Tag
Grafana Multiple Vulnerabilities Leading to XSS and Information Disclosure
2 rules 1 TTPMultiple vulnerabilities in Grafana allow a remote, anonymous attacker to conduct a Cross-Site Scripting attack or disclose information.
Tegsoft Online Support Application Reflected XSS Vulnerability (CVE-2025-14320)
2 rules 1 TTP 1 CVECVE-2025-14320 is a reflected cross-site scripting (XSS) vulnerability in Tegsoft Online Support Application versions V3 through 31122025, allowing attackers to inject arbitrary web scripts into user browsers.
NEX-Forms WordPress Plugin Vulnerable to Stored Cross-Site Scripting (CVE-2026-5063)
2 rules 1 TTP 1 CVEThe NEX-Forms WordPress plugin is vulnerable to stored XSS via POST parameter key names, allowing unauthenticated attackers to inject arbitrary web scripts.
Gravity Forms Plugin Stored XSS Vulnerability (CVE-2026-5113)
2 rules 2 TTPs 1 CVEThe Gravity Forms plugin for WordPress is vulnerable to stored cross-site scripting (XSS) via Consent field hidden inputs, allowing unauthenticated attackers to inject arbitrary web scripts that execute when an administrator views the entries list page.
Jupyter Notebook Authentication Token Theft via CommandLinker XSS
2 rulesA stored Cross-Site Scripting (XSS) vulnerability in Jupyter Notebook versions 7.0.0 through 7.5.5 and JupyterLab versions up to 4.5.6 allows attackers to steal authentication tokens by tricking users into interacting with malicious notebook files, leading to complete account takeover via the Jupyter REST API.
Netgate pfSense XSS Vulnerability
2 rulesA cross-site scripting (XSS) vulnerability affects Netgate pfSense CE (<= 2.8.1) and pfSense Plus (<= 26.03), potentially allowing attackers to inject malicious code.
n8n MCP OAuth Client XSS Vulnerability
2 rules 1 TTPn8n is vulnerable to cross-site scripting (XSS) via a malicious MCP OAuth client, allowing an unauthenticated attacker to inject arbitrary JavaScript into an authenticated user's session.
Multiple Vulnerabilities in Atlassian Products
2 rules 4 TTPs 1 CVEMultiple vulnerabilities in Atlassian Bamboo, Bitbucket, Confluence, and Jira allow attackers to execute arbitrary code, bypass security measures, manipulate data, disclose information, or perform cross-site scripting attacks.
Apache ActiveMQ Vulnerabilities Allow RCE and XSS
2 rules 1 TTP 5 CVEsAn authenticated remote attacker can exploit multiple vulnerabilities in Apache ActiveMQ to execute arbitrary program code or perform cross-site scripting attacks.
Cisco Integrated Management Controller (IMC) Multiple XSS Vulnerabilities
2 rules 1 TTP 5 CVEsMultiple cross-site scripting (XSS) vulnerabilities in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow a remote attacker to conduct an XSS attack against a user of the interface.
Multiple Vulnerabilities in n8n Workflow Automation Tool
3 rules 5 TTPs 1 CVEMultiple vulnerabilities in n8n can be exploited by an attacker to execute arbitrary code, bypass security measures, disclose sensitive information, conduct SQL injection attacks, cause denial-of-service, perform cross-site scripting, redirect users, or hijack sessions.
Multiple Vulnerabilities in Fortinet FortiSandbox
3 rules 3 TTPsMultiple vulnerabilities in Fortinet FortiSandbox allow attackers to perform cross-site scripting attacks, disclose information, bypass security measures, and execute arbitrary code, potentially leading to system compromise.
Multiple Vulnerabilities in Roundcube
2 rules 3 TTPsMultiple vulnerabilities in Roundcube allow an attacker to manipulate files, bypass security measures, perform cross-site scripting attacks, and disclose information.
Langflow Multiple Vulnerabilities
2 rules 2 TTPsMultiple vulnerabilities in Langflow allow an attacker to manipulate files, disclose sensitive information, or conduct cross-site scripting attacks.
