20 matches found
CVE-2026-47694
WWBN AVideo is an open source video platform. In 29.0 and earlier, AVideo stores category descriptions from user input and later renders categorydescription as raw HTML in the Gallery view. A user who can create or edit categories can store JavaScript in a category description, which executes whe...
CVE-2026-47694
WWBN AVideo (affecting 29.0 and earlier) is vulnerable to a stored XSS via category_description in the Gallery view. The vulnerability arises because category descriptions submitted by users are rendered as raw HTML, allowing JavaScript execution when any user views the affected Gallery/category ...
CVE-2026-47694 WWBN AVideo: Stored XSS via unescaped Gallery category description
WWBN AVideo is an open source video platform. In 29.0 and earlier, AVideo stores category descriptions from user input and later renders categorydescription as raw HTML in the Gallery view. A user who can create or edit categories can store JavaScript in a category description, which executes whe...
Discourse Cross-Site Scripting Vulnerability
Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from a cross-site scripting vulnerability that stems from the API not cleaning up the description string when updating...
BIT-DISCOURSE-2026-32273 Discourse: XSS on category description update via API
Discourse is an open-source discussion platform. From versions 2026.1.0 to before 2026.1.3, and 2026.2.0 to before 2026.2.2, updating a category description via API is not sanitizing the description string, which can lead to XSS attacks. This issue has been patched in versions 2026.1.3, 2026.2.2,...
CVE-2026-31354
Multiple authenticated stored cross-site scripting XSS vulnerabilities in the Permissions module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Group, Category or Description parameters...
CVE-2026-32273
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, updating a category description via API is not sanitizing the description string, which can lead to XSS attacks. This issu...
CVE-2026-32273
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, updating a category description via API is not sanitizing the description string, which can lead to XSS attacks. This issu...
CVE-2026-32273
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, updating a category description via API is not sanitizing the description string, which can lead to XSS attacks. This issu...
CVE-2026-32273
Discourse (open-source discussion platform) contains an XSS vulnerability when updating a category description via the API. Affected versions are 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0. Patches are available in 2026.1.3, 2026...
CVE-2026-32273 Discourse: XSS on category description update via API
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, updating a category description via API is not sanitizing the description string, which can lead to XSS attacks. This issu...
CVE-2026-32273 Discourse: XSS on category description update via API
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, updating a category description via API is not sanitizing the description string, which can lead to XSS attacks. This issu...
CVE-2026-32273 Discourse: XSS on category description update via API
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, updating a category description via API is not sanitizing the description string, which can lead to XSS attacks. This issu...
Stock Management System Cross-Site Scripting Vulnerability
Sourcecodester Stock Management System is an inventory management system. A cross-site scripting vulnerability exists in CodeAstro Stock Management System version 1.0, which originates from /index.php in the component Add Category Handler, which contains unknown processing that leads to cross-sit...
CVE-2017-6555
Cross-site scripting XSS vulnerability in /admin/moduleinterface.php in CMS Made Simple 2.1.6 allows remote authenticated users to inject arbitrary web script or HTML via the m1description parameter aka "Design Manager Categories Category Description"...
CVE-2017-6555
Cross-site scripting XSS vulnerability in /admin/moduleinterface.php in CMS Made Simple 2.1.6 allows remote authenticated users to inject arbitrary web script or HTML via the m1description parameter aka "Design Manager Categories Category Description"...
CVE-2010-3023
Multiple cross-site scripting XSS vulnerabilities in DiamondList 0.1.6, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the 1 categorydescription parameter to user/main/updatecategory, which is not properly handled by app/views/categories/index.html.erb; an...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in DiamondList 0.1.6, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the 1 categorydescription parameter to user/main/updatecategory, which is not properly handled by app/views/categories/index.html.erb; an...
CVE-2010-3023
Multiple cross-site scripting XSS vulnerabilities in DiamondList 0.1.6, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the 1 categorydescription parameter to user/main/updatecategory, which is not properly handled by app/views/categories/index.html.erb; an...
SQL Server 2000
SQL Server Catergory Description...