CVE-2026-27474

SPIP before 4.4.9 allows Cross-Site Scripting XSS in the private area, complementing an incomplete fix from SPIP 4.4.8. The echappeantixss function was not systematically applied to input, form, button, and anchor a HTML tags, allowing an attacker to inject malicious scripts through these element...

CVE-2026-27474

SPIP before 4.4.9 allows Cross-Site Scripting XSS in the private area, complementing an incomplete fix from SPIP 4.4.8. The echappeantixss function was not systematically applied to input, form, button, and anchor a HTML tags, allowing an attacker to inject malicious scripts through these element...

CVE-2026-27474

CVE-2026-27474 affects SPIP prior to 4.4.9, where the private area is vulnerable to Cross-Site Scripting due to incomplete application of the echappe_anti_xss() filter to input, form, button, and anchor tags. The issue compounds an incomplete fix from SPIP 4.4.8 and is not mitigated by the securi...

CVE-2026-27474 SPIP < 4.4.9 Cross-Site Scripting in Private Area (Incomplete Fix)

SPIP before 4.4.9 allows Cross-Site Scripting XSS in the private area, complementing an incomplete fix from SPIP 4.4.8. The echappeantixss function was not systematically applied to input, form, button, and anchor a HTML tags, allowing an attacker to inject malicious scripts through these element...

SPIP 安全漏洞

SPIP is an open-source software developed by SPIP for creating Internet websites. Versions of SPIP prior to 4.4.9 contained a security vulnerability. This vulnerability stemmed from the echappeantixss function not being applied systematically to HTML tags such as input fields, forms, buttons, and...

PT-2026-20847

Name of the Vulnerable Software and Affected Versions SPIP versions prior to 4.4.9 Description SPIP versions before 4.4.9 contain a Cross-Site Scripting XSS issue in the private area. The echappe anti xss function was not consistently applied to input, form, button, and anchor HTML tags, enabling...

anti-xss

//: AUTO-GENERATED BY "PHP README Helper": base file - doc...

EUVD-2018-7547

Malware in sbrugna...

EUVD-2006-4468

Malware in sbrugna...

anti-xss

This is a PHP library called AntiXSS, which is designed to prevent cross-site scripting XSS attacks. The library provides a set of functions to sanitize user input and protect against XSS vulnerabilities. The library is maintained by Lars Moelleken and is available on Packagist, a popular PHP...

fr.kicknrollsports.com Cross Site Scripting vulnerability OBB-2544118

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2015-9276

SmarterMail (SmarterTools) before version 13.3.5535 is affected by a stored XSS vulnerability where attacker-controlled HTML/JS in an email bypasses anti-XSS protections. When a victim opens or replies to the attacker’s email, JS executes; passwords could be reset on the password-reset page that ...

[SECURITY] Fedora 28 Update: mozilla-noscript-10.1.9.6-1.fc28

The NoScript Firefox extension provides extra protection for Firefox. It allows JavaScript, Java, Flash and other plug-ins to be executed only by trusted web sites of your choice e.g. your online bank and additionally provides Anti-XSS protection...

[SECURITY] Fedora 27 Update: mozilla-noscript-10.1.9.6-1.fc27

The NoScript Firefox extension provides extra protection for Firefox. It allows JavaScript, Java, Flash and other plug-ins to be executed only by trusted web sites of your choice e.g. your online bank and additionally provides Anti-XSS protection...

WordPress FV Flowplayer 7.2.0.727 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications Reflected XSS in FV Flowplayer Wordpress plugin ================================================================ Author: Janek Vind "waraxe" Date: 20. September 2018 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-107.html Target...

CVE-2018-15676

An issue was discovered in BTITeam XBTIT. By using String.replace and eval, it is possible to bypass the includes/crkprotection.php anti-XSS mechanism that looks for a number of dangerous fingerprints...

Design/Logic Flaw

An issue was discovered in BTITeam XBTIT. By using String.replace and eval, it is possible to bypass the includes/crkprotection.php anti-XSS mechanism that looks for a number of dangerous fingerprints...

CVE-2018-15676

An issue was discovered in BTITeam XBTIT. By using String.replace and eval, it is possible to bypass the includes/crkprotection.php anti-XSS mechanism that looks for a number of dangerous fingerprints...

Rockstar Games: Stored XSS via Send crew invite

In this report, the researcher was able to demonstrate a vulnerability in our Crew Invite mechanism that could have allowed an attacker to carry out a Stored XSS attack. By modifying a request in-flight and injecting unexpected characters in the Invitation message body, it was possible to escape...

Rockstar Games: XSS STORED AT socialclub.rockstargames.com (add friend request from profile attacker)

In this report, the researcher discovered a Stored XSS vulnerability in the Add Friend functionality. It worked by filling the optional Message field with a XSS payload utilized an SVG object tag and some character escaping. When the recipient of the malicious friend request clicked or tapped the...