Multiple Vulnerabilities in Gitea
1 rule 1 TTPMultiple vulnerabilities in Gitea could allow an attacker to disclose information, bypass security measures, and perform cross-site scripting attacks.
DNN (DotNetNuke) SVG Upload Vulnerability (CVE-2026-40321)
2 rules 3 TTPs 1 CVEDNN (formerly DotNetNuke) before 10.2.2 is vulnerable to stored cross-site scripting (XSS) via malicious SVG file uploads, potentially leading to account takeover and arbitrary code execution.
WeGIA Stored Cross-Site Scripting Vulnerability (CVE-2026-40286)
2 rules 1 TTP 1 CVEA stored Cross-Site Scripting (XSS) vulnerability exists in WeGIA versions prior to 3.6.10, allowing attackers to inject malicious scripts into the 'Member Name' field during member registration, leading to persistent execution upon user access.
Multiple Vulnerabilities in Cisco Unity Connection
2 rules 1 TTPMultiple vulnerabilities in Cisco Unity Connection can be exploited by an attacker to conduct cross-site scripting attacks, redirect users to malicious websites, manipulate data, and disclose confidential information.
Autodesk Fusion Stored XSS Vulnerability (CVE-2026-4344)
2 rules 3 TTPs 1 CVE 3 IOCsCVE-2026-4344 is a stored cross-site scripting (XSS) vulnerability in the Autodesk Fusion desktop application where a malicious HTML payload in a component name, when displayed during the delete confirmation dialog and clicked by a user, can lead to arbitrary code execution.
Multiple Vulnerabilities in Red Hat Ansible Automation Platform
2 rules 6 TTPsA remote, anonymous attacker can exploit multiple vulnerabilities in Red Hat Ansible Automation Platform to perform denial of service, execute arbitrary code, bypass security measures, manipulate data, disclose information, or conduct XSS attacks.
Keycloak Cross-Site Scripting Vulnerability
2 rules 1 TTPAn authenticated remote attacker can exploit a vulnerability in Keycloak to perform a Cross-Site Scripting attack, potentially leading to unauthorized access and data compromise.
Adobe Connect XSS Vulnerability Leading to Privilege Escalation
2 rules 1 TTP 1 CVEAdobe Connect versions 2025.3, 12.10, and earlier are susceptible to a Cross-Site Scripting (XSS) vulnerability (CVE-2026-34617) that can lead to privilege escalation if a user interacts with a malicious URL or compromised web page.
Adobe Connect Reflected XSS Vulnerability (CVE-2026-27245)
2 rules 1 TTP 1 CVE 3 IOCsAdobe Connect versions 2025.3, 12.10, and earlier are vulnerable to a reflected Cross-Site Scripting (XSS) attack, enabling attackers to execute malicious JavaScript in a victim's browser by enticing them to visit a crafted URL.
DotNetNuke.Core Stored XSS via SVG Upload
2 rules 2 TTPsDotNetNuke.Core is vulnerable to stored cross-site scripting (XSS) where a user can upload a specially crafted SVG file containing malicious scripts, potentially targeting both authenticated and unauthenticated DNN users, with successful exploitation requiring user interaction and leading to high impact on confidentiality, integrity, and availability.
Zootemplate Cerato Theme Reflected XSS Vulnerability (CVE-2025-58920)
2 rules 1 TTP 1 CVE 1 IOCA reflected cross-site scripting (XSS) vulnerability exists in the Zootemplate Cerato WordPress theme (versions n/a through 2.2.18) due to improper neutralization of user-supplied input, potentially allowing attackers to execute arbitrary JavaScript in a user's browser.
Multiple Vulnerabilities in Zammad
2 rules 3 TTPsMultiple vulnerabilities in Zammad allow a remote attacker to execute arbitrary code, bypass security measures, disclose sensitive information, and perform cross-site scripting attacks.
Immich Stored XSS Vulnerability in 360° Panorama Viewer (CVE-2026-35455)
2 rules 2 TTPs 1 CVEA stored cross-site scripting (XSS) vulnerability in Immich versions before 2.7.0 allows authenticated users to inject arbitrary JavaScript via crafted equirectangular images, leading to session hijacking, data exfiltration, and unauthorized access.
