4 matches found
CVE-2026-44429
The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. Prior to 1.7.7, the public catalogue UI served at GET / file internal/api/handlers/v0/uiindex.html is vulnerable to stored cross-site scripting via the server.websiteUrl field of any published...
CVE-2026-44429 MCP Registry: Stored XSS in catalogue UI via attribute-quote breakout in publisher-controlled `websiteUrl`
The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. Prior to 1.7.7, the public catalogue UI served at GET / file internal/api/handlers/v0/uiindex.html is vulnerable to stored cross-site scripting via the server.websiteUrl field of any published...
CVE-2026-44429 vulnerabilities
Vulnerabilities for packages: goreleaser...
CVE-2026-44429
creationtimestamp| type| source ---|---|--- 2026-05-04 14:34:31+00:00| published-proof-of-concept| https://github.com/modelcontextprotocol/registry/security/advisories/GHSA-rqv2-m695-f8j4...