28 matches found
CVE-2026-42045
LobeHub is a work-and-lifestyle space to find, build, and collaborate with agent teammates that grow with you. Prior to 2.1.48, when LobeChat processes custom tags in the Render process of src/features/Portal/Artifacts/Body/Renderer/index.tsx, if no type match is found, it will choose to call the...
LobeHub 跨站脚本漏洞
LobeHub is an open-source AI dialogue framework developed by LobeHub. Versions of LobeHub prior to 2.1.48 contained a cross-site scripting vulnerability. This vulnerability stemmed from improper filtering during the processing of custom tags, which could lead to cross-site scripting attacks and t...
Command Injection
Overview @lobehub/lobehub is a LobeHub - an open-source,comprehensive AI Agent framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. Supports one-click free deployment of your private ChatGPT/LLM web application. Affected versions of this package are...
CVE-2021-47843
Tagstoo 2.0.1 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious payloads through files or custom tags. Attackers can execute arbitrary JavaScript code to spawn system processes, access files, and perform remote code execution on the victim's computer...
CVE-2021-47843 Tagstoo 2.0.1 - Stored XSS to RCE
Tagstoo 2.0.1 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious payloads through files or custom tags. Attackers can execute arbitrary JavaScript code to spawn system processes, access files, and perform remote code execution on the victim's computer...
CVE-2021-47843 Tagstoo 2.0.1 - Stored XSS to RCE
Tagstoo 2.0.1 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious payloads through files or custom tags. Attackers can execute arbitrary JavaScript code to spawn system processes, access files, and perform remote code execution on the victim's computer...
EUVD-2026-2751
Tagstoo 2.0.1 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious payloads through files or custom tags. Attackers can execute arbitrary JavaScript code to spawn system processes, access files, and perform remote code execution on the victim's computer...
CVE-2021-47843
The CVE-2021-47843 entry concerns Tagstoo 2.0.1, which is affected by a stored cross-site scripting (XSS) vulnerability in files or custom tags. The issue enables attackers to inject malicious payloads and execute arbitrary JavaScript code, potentially spawning system processes, accessing files, ...
Tagstoo Cross-Site Scripting Vulnerability
Tagstoo is a tag-based file manager developed by Pablo Andueza. Version 2.0.1 of Tagstoo contains a cross-site scripting vulnerability. This vulnerability arises from improper handling of file or custom tag inputs, which may lead to storage-based cross-site scripting attacks...
CVE-2023-43874
Multiple Cross Site Scripting XSS vulnerability in e017 CMS v.2.3.2 allows a local attacker to execute arbitrary code via a crafted script to the Copyright and Author fields in the Meta & Custom Tags Menu...
HackerOne: IDOR Vulnerability at AddTagToAssets operation name
The IDOR vulnerability was discovered in the AddTagToAssets operation name of a GraphQL endpoint. The vulnerability allowed an attacker to obtain the IDs of custom tags created by a victim by decoding the base64-encoded tagId parameter in the request. This revealed the format and pattern of the t...
CVE-2023-43874
Multiple Cross Site Scripting XSS vulnerability in e017 CMS v.2.3.2 allows a local attacker to execute arbitrary code via a crafted script to the Copyright and Author fields in the Meta & Custom Tags Menu...
Cross site scripting
Multiple Cross Site Scripting XSS vulnerability in e017 CMS v.2.3.2 allows a local attacker to execute arbitrary code via a crafted script to the Copyright and Author fields in the Meta & Custom Tags Menu...
CVE-2023-43874
Multiple Cross Site Scripting XSS vulnerability in e017 CMS v.2.3.2 allows a local attacker to execute arbitrary code via a crafted script to the Copyright and Author fields in the Meta & Custom Tags Menu...
CVE-2023-43874
Multiple Cross Site Scripting XSS vulnerability in e017 CMS v.2.3.2 allows a local attacker to execute arbitrary code via a crafted script to the Copyright and Author fields in the Meta & Custom Tags Menu...
PT-2023-29019 · E017 Cms · E017 Cms
Name of the Vulnerable Software and Affected Versions: e017 CMS version 2.3.2 Description: A Cross Site Scripting XSS issue allows a local attacker to execute arbitrary code via a crafted script to the Copyright and Author fields in the Meta & Custom Tags Menu. This enables the attacker to perfor...
[SECURITY] Fedora 36 Update: php-twig3-3.4.3-1.fc36
The flexible, fast, and secure template engine for PHP. Fast: Twig compiles templates down to plain optimized PHP code. The overhead compared to regular PHP code was reduced to the very minimum. Secure: Twig has a sandbox mode to evaluate untrusted template code. This allows Twig to be used as a...
[SECURITY] Fedora 35 Update: php-twig3-3.4.3-1.fc35
The flexible, fast, and secure template engine for PHP. Fast: Twig compiles templates down to plain optimized PHP code. The overhead compared to regular PHP code was reduced to the very minimum. Secure: Twig has a sandbox mode to evaluate untrusted template code. This allows Twig to be used as a...
[SECURITY] Fedora 35 Update: php-twig2-2.14.11-1.fc35
The flexible, fast, and secure template engine for PHP. Fast: Twig compiles templates down to plain optimized PHP code. The overhead compared to regular PHP code was reduced to the very minimum. Secure: Twig has a sandbox mode to evaluate untrusted template code. This allows Twig to be used as a...
Sensio Labs Twig Injection Vulnerability
Sensio Labs Twig is a PHP template engine from the French company Sensio Labs that supports custom tags and filters and the creation of DSLs. Sensio Labs Twig is vulnerable to injection, which can be exploited by attackers to run arbitrary PHP functions...