74 matches found
CVE-2026-1721
Summary A Reflected Cross-Site Scripting XSS vulnerability was discovered in the AI Playground's OAuth callback handler. The errordescription query parameter was directly interpolated into an HTML script tag without proper escaping, allowing attackers to execute arbitrary JavaScript in the contex...
GHSA-W5CR-2QHR-JQC5 Cloudflare Agents has a Reflected Cross-Site Scripting (XSS) vulnerability in AI Playground site
Summary A Reflected Cross-Site Scripting XSS vulnerability was discovered in the AI Playground's OAuth callback handler. The errordescription query parameter was directly interpolated into an HTML script tag without proper escaping, allowing attackers to execute arbitrary JavaScript in the contex...
Cross-site Scripting (XSS)
Overview agents is an A home for your AI agents Affected versions of this package are vulnerable to Cross-site Scripting XSS via the errordescription query parameter, which is directly interpolated into an HTML script tag without proper escaping. An attacker can execute arbitrary JavaScript in th...
Cloudflare Agents has a Reflected Cross-Site Scripting (XSS) vulnerability in AI Playground site
Summary A Reflected Cross-Site Scripting XSS vulnerability was discovered in the AI Playground's OAuth callback handler. The errordescription query parameter was directly interpolated into an HTML script tag without proper escaping, allowing attackers to execute arbitrary JavaScript in the contex...
GHSA-CVHV-6XM6-C3V4 Cloudflare Agents is Vulnerable to Reflected Cross-Site Scripting in the AI Playground's OAuth callback handler
Summary A Reflected Cross-Site Scripting XSS vulnerability was discovered in the AI Playground's OAuth callback handler. The errordescription query parameter was directly interpolated into an HTML script tag without proper escaping, allowing attackers to execute arbitrary JavaScript in the contex...
CVE-2026-1721
Summary A Reflected Cross-Site Scripting XSS vulnerability was discovered in the AI Playground's OAuth callback handler. The errordescription query parameter was directly interpolated into an HTML script tag without proper escaping, allowing attackers to execute arbitrary JavaScript in the contex...
Cross-site Scripting (XSS)
Overview agents is an A home for your AI agents Affected versions of this package are vulnerable to Cross-site Scripting XSS via the errordescription query parameter in the OAuth callback handler, which is directly interpolated into an HTML script tag without proper escaping. An attacker can...
CVE-2026-1721 Reflected Cross-Site Scripting (XSS) vulnerability in AI Playground site
Summary A Reflected Cross-Site Scripting XSS vulnerability was discovered in the AI Playground's OAuth callback handler. The errordescription query parameter was directly interpolated into an HTML script tag without proper escaping, allowing attackers to execute arbitrary JavaScript in the contex...
CVE-2026-1721 Reflected Cross-Site Scripting (XSS) vulnerability in AI Playground site
Summary A Reflected Cross-Site Scripting XSS vulnerability was discovered in the AI Playground's OAuth callback handler. The errordescription query parameter was directly interpolated into an HTML script tag without proper escaping, allowing attackers to execute arbitrary JavaScript in the contex...
CVE-2026-1721
Summary A Reflected Cross-Site Scripting XSS vulnerability was discovered in the AI Playground's OAuth callback handler. The errordescription query parameter was directly interpolated into an HTML script tag without proper escaping, allowing attackers to execute arbitrary JavaScript in the contex...
PT-2026-7962
Name of the Vulnerable Software and Affected Versions AI Playground versions prior to 0.3.10 Description A Reflected Cross-Site Scripting XSS issue exists in the AI Playground's OAuth callback handler. The error description query parameter is directly interpolated into an HTML script tag without...
Cloudflare Agents 安全漏洞
Cloudflare Agents is an open-source tool developed by Cloudflare for building and deploying AI agents on Cloudflare platforms. There is a security vulnerability in Cloudflare Agents, which stems from the improper escaping of the errordescription query parameter in the OAuth callback handler of th...
Phishing Attack
Keycloak is vulnerable to a phishing attack. The vulnerability is due to unsanitized user-controlled input in the errordescription query parameter being rendered directly in trusted error pages, which allows an attacker to craft misleading URLs that display fake messages, links, or contact detail...
Cloudflare Public Bug Bounty: AI Playground XSS to steal user-chat messages and access to connected MCP Server
A reflected XSS vulnerability was discovered in the AI Playground OAuth handler due to unescaped interpolation of the errordescription parameter into a script tag. The issue has been patched, and users of the open-source Agents SDK should upgrade to v0.3.10...
CVE-2025-12021
The WP-OAuth plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'errordescription' parameter in all versions up to, and including, 0.4.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...
EUVD-2025-60951
The WP-OAuth plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'errordescription' parameter in all versions up to, and including, 0.4.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...
CVE-2025-12021
The WP-OAuth plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'errordescription' parameter in all versions up to, and including, 0.4.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...
CVE-2025-12021 WP-OAuth <= 0.4.1 - Reflected Cross-Site Scripting
The WP-OAuth plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'errordescription' parameter in all versions up to, and including, 0.4.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...
CVE-2025-12021
CVE-2025-12021 affects the WordPress WP-OAuth plugin, with Reflected Cross-Site Scripting via the error_description parameter in all versions up to and including 0.4.1 due to insufficient input sanitization and output escaping. This enables unauthenticated attackers to inject scripts in pages tha...
PT-2025-46272
Name of the Vulnerable Software and Affected Versions WP-OAuth plugin for WordPress versions up to and including 0.4.1 Description The WP-OAuth plugin for WordPress is susceptible to Reflected Cross-Site Scripting. This is due to insufficient input sanitization and output escaping related to the...