67 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-7186
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Stored cross-site scripting in the URL dashboard widget in Checkmk 2.5.0p5, 2.4.0p31, 2.3.0p48, and all 2.2.0 versions allows a user with dashboard editing...
CVE-2026-7186
Stored cross-site scripting in the URL dashboard widget in Checkmk 2.5.0p5, 2.4.0p31, 2.3.0p48, and all 2.2.0 versions allows a user with dashboard editing permissions to store a URL with a dangerous URI scheme such as javascript: that executes scripts in other users' browsers when they view the...
CVE-2026-7186
Stored cross-site scripting in the URL dashboard widget in Checkmk 2.5.0p5, 2.4.0p31, 2.3.0p48, and all 2.2.0 versions allows a user with dashboard editing permissions to store a URL with a dangerous URI scheme such as javascript: that executes scripts in other users' browsers when they view the...
CVE-2026-7186 Fix stored XSS in URL dashboard widget via dangerous URI schemes
Stored cross-site scripting in the URL dashboard widget in Checkmk 2.5.0p5, 2.4.0p31, 2.3.0p48, and all 2.2.0 versions allows a user with dashboard editing permissions to store a URL with a dangerous URI scheme such as javascript: that executes scripts in other users' browsers when they view the...
CVE-2026-7186 Fix stored XSS in URL dashboard widget via dangerous URI schemes
Stored cross-site scripting in the URL dashboard widget in Checkmk 2.5.0p5, 2.4.0p31, 2.3.0p48, and all 2.2.0 versions allows a user with dashboard editing permissions to store a URL with a dangerous URI scheme such as javascript: that executes scripts in other users' browsers when they view the...
EUVD-2026-35061
Stored cross-site scripting in the URL dashboard widget in Checkmk 2.5.0p5, 2.4.0p31, 2.3.0p48, and all 2.2.0 versions allows a user with dashboard editing permissions to store a URL with a dangerous URI scheme such as javascript: that executes scripts in other users' browsers when they view the...
CVE-2026-7186
CVE-2026-7186 describes a stored cross-site scripting flaw in the Dashboard URL widget of Checkmk for versions <2.5.0p5, <2.4.0p31,
Checkmk 跨站脚本漏洞
Checkmk is an IT monitoring platform developed by Checkmk Corporation. Versions of Checkmk prior to 2.5.0p5, 2.4.0p31, 2.3.0p48, and all 2.2.0 versions contain a cross-site scripting vulnerability. This vulnerability stems from a storage-based cross-site scripting vulnerability within the URL...
CVE-2026-10864
The vulnerability CVE-2026-10864 affects MISP dashboard widgets (New Users and New Organisations). The issue stems from how field filtering and redaction are applied to the user-selected field list, which could leave the field set empty and cause the underlying query to fall back to returning uni...
MAL-2026-2681 Malicious code in @athena-ui-components/dashboard-widget (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dde903dbeed027bf706e148f4e85f93dd117d93441dddea76703a801a81a5b2d The package @athena-ui-components/dashboard-widget was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in @athena-ui-components/dashboard-widget (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dde903dbeed027bf706e148f4e85f93dd117d93441dddea76703a801a81a5b2d The package @athena-ui-components/dashboard-widget was found to contain malicious code. Source: ossf-package-analysis...
CVE-2026-27178
MajorDoMo aka Major Domestic Module contains a stored cross-site scripting XSS vulnerability through method parameter injection into the shoutbox. The /objects/?method= endpoint allows unauthenticated execution of stored methods with attacker-controlled parameters. Default methods such as...
CVE-2026-27178 MajorDoMo Stored Cross-Site Scripting via Method Parameters to Shoutbox
MajorDoMo aka Major Domestic Module contains a stored cross-site scripting XSS vulnerability through method parameter injection into the shoutbox. The /objects/?method= endpoint allows unauthenticated execution of stored methods with attacker-controlled parameters. Default methods such as...
CVE-2026-25482 Craft Commerce has Stored DOM XSS in Order Status Name (Reflects in "Recent Orders" Dashboard Widget)
Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored DOM XSS vulnerability exists in the "Recent Orders" dashboard widget. The Order Status Name is rendered via JavaScript string concatenation without proper escaping, allowi...
Cross-site Scripting (XSS)
Overview craftcms/commerce is a Craft Commerce Affected versions of this package are vulnerable to Cross-site Scripting XSS via the value.name field in the dashboard widget. An attacker can execute arbitrary JavaScript in the context of an admin user's browser by injecting malicious scripts into...
PT-2026-6293
Name of the Vulnerable Software and Affected Versions Craft Commerce versions 4.0.0-RC1 through 4.10.0 Craft Commerce versions 5.0.0 through 5.5.1 Description A stored DOM Cross-Site Scripting XSS issue exists within the "Recent Orders" dashboard widget. The Order Status Name is rendered using...
CVE-2024-58319
A reflected cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via the Pages dashboard widget configuration dialog. Attackers can exploit this vulnerability to execute malicious scripts in administrative users' browsers...
CVE-2024-58319 Kentico Xperience <= 13.0.160 Pages Dashboard Widget Reflected XSS
A reflected cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via the Pages dashboard widget configuration dialog. Attackers can exploit this vulnerability to execute malicious scripts in administrative users' browsers...
CVE-2024-58319 Kentico Xperience <= 13.0.160 Pages Dashboard Widget Reflected XSS
A reflected cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via the Pages dashboard widget configuration dialog. Attackers can exploit this vulnerability to execute malicious scripts in administrative users' browsers...
CVE-2024-58319
A concrete XSS vulnerability affects Kentico Xperience, specifically a reflected cross-site scripting flaw in the Pages dashboard widget configuration dialog. The issue is triggered via the Pages widget settings, enabling an attacker to inject and execute malicious scripts in an administrator’s b...