Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2026-33170 Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, `SafeBuffer#%` does not propagate the `@h... | 6.1 | MEDIUM | β | 0 |
| CVE-2023-54363 Joomla Solidres 2.13.3 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating multiple GET parameters including show,... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-39315 Unhead is a document head and template manager. Prior to 2.1.13, useHeadSafe() is the composable that Nuxt's own documentation explicitly recommends for rendering user-supplied content in <head> safel... | 6.1 | MEDIUM | β | 0 |
| CVE-2017-20239 MDwiki contains a cross-site scripting vulnerability that allows remote attackers to execute arbitrary JavaScript by injecting malicious code through the location hash parameter. Attackers can craft U... | 6.1 | MEDIUM | β | 0 |
| CVE-2023-54364 Joomla HikaShop 4.7.4 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating GET parameters in the product filter end... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-32289 Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS t... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-21331 Adobe Connect versions 2025.3, 12.10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerab... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-39956 jq is a command-line JSON processor. In commits after 69785bf77f86e2ea1b4a20ca86775916889e91c9, the _strindices builtin in jq's src/builtin.c passes its arguments directly to jv_string_indexes() witho... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-22217 OpenClaw version 2026.2.22 prior to 2026.2.23 contain an arbitrary code execution vulnerability in shell-env that allows attackers to execute attacker-controlled binaries by exploiting trusted-prefix ... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-0540 DOMPurify 3.1.3 through 3.3.1 and 2.5.3 through 2.5.8, fixed in commit 2726c74, contain a cross-site scripting vulnerability that allows attackers to bypass attribute sanitization by exploiting five m... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-61643 Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/recentchanges/RecentChangeRCFeedNotifier.Php. This issue affects MediaWiki: from * before... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-61642 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files include... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-61641 Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/api/ApiQueryAllPages.Php. This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-3528 Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Calculation Fields allows Cross-Site Scripting (XSS).This issue affects Calculation Fields:... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-35667 OpenClaw before 2026.3.24 contains an incomplete fix for CVE-2026-27486 where the !stop chat command uses an unpatched killProcessTree function from shell-utils.ts that sends SIGKILL immediately witho... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-30571 A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0 in the view_category.php file via the "limit" parameter. The application fails to sanitize ... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-30570 A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0 in the view_sales.php file via the "limit" parameter. The application fails to sanitize the... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-30569 A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the view_stock_availability.php file via the "limit" param... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-3529 Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Google Analytics GA4 allows Cross-Site Scripting (XSS).This issue affects Google Analytics ... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-5896 Policy bypass in Audio in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass sandbox download restrictions via a crafted HT... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-70797 Cross Site Scripting vulnerability in Limesurvey v.6.15.20+251021 allows a remote attacker to execute arbitrary code via the Box[title] and box[url] parameters. | 6.1 | MEDIUM | β | 0 |
| CVE-2026-4887 A flaw was found in GIMP. This issue is a heap buffer over-read in GIMP PCX file loader due to an off-by-one error. A remote attacker could exploit this by convincing a user to open a specially crafte... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-5899 Insufficient policy enforcement in History Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scrip... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-34852 Stack overflow vulnerability in the media platform. Impact: Successful exploitation of this vulnerability may affect availability. | 6.1 | MEDIUM | β | 0 |
| CVE-2025-41027 Reflected Cross Site Scripting (XSS) vulnerabilities in GDTaller. These vulnerabilities allows an attacker execute JavaScript code in the victim's browser by sending a malicious URL in 'site' paramet... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-30557 A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the add_category.php file via the "msg" parameter. The app... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-63238 A Reflected Cross-Site Scripting (XSS) affects LimeSurvey versions prior to 6.15.11+250909, due to the lack of validation of gid parameter in getInstance() function in application/models/QuestionCreat... | 6.1 | MEDIUM | β | 0 |
| CVE-2023-54358 WordPress adivaha Travel Plugin 2.3 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the isMobile parameter. At... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-3217 Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal SAML SSO - Service Provider allows Cross-Site Scripting (XSS).This issue affects SAML SSO -... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-30567 A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0 in the view_product.php file via the "limit" parameter. The application fails to sanitize t... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-20059 A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a reflected XSS attack against a user of the interface. Th... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-27740 Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 have a cross-site scripting vulnerability that arises because the system trusts the raw out... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-39840 Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Wikimedia Foundation Mediawiki - Cargo Extension allows XSS Targeting Non-Script Elements.This iss... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-30560 A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the add_supplier.php file via the "msg" parameter. The app... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-35608 QuickDrop is an easy-to-use file sharing application. Prior to 1.5.3, a stored XSS vulnerability exists in the file preview endpoint. The application allows SVG files to be uploaded via the /api/file/... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-65132 alandsilva26 hotel-management-php 1.0 is vulnerable to Cross Site Scripting (XSS) in /public/admin/edit_room.php which allows an attacker to inject and execute arbitrary JavaScript via the room_id GET... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-20104 A vulnerability in the bootloader of Cisco IOS XE Software for Cisco Catalyst 9200 Series Switches, Cisco Catalyst ESS9300 Embedded Series Switches, Cisco Catalyst IE9310 and IE9320 Rugged Series Swit... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-40302 zrok is software for sharing web services, files, and network resources. Prior to version 2.0.1, the proxyUi template engine uses Go's text/template (which performs no HTML escaping) instead of html/t... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-27646 OpenClaw versions prior to 2026.3.7 contain a sandbox escape vulnerability in the /acp spawn command that allows authorized sandboxed sessions to initialize host-side ACP runtime. Attackers can bypass... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-30566 A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the view_customers.php file via the "limit" parameter. The... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-21904 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the list filter fiel... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-33933 OpenEMR is a free and open source electronic health records and medical practice management application. Starting in version 7.0.2.1 and prior to version 8.0.0.3, a reflected cross-site scripting (XSS... | 6.1 | MEDIUM | β | 0 |
| CVE-2023-54360 Joomla JLex Review 6.0.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the review_id URL parameter. Attackers can craft mali... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-40842 Ericsson Indoor Connect 8855 versions prior to 2025.Q3Β contains a Cross-Site Scripting (XSS) vulnerability which, if exploited, can lead to unauthorized disclosure and modification of certain informat... | 6.1 | MEDIUM | β | 0 |
| CVE-2023-54361 Joomla iProperty Real Estate 4.1.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the filter_keyword parameter. Attackers can... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-33758 OpenBao is an open source identity-based secrets management system. Prior to version 2.5.2, OpenBao installations that have an OIDC/JWT authentication method enabled and a role with `callback_mode=dir... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-30558 A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the add_customer.php file via the "msg" parameter. The app... | 6.1 | MEDIUM | β | 0 |
| CVE-2016-20027 ZKTeco ZKBioSecurity 3.0 contains multiple reflected cross-site scripting vulnerabilities that allow attackers to execute arbitrary HTML and script code by injecting malicious payloads through unsanit... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-40255 AdonisJS HTTP Server is a package for handling HTTP requests in the AdonisJS framework. In @adonisjs/http-server versions prior to 7.8.1 and 8.0.0-next.0 through 8.1.3, and @adonisjs/core versions pri... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-52204 A Cross-Site Scripting (XSS) vulnerability exists in Znuny::ITSM 6.5.x in the customer.pl endpoint via the OTRSCustomerInterface parameter | 6.1 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.