XSS on dynamic_text module in GitHub repository microweber/microweber prior to 1.2.11. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Alist v2.1.0 and below was discovered to contain a cross-site scripting (XSS) vulnerability via /i/:data/ipa.plist. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Cross-site Scripting (XSS) - Stored in GitHub repository star7th/showdoc prior to 2.10.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
File upload filter bypass leading to stored XSS in GitHub repository microweber/microweber prior to 1.2.12. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
File upload filter bypass leading to stored XSS in GitHub repository microweber/microweber prior to 1.2.12. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
An issue was discovered in the Linux kernel before 5.16.12. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
An issue in index.php of OneNav v0.9.14 allows attackers to perform directory traversal. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.