3 matches found
CVE-2026-33741 EspoCRM: Stored XSS via SVG attachment loading same-origin JavaScript
EspoCRM is an open source customer relationship management application. Versions 9.3.3 and below allow authenticated users to upload SVG attachments through normal attachment-capable fields and later serve those SVG files as top-level inline documents through both the attachment and image entry...
CVE-2026-33525
Authelia is an open-source authentication and authorization server providing two-factor authentication and single sign-on SSO for applications via a web portal. In version 4.39.15, an attacker may potentially be able to inject javascript into the Authelia login page if several conditions are met...
Clario: Multiple Links Vulnerable to Reflected xss
Summary Multiple Links Vulnerable to Reflected xss in https://mackeeper.com/mk/de/ Steps to reproduce goto these links and xss will be triggered...