58794 matches found
MailEnable SelectedIndex Parameter Cross-Site Scripting Vulnerability
MailEnable is a Windows-based business email server. A cross-site scripting vulnerability exists in the MailEnable SelectedIndex parameter. The vulnerability stems from improper cleanup of the SelectedIndex parameter of the ManageShares.aspx form in the Webmail interface, which can be exploited b...
CVE-2026-29934
A reflected cross-site scripting XSS vulnerability in the /admin/menus component of Lightcms v2.0 allows attackers to execute arbitrary Javascript in the context of the user's browser via modifying the referer value in the request header...
PT-2026-28508
Name of the Vulnerable Software and Affected Versions Kestra versions up to and including 1.3.3 Description Kestra is an open-source, event-driven orchestration platform. Versions up to and including 1.3.3 render user-supplied flow YAML metadata fields – description, inputs.displayName,...
PT-2026-28283
Name of the Vulnerable Software and Affected Versions GDTaller affected versions not specified Description Reflected Cross Site Scripting XSS issues exist in GDTaller. These issues allow an attacker to execute JavaScript code in a victim's browser by sending a malicious URL containing crafted...
Important: firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox: thunderbird: Use-after-free in the JavaScript Engine component CVE-2026-4701 firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 115.34, Firefox ESR...
Important: firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox: thunderbird: Use-after-free in the JavaScript Engine component CVE-2026-4701 firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 115.34, Firefox ESR...
kestra 跨站脚本漏洞
Kestra is an open-source workflow automation platform developed by Kestra. Versions of Kestra 1.3.3 and earlier contained a cross-site scripting vulnerability. This vulnerability stemmed from the lack of cleanup during the rendering of YAML metadata fields provided by users, which could lead to...
PT-2026-28195
The ShortPixel Image Optimizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the attachment post title in all versions up to, and including, 6.4.3. This is due to insufficient output escaping in the getEditorPopup function and its corresponding media-popup.php template...
MailEnable StartDate Parameter Cross-Site Scripting Vulnerability
MailEnable is a Windows-based business email server. A cross-site scripting vulnerability exists in the MailEnable StartDate parameter, which stems from improper cleanup of the StartDate parameter in the FreeBusy.aspx form in the Webmail interface, and can be exploited by an attacker to execute...
ALSA-2026:5932 Important: firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox: thunderbird: Use-after-free in the JavaScript Engine component CVE-2026-4701 firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 115.34, Firefox ESR...
FreeBSD : Mozilla -- Multiple vulnerabilities (32819a60-2943-11f1-8461-b42e991fc52e)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 32819a60-2943-11f1-8461-b42e991fc52e advisory. CVE-2026-4721: Memory safety bugs. Potential arbitrary code execution. CVE-2026-4709: Incorrec...
ALSA-2026:5931 Important: firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox: thunderbird: Use-after-free in the JavaScript Engine component CVE-2026-4701 firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 115.34, Firefox ESR...
RHEL 9 : firefox (RHSA-2026:5930)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:5930 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox:...
CVE-2026-29969
A cross-site scripting XSS vulnerability in the wffcolspref.css.aspx endpoint of staffwiki v7.0.1.19219 allows attackers to execute arbitrary Javascript in the context of the user's browser via a crafted HTTP request...
Authelia 跨站脚本漏洞
Authelia is a single-signpoint login multi-factor portal developed by Authelia OpenSource. Version 4.39.15 of Authelia contains a cross-site scripting vulnerability. This vulnerability arises from the lack of neutralization of the language cookie value during the rendering of HTML templates, whic...
ALSA-2026:5930 Important: firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox: thunderbird: Use-after-free in the JavaScript Engine component CVE-2026-4701 firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 115.34, Firefox ESR...
CVE-2026-33932
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, a stored cross-site scripting vulnerability in the CCDA document preview allows an attacker who can upload or send a CCDA document to execute arbitrary JavaScript in ...
CVE-2026-33932
OpenEMR prior to v8.0.0.3 has a stored XSS in the CCDA document preview. The XSL sanitization does not neutralize linkHtml attributes, allowing href="javascript:..." and event handlers to pass through, enabling arbitrary JavaScript in a clinician’s browser when previewing a CCDA document. Version...
CVE-2026-33932 OpenEMR has Stored XSS in CCDA Preview via Unsanitized linkHtml Attributes
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, a stored cross-site scripting vulnerability in the CCDA document preview allows an attacker who can upload or send a CCDA document to execute arbitrary JavaScript in ...
CVE-2026-33932 OpenEMR has Stored XSS in CCDA Preview via Unsanitized linkHtml Attributes
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, a stored cross-site scripting vulnerability in the CCDA document preview allows an attacker who can upload or send a CCDA document to execute arbitrary JavaScript in ...