CoolerControl-UI Stored XSS Vulnerability (CVE-2026-5301)
2 rules 2 TTPs 1 CVEUnauthenticated attackers can perform a stored XSS attack against CoolerControl/coolercontrol-ui versions less than 4.0.0 by injecting malicious JavaScript into log entries, leading to potential service takeover.
ChurchCRM Stored XSS Vulnerability in Person Property Management
2 rules 1 TTP 2 CVEsA stored cross-site scripting (XSS) vulnerability in ChurchCRM versions prior to 7.0.0 allows authenticated users to inject arbitrary JavaScript code via dynamically assigned person properties, leading to potential session hijacking or account compromise when other users view the affected profile.
GLPI Cross-Site Scripting Vulnerability (CVE-2026-25932)
2 rules 1 TTP 1 CVECVE-2026-25932 is a cross-site scripting vulnerability in GLPI versions 0.60 to before 10.0.24, where an authenticated technician user can store a malicious XSS payload within supplier fields, potentially leading to arbitrary code execution in the context of other users' browsers.
WordPress Widgets for Social Photo Feed Plugin Stored XSS Vulnerability
2 rules 1 TTP 1 CVEThe Widgets for Social Photo Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting (XSS) via the 'feed_data' parameter, allowing unauthenticated attackers to inject arbitrary web scripts in pages that will execute when a user accesses the injected page.
Electron VideoFrame Context Isolation Bypass Vulnerability (CVE-2026-34780)
2 rules 2 TTPs 1 CVEA context isolation bypass vulnerability exists in Electron applications that bridge VideoFrame objects via contextBridge, potentially allowing an attacker with JavaScript execution in the main world to access the isolated world and Node.js APIs.
Budibase Stored Cross-Site Scripting Vulnerability (CVE-2026-35218)
2 rules 1 TTP 1 CVEA stored cross-site scripting (XSS) vulnerability in Budibase versions prior to 3.32.5 allows authenticated users with Builder access to inject malicious HTML payloads into entity names, leading to potential session cookie theft and account takeover when other Builder users open the Command Palette.
ManageEngine Exchange Reporter Plus Stored XSS Vulnerability
2 rules 2 TTPs 1 CVEZohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in the Distribution Lists report, allowing attackers to inject malicious scripts.
CI4MS Stored XSS Vulnerability in User Management
2 rules 2 TTPs 1 CVEA stored cross-site scripting (XSS) vulnerability in CI4MS versions prior to 0.31.0.0 allows attackers to inject persistent JavaScript code into the backend user management functionality, leading to session hijacking, privilege escalation, and full administrative account compromise.
File Browser EPUB Preview Stored XSS Vulnerability (CVE-2026-34529)
2 rulesFile Browser versions prior to 2.62.2 are vulnerable to stored cross-site scripting (XSS) via the EPUB preview function, allowing attackers to execute arbitrary JavaScript in a user's browser by embedding malicious code in a crafted EPUB file.
Payload CMS Stored XSS Vulnerability (CVE-2026-34748)
2 rules 1 TTP 1 CVEA stored Cross-Site Scripting (XSS) vulnerability exists in Payload CMS versions prior to 3.78.0, allowing authenticated users with write access to inject malicious scripts that execute in the browsers of other users.
SonicWall Email Security Appliance Multiple Vulnerabilities
2 rules 2 TTPsA remote, authenticated attacker with administrator rights can exploit multiple vulnerabilities in SonicWall Email Security Appliance to perform cross-site scripting, manipulate data, or cause a denial-of-service.
IBM App Connect Enterprise Multiple Vulnerabilities
2 rules 2 TTPsA remote, anonymous attacker can exploit multiple vulnerabilities in IBM App Connect Enterprise to cause a denial-of-service condition or bypass security measures, enabling cross-site scripting attacks.
SiYuan Note Reflected XSS Vulnerability in SVG Processing
2 rules 1 TTPSiYuan Note versions prior to the fix for commit f09953afc57a are vulnerable to reflected cross-site scripting (XSS) via a namespace prefix bypass in the SanitizeSVG function when handling dynamic icons, allowing unauthenticated attackers to execute arbitrary JavaScript in a victim's browser.
