CyberChef has a Cross-site Scripting issue

GCHQ CyberChef before 11.0.0 allows XSS via Show Base64 offsets, as demonstrated by the /recipe=ShowBase64offsets'%3Cscript substring...

GHSA-H4HV-92PP-PCJG CyberChef has a Cross-site Scripting issue

GCHQ CyberChef before 11.0.0 allows XSS via Show Base64 offsets, as demonstrated by the /recipe=ShowBase64offsets'%3Cscript substring...

Cross-site Scripting (XSS)

Overview cyberchef is a simple, intuitive web app for carrying out all manner of "cyber" operations within a web browser. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the ShowBase64Offsets.mjs. An attacker can execute arbitrary JavaScript code in the context of...

CVE-2026-42615

GCHQ CyberChef before 11.0.0 allows XSS via Show Base64 offsets, as demonstrated by the /recipe=ShowBase64offsets'%3Cscript substring...

CVE-2026-42615

GCHQ CyberChef before 11.0.0 allows XSS via Show Base64 offsets, as demonstrated by the /recipe=ShowBase64offsets'%3Cscript substring...

CVE-2026-42615

GCHQ CyberChef before 11.0.0 allows XSS via Show Base64 offsets, as demonstrated by the /recipe=ShowBase64offsets'%3Cscript substring...

CVE-2026-42615

GCHQ CyberChef before 11.0.0 allows XSS via Show Base64 offsets, as demonstrated by the /recipe=ShowBase64offsets'%3Cscript substring...

EUVD-2026-26191

GCHQ CyberChef before 11.0.0 allows XSS via Show Base64 offsets, as demonstrated by the /recipe=ShowBase64offsets'%3Cscript substring...

CVE-2026-42615

CyberChef up to version 11.0.0 is affected by an XSS in the Show Base64 offsets path, allowing script injection via the URL/fragment (e.g., /#recipe=Show_Base64_offsets...). Root cause: improper handling of Base64 offset input in the recipe viewer. Impact: potential script execution in the victim...

CyberChef 跨站脚本漏洞

CyberChef is an open-source network application developed by GCHQ, featuring functions such as encryption, encoding, compression, and data analysis. Versions of CyberChef prior to 11.0.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from the Show Base64 Offsets...

PT-2026-35866

Name of the Vulnerable Software and Affected Versions GCHQ CyberChef versions prior to 11.0.0 Description Cross-Site Scripting XSS is possible via the Show Base64 offsets feature. This occurs through the endpoint '/recipe=Show Base64 offsets', where an attacker can inject malicious scripts...

EUVD-2019-0636

Malware in sbrugna...

CVE-2019-15532

CyberChef before 8.31.2 allows XSS in core/operations/TextEncodingBruteForce.mjs...

XXE in PHPSpreadsheet's XLSX reader

Summary The XmlScanner class has a scan method which should prevent XXE attacks. However, we found another bypass than the previously reported CVE-2024-47873, the regexes from the findCharSet method, which is used for determining the current encoding can be bypassed by using a payload in the...

GHSA-7CC9-J4MV-VCJP XXE in PHPSpreadsheet's XLSX reader

Summary The XmlScanner class has a scan method which should prevent XXE attacks. However, we found another bypass than the previously reported CVE-2024-47873, the regexes from the findCharSet method, which is used for determining the current encoding can be bypassed by using a payload in the...

Hidden between the tags: Insights into spammers’ evasion techniques in HTML Smuggling

Cisco Talos has spotted several malicious email campaigns over the past few months that disguise JavaScript code within HTML email attachments, a technique commonly known as "HTML Smuggling." Cisco Talos has noticed that some industry verticals were targeted more than others by email threats usin...

CyberChef - The Cyber Swiss Army Knife - A Web App For Encryption, Encoding, Compression And Data Analysis

CyberChef is a simple, intuitive web app for carrying out all manner of "cyber" operations within a web browser. These operations include simple encoding like XOR and Base64, more complex encryption like AES, DES and Blowfish, creating binary and hexdumps, compression and decompression of data,...

SOC-Multitool - A Powerful And User-Friendly Browser Extension That Streamlines Investigations For Security Professionals

Introducing SOC Multi-tool, a free and open-source browser extension that makes investigations faster and more efficient. Now available on the Chrome Web Store and compatible with all Chromium-based browsers such as Microsoft Edge, Chrome, Brave, and Opera. Now available on Chrome Web Store!...

S1EM - This Project Is A SIEM With SIRP And Threat Intel, All In One

Today, cyber attacks are more numerous and cause damage in companies. Nevertheless, many software products exist to detect cyber threats. The S1EM solution is based on the principle of bringing together the best products in their field, free of charge, and making them quickly interoperable. S1EM ...

h1-ctf: h1-ctf : 12 days of hack holiday writeup

Summary This was a real fun CTF and I really enjoyed solving the challenges. Great job on creating the challenges. This is my writeup for the "12 Days of Hacky Holidays CTF". I hope you enjoy reading it, and I hope others reading it will pick up a trick or two. Flags: This is all the flags found...