CVE-2026-22256

Salvo is a Rust web backend framework. Prior to version 0.88.1, the function listhtml generate an file view of a folder which include a render of the current path, in which its inserted in the HTML without proper sanitation, this leads to reflected XSS using the fact that request path is decoded...

CVE-2026-22256

Salvo is a Rust web backend framework. Prior to version 0.88.1, the function listhtml generate an file view of a folder which include a render of the current path, in which its inserted in the HTML without proper sanitation, this leads to reflected XSS using the fact that request path is decoded...

CVE-2026-22257 Salvo is vulnerable to stored XSS in the list_html function by uploading files with malicious names

Salvo is a Rust web backend framework. Prior to version 0.88.1, the function listhtml generates a file view of a folder without sanitizing the files or folders names, this may potentially lead to XSS in cases where a website allow the access to public files using this feature and anyone can uploa...

CVE-2026-22257 Salvo is vulnerable to stored XSS in the list_html function by uploading files with malicious names

Salvo is a Rust web backend framework. Prior to version 0.88.1, the function listhtml generates a file view of a folder without sanitizing the files or folders names, this may potentially lead to XSS in cases where a website allow the access to public files using this feature and anyone can uploa...

CVE-2026-22257 Salvo is vulnerable to stored XSS in the list_html function by uploading files with malicious names

Salvo is a Rust web backend framework. Prior to version 0.88.1, the function listhtml generates a file view of a folder without sanitizing the files or folders names, this may potentially lead to XSS in cases where a website allow the access to public files using this feature and anyone can uploa...

CVE-2026-22257

CVE-2026-22257 (Salvo) : The Rust web framework Salvo is vulnerable prior to 0.88.1 due to the list_html function in the serve-static directory not sanitizing file/folder names when generating a folder view. This can enable stored cross-site scripting (XSS) when a site serves public files and use...

CVE-2026-22256 Salvo is vulnerable to reflected XSS in the list_html function

Salvo is a Rust web backend framework. Prior to version 0.88.1, the function listhtml generate an file view of a folder which include a render of the current path, in which its inserted in the HTML without proper sanitation, this leads to reflected XSS using the fact that request path is decoded...

CVE-2026-22256 Salvo is vulnerable to reflected XSS in the list_html function

Salvo is a Rust web backend framework. Prior to version 0.88.1, the function listhtml generate an file view of a folder which include a render of the current path, in which its inserted in the HTML without proper sanitation, this leads to reflected XSS using the fact that request path is decoded...

CVE-2026-22256

CVE-2026-22256 (Salvo) : A reflected XSS vulnerability exists in Salvo before version 0.88.1, arising from the list_html function in the directory listing view. The code inserts the rendered current.path into an HTML title (and page content) without proper sanitization, while the request path is ...

CVE-2026-22256 Salvo is vulnerable to reflected XSS in the list_html function

Salvo is a Rust web backend framework. Prior to version 0.88.1, the function listhtml generate an file view of a folder which include a render of the current path, in which its inserted in the HTML without proper sanitation, this leads to reflected XSS using the fact that request path is decoded...

salvo 跨站脚本漏洞

salvo is a web framework for Salvo open source . A cross-site scripting vulnerability exists in versions prior to salvo 0.88.1 , the vulnerability stems from the listhtml function does not properly clean up the path , which could lead to reflective cross-site scripting attacks...

PT-2026-2187

Name of the Vulnerable Software and Affected Versions Salvo versions prior to 0.88.1 Description Salvo is a Rust web backend framework. The list html function generates a file view of a folder without sanitizing file or folder names. This can lead to Cross-Site Scripting XSS if a website allows...

salvo 跨站脚本漏洞

salvo is a web framework from Salvo open source. A cross-site scripting vulnerability exists in versions prior to salvo 0.88.1 , which stems from the listhtml function does not clean up the names of files and folders , which could lead to cross-site scripting attacks...

PT-2026-2186

Name of the Vulnerable Software and Affected Versions Salvo versions prior to 0.88.1 Description Salvo is a Rust web backend framework. Prior to version 0.88.1, the list html function generates a file view of a folder, including a render of the current path. This path is inserted into the HTML...

CVE-2023-27635

debmany in debian-goodies 0.88.1 allows attackers to execute arbitrary shell commands because of an eval call via a crafted .deb file. The path is shown to the user before execution...

Debian debian-goodies 注入漏洞

debian Debian GUN/Linux is a Linux operating system from the Debian community in the United States. The system has faster and easier memory management, open source software support, good system security, and high stability. A security vulnerability exists in debian-goodies version 0.88.1, which...

PT-2023-1670

Name of the Vulnerable Software and Affected Versions debian-goodies version 0.88.1 Description The issue is related to the debmany function in the debian-goodies package, which allows attackers to execute arbitrary shell commands due to an eval call. This can be achieved via a crafted .deb file...

The vulnerability of the Red Hat Enterprise Linux operating system allows a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the dia-0.88.1 package of the Red Hat Enterprise Linux operating system can lead to violations of confidentiality, integrity, and accessibility of protected information. This vulnerability can be exploited remotely...

Mandrake Linux Security Advisory : clamav (MDKSA-2006:067)

Damian Put discovered an integer overflow in the PE header parser in ClamAV that could be exploited if the ArchiveMaxFileSize option was disabled CVE-2006-1614. Format strings in the logging code could possibly lead to the execution of arbitrary code CVE-2006-1615. David Luyer found that ClamAV...

DEBIAN-CVE-2006-1615

Multiple format string vulnerabilities in the logging code in Clam AntiVirus ClamAV before 0.88.1 might allow remote attackers to execute arbitrary code. NOTE: as of 20060410, it is unclear whether this is a vulnerability, as there is some evidence that the arguments are actually being sanitized...