File Browser Stored XSS via Crafted EPUB File
2 rules 5 TTPs 1 CVE 2 IOCsFile Browser version 2.62.1 and earlier is vulnerable to stored cross-site scripting (XSS) via crafted EPUB files, allowing attackers to execute arbitrary JavaScript in a victim's browser by exploiting the application's misconfigured iframe sandbox and stealing sensitive information like JWT tokens.
Query Monitor WordPress Plugin Vulnerable to Reflected XSS (CVE-2026-4267)
2 rules 1 TTP 1 CVEThe Query Monitor WordPress plugin is vulnerable to reflected cross-site scripting (XSS) due to insufficient input sanitization and output escaping of the '$_SERVER['REQUEST_URI']' parameter, allowing unauthenticated attackers to inject arbitrary web scripts.
DELMIA Factory Resource Manager Stored XSS Vulnerability (CVE-2025-10553)
2 rules 1 TTP 1 CVEA stored cross-site scripting (XSS) vulnerability in DELMIA Factory Resource Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x (CVE-2025-10553) allows attackers to execute arbitrary script code within a user's browser session.
ENOVIA Collaborative Industry Innovator Stored XSS Vulnerability (CVE-2025-10551)
2 rules 1 TTP 1 CVE 1 IOCA stored cross-site scripting (XSS) vulnerability in ENOVIA Collaborative Industry Innovator allows an attacker to execute arbitrary script code in a user's browser session by injecting malicious code into document management functions.
baserCMS DOM-Based Cross-Site Scripting Vulnerability (CVE-2026-32734)
2 rules 1 TTP 1 CVEbaserCMS versions prior to 5.2.3 are vulnerable to DOM-based Cross-Site Scripting (XSS) due to improper neutralization of input during web page generation, potentially allowing a remote attacker to execute arbitrary JavaScript in a user's browser.
OpenBao Multiple Vulnerabilities Allow Security Bypass and XSS
2 rules 4 TTPsAn anonymous, remote attacker can exploit multiple vulnerabilities in OpenBao to bypass security measures or conduct cross-site scripting attacks.
Kestra Orchestration Platform XSS Vulnerability (CVE-2026-33664)
2 rules 1 TTPKestra versions up to 1.3.3 are vulnerable to a cross-site scripting (XSS) vulnerability (CVE-2026-33664) allowing arbitrary JavaScript execution by viewing crafted flow metadata.
Ory Polis DOM-based XSS Vulnerability (CVE-2026-33506)
2 rules 1 TTPOry Polis versions prior to 26.2.0 are vulnerable to DOM-based XSS due to improper handling of the `callbackUrl` parameter, allowing attackers to execute arbitrary JavaScript in a user's browser.
Fluent Booking WordPress Plugin Stored XSS Vulnerability
2 rules 1 TTPThe Fluent Booking plugin for WordPress is vulnerable to stored cross-site scripting (XSS) allowing unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses the injected page, affecting versions up to and including 2.0.01.
Blackhole for Bad Bots WordPress Plugin Stored XSS Vulnerability
2 rules 1 TTPThe Blackhole for Bad Bots WordPress plugin through version 3.8 is vulnerable to stored cross-site scripting (XSS) via the User-Agent HTTP header, allowing unauthenticated attackers to inject arbitrary web scripts that execute when an administrator views the plugin's admin page.
Multiple Vulnerabilities in cPanel/WHM
2 rules 2 TTPsAn anonymous remote attacker can exploit multiple vulnerabilities in cPanel/WHM to bypass security measures, perform XSS and SSRF attacks, disclose information, and potentially execute code.
Znuny Cross-Site Scripting Vulnerability
2 rules 1 TTPAn anonymous remote attacker can exploit a vulnerability in Znuny to perform a cross-site scripting attack, potentially leading to information disclosure or session hijacking.
Connect-CMS Cabinet Plugin DOM-based XSS Vulnerability
2 rules 1 TTPA DOM-based Cross-Site Scripting (XSS) vulnerability exists in the Cabinet Plugin list view of Connect-CMS, affecting versions 1.35.0 to 1.41.0 and 2.35.0 to 2.41.0, which can lead to arbitrary script execution in the victim's browser.
