docuForm FSM Server 跨站脚本漏洞

The docuForm FSM Server is a server-side system developed by the German company docuForm, designed for enterprise document processing and form workflow management. The version 11.11c of the docuForm FSM Server contains a cross-site scripting vulnerability. This vulnerability originates from the...

PT-2026-39606

A reflected cross-site scripted XSS vulnerability in the dfm-menu departments.php component of GmbH Mecury Managed Print Services docuForm v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable value...

PT-2026-39605

A reflected cross-site scripted XSS vulnerability in the dfm-menu maintenance.php component of GmbH Mecury Managed Print Services docuForm v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable value...

CVE-2026-3007

Successful exploitation of the stored cross-site scripting XSS vulnerability could allow an attacker to execute arbitrary JavaScript on any user account that has access to Koollab LMS’ courselet feature...

EUVD-2026-28512

Electerm runWidget has a path traversal that leads to arbitrary code execution...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the rendering process in cron.erb. An attacker can execute arbitrary JavaScript in the context of the user's browser by supplying a crafted URL. Details Cross-site scripting or XSS is a code vulnerability th...

CVE-2026-41139

Math.js is an extensive math library for JavaScript and Node.js. From version 13.1.0 to before version 15.2.0, arbitrary JavaScript can be executed via the expression parser of mathjs. This issue has been patched in version 15.2.0...

CVE-2026-41139 Unsafe array index getter in mathjs

Math.js is an extensive math library for JavaScript and Node.js. From version 13.1.0 to before version 15.2.0, arbitrary JavaScript can be executed via the expression parser of mathjs. This issue has been patched in version 15.2.0...

CVE-2026-41139

Math.js is an extensive math library for JavaScript and Node.js. From version 13.1.0 to before version 15.2.0, arbitrary JavaScript can be executed via the expression parser of mathjs. This issue has been patched in version 15.2.0...

CVE-2026-41139

CVE-2026-41139 affects mathjs: Unsafe array index getter in the expression parser allows arbitrary JavaScript execution. The issue was present from version 13.1.0 up to before 15.2.0 and has been patched in 15.2.0. Impact is high (CVSSv3.0: 8.8, network attack vector, user interaction: none, priv...

BentoPDF 跨站脚本漏洞

BentoPDF is a privacy-oriented client PDF processing tool developed by Alam. Versions of BentoPDF prior to 2.8.3 contained a cross-site scripting vulnerability. This vulnerability stems from cross-site scripting, allowing attackers to execute arbitrary JavaScript within the Markdown to PDF tool...

PT-2026-38340

Name of the Vulnerable Software and Affected Versions Math.js versions 13.1.0 through 15.1.x Description Arbitrary JavaScript can be executed through the expression parser of the library. Recommendations Update to version 15.2.0...

GHSA-8RQ5-WWPP-FMJ2 YAFNET has Stored XSS in Forum Thread Posts/Replies that Allows Arbitrary JavaScript Execution for All Thread Viewers

Description: Stored Cross-Site Scripting XSS occurs when user-supplied input is persisted by the application and later rendered in another user's browser without proper sanitization or contextual output encoding. When the vulnerable sink is a high-traffic surface such as a public forum thread, th...

CVE-2026-40897

A flaw was found in mathjs, an extensive math library for JavaScript and Node.js. This vulnerability allows a remote attacker to execute arbitrary JavaScript code by evaluating malicious expressions through the mathjs expression parser. This can lead to a complete compromise of the affected...

CVE-2026-42366

GeoVision LPC2011/LPC2211 Web Interface (ssi.cgi) contains reflected XSS vulnerabilities in version 1.10. A crafted URL can trigger arbitrary JavaScript execution in the context of the user’s browser. The CVSSv3.1 vector is AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N with a base score of 7.4 (HIGH). Expl...

EUVD-2026-26857

Multiple reflected cross-site scripting xss vulnerabilities exist in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted malicious url can lead to an arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerabili...

PT-2026-36734

Multiple reflected cross-site scripting xss vulnerabilities exist in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted malicious url can lead to an arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerabili...

Astra Linux - уязвимость в webkit2gtk

A validation issue has been addressed through improved input sanitization. This issue is fixed in iOS 15.3, iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, and macOS Monterey 12.2. Processing a maliciously crafted email message may result in the execution of arbitrary JavaScript code...

Astra Linux - уязвимость в firefox, thunderbird

A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution within the PDF.js context. This vulnerability affects Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11...

PT-2026-36527

Name of the Vulnerable Software and Affected Versions GSVoIP web panel version 2.0.90 Description A Cross-Site Scripting XSS issue exists where the /painel/gateways.php/error endpoint fails to properly sanitize user-supplied input in the msg parameter. This allows a remote attacker to inject...