22 matches found
CVE-2026-53963
Discourse (open‑source discussion platform) has a stored XSS in the delete confirmation dialog for a malicious second factor name on an attacker‑controlled account. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, this name was not escaped, enabling XSS when an administrator impersonates that...
CVE-2026-53963
Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, a malicious second factor name on an attacker-controlled account was not escaped in the delete confirmation dialog, allowing stored cross-site scripting when an administrator impersonated that...
CVE-2026-11942
Akaunting 3.1.21 contains an authenticated stored cross-site scripting vulnerability in the reusable delete confirmation flow. A user with permission to create or modify records, such as Items, can store HTML/JavaScript in the record name...
CVE-2026-11942
Akaunting 3.1.21 contains an authenticated stored cross-site scripting vulnerability in the reusable delete confirmation flow. A user with permission to create or modify records, such as Items, can store HTML/JavaScript in the record name...
EUVD-2026-38260
Akaunting 3.1.21 contains an authenticated stored cross-site scripting vulnerability in the reusable delete confirmation flow. A user with permission to create or modify records, such as Items, can store HTML/JavaScript in the record name...
CVE-2026-11942
CVE-2026-11942 affects Akaunting 3.1.21. The vulnerability is an authenticated stored cross-site scripting flaw in the reusable delete confirmation flow: a user with permission to create or modify records (e.g., Items) can store HTML/JavaScript in a record name, which could be reflected to other ...
CVE-2026-11942 Akaunting 3.1.21 - Stored XSS in delete confirmation modal
Akaunting 3.1.21 contains an authenticated stored cross-site scripting vulnerability in the reusable delete confirmation flow. A user with permission to create or modify records, such as Items, can store HTML/JavaScript in the record name...
CVE-2026-4344
A maliciously crafted HTML payload in a component name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read loc...
CVE-2026-4344
A maliciously crafted HTML payload in a component name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read loc...
CVE-2026-4344
A maliciously crafted HTML payload in a component name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read loc...
CVE-2026-4369 Stored Cross-Site Scripting (XSS) Vulnerability in Assembly Variant Name
A maliciously crafted HTML payload in an assembly variant name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to...
CVE-2026-4369 Stored Cross-Site Scripting (XSS) Vulnerability in Assembly Variant Name
A maliciously crafted HTML payload in an assembly variant name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to...
CVE-2026-4369
The CVE-2026-4369 entry describes a Stored Cross-Site Scripting (XSS) vulnerability in Autodesk Fusion desktop app tied to a malicious payload in an assembly variant name. The vulnerability can be triggered when the affected variant name is rendered in the delete confirmation dialog, and a user c...
Cross-site Scripting (XSS)
Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Tag Delete Confirmation. An attacker can execute arbitrary JavaScript in the application's context by injecting malicious HTML into the tag name, which is then...
CVE-2026-33517 MantisBT Vulnerable to Stored HTML Injection in Tag Delete Confirmation
Mantis Bug Tracker MantisBT is an open source issue tracker. In version 2.28.0, when deleting a Tag tagdelete.php, improper escaping of its name when displaying the confirmation message allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript. Versi...
CVE-2026-0533
A maliciously crafted HTML payload in a design name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local...
CVE-2026-0533 Stored XSS in Fusion desktop when attempting to delete a file
A maliciously crafted HTML payload in a design name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local...
CVE-2026-0533
Technical details (affected product/version, root cause, exploit specifics, impact, or fixes) are not publicly available in the provided documents. Monitor for updates from Autodesk and security advisories to obtain concrete details and remediation guidance.
CVE-2026-0533
A maliciously crafted HTML payload in a design name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local...
PT-2026-4201
A maliciously crafted HTML payload in a design name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local...