Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
QMarkdown (aka quasar-ui-qmarkdown) before 2.0.5 allows XSS via headers even when when no-html is set.
Versions of the package markdown-to-jsx before 7.4.0 are vulnerable to Cross-site Scripting (XSS) via the src property due to improper input sanitization. An attacker can execute arbitrary code by inj
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in philspectrum Icon Widget icon-widget-with-links allows DOM-Based XSS.This issue affects Icon Widge
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeum Qubely qubely allows Stored XSS.This issue affects Qubely: from n/a through <= 1.8.12.
dashboards-reporting (aka Dashboards Reports) before 2.19.0.0, as shipped in OpenSearch before 2.19, allows XSS because Markdown is not sanitized when previewing a header or footer.
The QS Dark Mode Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.9 due to insufficient input sanitization and outp
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QantumThemes KenthaRadio qt-kentharadio allows Reflected XSS.This issue affects KenthaRadio: from
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeum Qubely qubely allows Stored XSS.This issue affects Qubely: from n/a through <= 1.8.14.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetTabs jet-tabs allows DOM-Based XSS.This issue affects JetTabs: from n/a through <= 2
A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrato
Typora before 1.9.3 Markdown editor has a cross-site scripting (XSS) vulnerability via the MathJax component.
The built-in XY Chart plugin is vulnerable to a DOM XSS vulnerability. A user with Editor permissions is able to modify such a panel in order to make it execute arbitrary JavaScript.
Many Notes 0.10.1 is vulnerable to Cross Site Scripting (XSS), which allows malicious Markdown files to execute JavaScript when viewed.
A vulnerability has been found in MarkText up to 0.17.1 and classified as problematic. Affected by this vulnerability is the function getRecommendTitleFromMarkdownString of the file marktext/src/main/
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kundan Yevale Smooth Dynamic Slider smooth-dynamic-slider allows Reflected XSS.This issue affects
A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access
Page 1+ Next →