14 matches found
CVE-2026-40927
Docmost is open-source collaborative wiki and documentation software. Prior to 0.80.0, when leaving a comment on a page, it is possible to include a JavaScript URI as the link. When a user clicks on the link the JavaScript executes. This vulnerability is fixed in 0.80.0...
CVE-2026-40927 Docmost: XSS in Comments with JavaScript URI
Docmost is open-source collaborative wiki and documentation software. Prior to 0.80.0, when leaving a comment on a page, it is possible to include a JavaScript URI as the link. When a user clicks on the link the JavaScript executes. This vulnerability is fixed in 0.80.0...
CVE-2026-40927
CVE-2026-40927 — Docmost XSS in Comments : Docmost (open-source wiki) is affected prior to version 0.80.0. When leaving a page comment, a link can contain a JavaScript URI, and clicking it executes JS. The issue is fixed in 0.80.0. Impact and exploit specifics are documented as a cross-site scrip...
EUVD-2026-24487
Docmost is open-source collaborative wiki and documentation software. Prior to 0.80.0, when leaving a comment on a page, it is possible to include a JavaScript URI as the link. When a user clicks on the link the JavaScript executes. This vulnerability is fixed in 0.80.0...
PT-2026-34179
Docmost is open-source collaborative wiki and documentation software. Prior to 0.80.0, when leaving a comment on a page, it is possible to include a JavaScript URI as the link. When a user clicks on the link the JavaScript executes. This vulnerability is fixed in 0.80.0...
Docmost 跨站脚本漏洞
Docmost is an open-source collaborative wiki and documentation software developed by Docmost. Versions of Docmost prior to 0.80.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from the possibility of including JavaScript URIs as links when posting comments on pages...
OpenTelemetry 安全漏洞
OpenTelemetry is a vendor-neutral, open source observability framework open-sourced by OpenTelemetry. A security vulnerability exists in OpenTelemetry versions 0.80.0 through prior to 0.107.0, which stems from the possibility that a malicious client with network access to a collector could perfor...
GHSA-9C6G-QPGJ-RVXW Streamlit publishes previously-patched Cross-site Scripting vulnerability
Synopsis: Streamlit open source publicizes a prior security fix implemented in 2021. The vulnerability affected Streamlit versions between 0.63.0 and 0.80.0 inclusive and was patched on April 21, 2021. If you are using Streamlit with version before 0.63.0 or after 0.80.0, no action is required. 1...
PYSEC-2023-50
Streamlit, software for turning data scripts into web applications, had a cross-site scripting XSS vulnerability in versions 0.63.0 through 0.80.0. Users of hosted Streamlit apps were vulnerable to a reflected XSS vulnerability. An attacker could craft a malicious URL with Javascript payloads to ...
CVE-2023-27494
CVE-2023-27494 describes a reflected XSS in Streamlit open-source library for hosted apps, affecting versions 0.63.0–0.80.0. The vulnerability allowed an attacker to craft a malicious URL containing JavaScript payloads, which the server could render unescaped, enabling XSS. The issue was addresse...
CVE-2023-27494 Streamlit Cross-site Scripting vulnerability
Streamlit, software for turning data scripts into web applications, had a cross-site scripting XSS vulnerability in versions 0.63.0 through 0.80.0. Users of hosted Streamlit apps were vulnerable to a reflected XSS vulnerability. An attacker could craft a malicious URL with Javascript payloads to ...
PT-2023-21169 · Streamlit · Streamlit
Name of the Vulnerable Software and Affected Versions: Streamlit versions 0.63.0 through 0.80.0 Description: The issue is a cross-site scripting XSS vulnerability that affects users of hosted Streamlit apps. An attacker could craft a malicious URL with Javascript payloads to a Streamlit app,...
Debian Security Advisory DSA 190-1 (wmaker)
The remote host is missing an update to wmaker announced via advisory DSA 190-1. OpenVAS Vulnerability Test $Id: deb1901.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 190-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...
DSA-190 wmaker - buffer overflow
Bulletin has no description...