA-6p48-74j9-977j • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.4EPSS: 0%CPEs: -EXPL: 0

14 May 2025 — Improper Input validation leads to XSS or Cross-site Scripting vulnerability in OpenText Advance Authentication. ... Improper Input validation leads to XSS or Cross-site Scripting vulnerability in OpenText Advanced Authentication. ... Improper Input validation leads to XSS or Cross-site Scripting vulnerability in OpenText Advance Authentication. • https://www.netiq.com/documentation/advanced-authentication-65/advanced-authentication-releasenotes-6.5/data/advanced-authentication-releasenotes-6.5.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

14 May 2025 — Prior to version 2.1.0 user with rights to modificate the service (e.g. kuiperUser role) can inject a cross-site scripting payload into Connection Configuration key `Name` (`confKey`) parameter. ... Antes de la versión 2.1.0, los usuarios con permisos para modificar el servicio (por ejemplo, el rol kuiperUser) podían inyectar un payload de cross-site scripting en el parámetro `Name` (`confKey`) de la clave de configuración de conexión. • https://github.com/lf-edge/ekuiper/security/advisories/GHSA-9cwv-pxcr-hfjc • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.5EPSS: 0%CPEs: -EXPL: 0

14 May 2025 — Netgate pfSense CE (prior to 2.8.0 beta release) and corresponding Plus builds is vulnerable to Cross Site Scripting (XSS) in widgets/log.widget.php. • https://blog.brillantit.com/exploiting-pfsense-xss-command-injection-cloud-hijack • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •