36 matches found
ERPNext 跨站脚本漏洞
ERPNext is a set of open-source enterprise resource planning solutions developed by the Indian company ERPNext. Version 16.16.0 of ERPNext contains a cross-site scripting vulnerability. This vulnerability arises from users with project record editing privileges being able to persist arbitrary...
Grafana 安全漏洞
Grafana is a set of open-source monitoring tools developed by Grafana Open Source, which provide a visual monitoring interface. This tool is primarily used for monitoring and analyzing systems such as Graphite, InfluxDB, and Prometheus. Grafana has a security vulnerability that stems from users...
MaxKB 代码问题漏洞
MaxKB is an open-source question-answering system based on large language models and RAG, developed by 1Panel-dev. Versions of MaxKB prior to 2.7.1 contained code vulnerabilities. These vulnerabilities stemmed from a flaw in sandbox network protection, which could be bypassed, allowing...
WordPress plugin OpenStreetMap 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
Discourse 安全漏洞
Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from a security vulnerability that stems from a user with tag editing privileges being able to edit and create synonyms...
Mattermost Plugins 安全漏洞
Mattermost Plugins is a plugin provided by the American company Mattermost, offering powerful feature extensions and tight integration with servers and network/desktop applications. Versions 11.3, 11.0.3, 11.2.2, and 10.10.11.0 of Mattermost Plugins contain security vulnerabilities. These...
PT-2026-22332
PluXml CMS is vulnerable to Stored XSS in Static Pages editing functionality. Attacker with editing privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. The vendor was notified early about this vulnerability, but didn't respond with...
CVE-2026-22867
LaSuite Doc is a collaborative note taking, wiki and documentation platform. From 3.8.0 to 4.3.0, a Stored Cross-Site Scripting XSS vulnerability exists in the Interlinking feature. When a user creates a link to another document within the editor, the URL of that link is not validated. An attacke...
CVE-2025-71164
Typesetter CMS versions up to and including 5.1 contain a reflected cross-site scripting XSS vulnerability in the Editing component. The images parameter submitted as images in a POST request is reflected into an HTML href attribute without proper context-aware output encoding in...
CVE-2026-22867
LaSuite Doc is a collaborative note taking, wiki and documentation platform. From 3.8.0 to 4.3.0, a Stored Cross-Site Scripting XSS vulnerability exists in the Interlinking feature. When a user creates a link to another document within the editor, the URL of that link is not validated. An attacke...
PT-2026-3073
Name of the Vulnerable Software and Affected Versions LaSuite Doc versions 3.8.0 through 4.3.0 Description LaSuite Doc is a collaborative note taking, wiki and documentation platform. A Stored Cross-Site Scripting XSS issue exists in the Interlinking feature. When a user creates a link to another...
CVE-2025-71164 Typesetter CMS Reflected XSS via Editing.php
Typesetter CMS versions up to and including 5.1 contain a reflected cross-site scripting XSS vulnerability in the Editing component. The images parameter submitted as images in a POST request is reflected into an HTML href attribute without proper context-aware output encoding in...
EUVD-2026-2437
Typesetter CMS versions up to and including 5.1 contain a reflected cross-site scripting XSS vulnerability in the Editing component. The images parameter submitted as images in a POST request is reflected into an HTML href attribute without proper context-aware output encoding in...
PT-2026-2944
Name of the Vulnerable Software and Affected Versions Typesetter CMS versions up to and including 5.1 Description Typesetter CMS versions up to and including 5.1 have a reflected cross-site scripting XSS issue in the Editing component. The images parameter, submitted as images in a POST request, ...
EUVD-2002-0798
Malware in sbrugna...
EUVD-2022-1669
Malicious code in bioql PyPI...
CVE-2025-53368
Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. From versions 1.9.4 to before 3.4.0, page descriptions are inserted into raw HTML without proper sanitization by the Citizen skin when using the old search bar. Any user with page editing privileges can insert...
CVE-2025-53368
Citizen is a MediaWiki skin. CVE-2025-53368 affects Citizen versions 1.9.4 up to, but not including, 3.4.0, where page descriptions are inserted into raw HTML without sanitization when using the legacy search bar. This enables stored XSS by any user with page editing privileges targeting other us...
PT-2025-27830 · Mediawiki · Mediawiki Citizen Skin
Name of the Vulnerable Software and Affected Versions: Citizen MediaWiki skin versions 1.9.4 through 3.4.0 Description: The Citizen MediaWiki skin has an issue where page descriptions are inserted into raw HTML without proper sanitization when using the old search bar. This allows any user with...
XWiki Platform 安全漏洞
XWiki Platform is XWiki's open source suite of Wiki platforms for creating web collaboration applications. A security vulnerability exists in XWiki Platform that originates from allowing any user with editing privileges to execute arbitrary remote code by adding relevant instances to their user...