Operation GhostMail: Russian APT Exploiting Zimbra XSS to Target Ukraine Government
2 rules 1 TTPA Russian APT group is exploiting a Zimbra XSS vulnerability (details unspecified) to target the Ukrainian government in an operation dubbed 'GhostMail'.
Critical XSS Vulnerabilities in AFFiNE
2 rules 1 TTP 2 IOCsTwo critical XSS vulnerabilities, Reflected XSS in the /image-proxy endpoint and Stored XSS in bookmark cards, were discovered in AFFiNE, a self-hosted alternative to Notion, with the vendor being unresponsive.
Angular Cross-Site Scripting (XSS) Vulnerability
2 rules 5 TTPsA cross-site scripting (XSS) vulnerability exists in Angular versions prior to 22.0.0-next.3, 21.2.4, 20.3.18, and 19.2.20, allowing attackers to execute arbitrary code within the context of the vulnerable application, potentially leading to session hijacking, data exfiltration, and unauthorized actions.
Roundcube Vulnerabilities Leading to Cross-Site Scripting and Information Disclosure
2 rules 1 TTP 3 CVEsMultiple vulnerabilities in Roundcube allow an attacker to perform a cross-site scripting attack and disclose confidential information.
Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting Vulnerability
2 rules 1 TTP 1 CVEA cross-site scripting (XSS) vulnerability in Synacor Zimbra Collaboration Suite (ZCS) could allow attackers to execute arbitrary JavaScript within a user's session, potentially leading to unauthorized access to sensitive information.
Icinga Web Reflected XSS Vulnerability via Malformed Search Requests
2 rules 1 TTPA reflected cross-site scripting (XSS) vulnerability exists in Icinga Web versions 0.13.0 and earlier, allowing attackers to inject malicious JavaScript into a victim's browser through malformed search requests, potentially leading to arbitrary code execution within the Icinga Web context.
Xerte Online Toolkits Path Traversal Vulnerability
2 rules 2 TTPs 1 CVEXerte Online Toolkits 3.15 and earlier are vulnerable to relative path traversal, allowing attackers to move files and potentially achieve remote code execution.
Gravity Forms Plugin Unauthenticated Stored XSS Vulnerability
2 rules 1 TTP 1 CVEThe Gravity Forms plugin for WordPress is vulnerable to unauthenticated stored cross-site scripting (XSS) in versions up to 2.10.0, allowing attackers to inject arbitrary JavaScript code into the product name field within repeater fields, which executes when an administrator views the affected entry.
Gravity Forms Plugin Unauthenticated Stored XSS Vulnerability
2 rules 1 CVEThe Gravity Forms plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting (XSS) in versions up to and including 2.10.0, allowing unauthenticated attackers to inject arbitrary web scripts via form submissions that execute when an administrator views the entry detail page.
MyBB Recent Threads 17.0 Persistent Cross-Site Scripting Vulnerability (CVE-2018-25309)
2 rules 1 TTP 1 CVEMyBB Recent threads 17.0 contains a persistent cross-site scripting vulnerability (CVE-2018-25309) that allows attackers to inject malicious scripts by creating threads with crafted subject lines, leading to arbitrary JavaScript execution in the browsers of users viewing the index page.
locize Client SDK Cross-Origin DOM XSS and Handler Hijack Vulnerability
2 rules 1 TTPThe locize client SDK versions prior to 4.0.21 are vulnerable to cross-origin DOM XSS and handler hijack due to missing origin validation in the InContext Editor, allowing attackers to inject malicious code and exfiltrate data via crafted postMessage events.
Budibase XSS Leads to Account Takeover via JWT Theft
2 rules 1 TTPThe `budibase:auth` cookie in Budibase is set without the `httpOnly` flag, enabling attackers with XSS to steal JWTs and gain persistent access to user accounts.
Brizy WordPress Plugin Unauthenticated Stored XSS Vulnerability
2 rules 1 TTP 1 CVEThe Brizy – Page Builder plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting (XSS) in versions up to and including 2.8.11, allowing unauthenticated attackers to inject arbitrary web scripts that execute when an administrator views the form Leads page due to missing nonce verification and improper handling of file upload fields.