CVE-2026-47694

WWBN AVideo is an open source video platform. In 29.0 and earlier, AVideo stores category descriptions from user input and later renders categorydescription as raw HTML in the Gallery view. A user who can create or edit categories can store JavaScript in a category description, which executes whe...

EUVD-2026-33304

WWBN AVideo is an open source video platform. In 29.0 and earlier, AVideo stores category descriptions from user input and later renders categorydescription as raw HTML in the Gallery view. A user who can create or edit categories can store JavaScript in a category description, which executes whe...

CVE-2026-47694 WWBN AVideo: Stored XSS via unescaped Gallery category description

WWBN AVideo is an open source video platform. In 29.0 and earlier, AVideo stores category descriptions from user input and later renders categorydescription as raw HTML in the Gallery view. A user who can create or edit categories can store JavaScript in a category description, which executes whe...

PT-2026-44848

WWBN AVideo is an open source video platform. In 29.0 and earlier, AVideo stores category descriptions from user input and later renders category description as raw HTML in the Gallery view. A user who can create or edit categories can store JavaScript in a category description, which executes wh...

WWBN AVideo 安全漏洞

WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to version 29 contain security vulnerabilities. These vulnerabilities stem from storing user-input category descriptions as raw HTML during Gallery view rendering. This allows...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection in the process that renders the Gallery or Kanban view when a malicious URL is stored in the mAsset field and used as a cover image. An attacker can execute arbitrary operating system commands under the victim's...

CVE-2026-34448

SiYuan is a personal knowledge management system. Prior to version 3.6.2, an attacker who can place a malicious URL in an Attribute View mAsse field can trigger stored XSS when a victim opens the Gallery or Kanban view with “Cover From - Asset Field” enabled. The vulnerable code accepts arbitrary...

CVE-2026-34448

SiYuan is a personal knowledge management system. Prior to version 3.6.2, an attacker who can place a malicious URL in an Attribute View mAsse field can trigger stored XSS when a victim opens the Gallery or Kanban view with “Cover From - Asset Field” enabled. The vulnerable code accepts arbitrary...

@censujiang/nativescript-local-notifications (=6.4.0), @nativescript-community/audio (=6.4.14) +4 more potentially affected by unknown CVE via @nativescript-community/perms (>=3.0.11 <=3.0.3)

@nativescript-community/perms NPM version =3.0.11, =3.1.20, =7.0.0, =1.0.4, =0.0.1, =0.1.0 Source cves: unknown CVE Source advisory: SNYK:JS-NATIVESCRIPTCOMMUNITYPERMS-12704723...

Stored Cross-Site Scripting

Description A stored cross-site scripting vulnerability exists within the Gallery View comments functionality. Replication Steps and PoC Preconditions PC1. A project exists. PC2. A table with a sheet containing data exists in the project. PC3. A gallery view exists. PC4. A user with the editor ro...

italiatakeaway.it XSS vulnerability

Open Bug Bounty ID: OBB-537453 Description| Value ---|--- Affected Website:| italiatakeaway.it Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Nextcloud: Stored XSS on Share-popup of a directory's Gallery-view

Hi, Nice with the program launch! Congrats! I noticed that there was a Share-icon when toggling to the Gallery-view of a directory under "Nextcloud Files": F99938 If your directory has a malicious name such as a HTML-payload: , this HTML will run when clicking on the Share-icon: F99937 I see that...

CRUCMS Crucial Networking - SQL Injection Vulnerability

Document Title: =============== CRUCMS Crucial Networking - SQL Injection Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1497 Release Date: ============= 2015-05-18 Vulnerability Laboratory ID VL-ID: ==================================== 14...

Design/Logic Flaw

The 1 login, 2 admin profile edit, 3 reminder, 4 edit profile, 5 profile view, 6 gallery view, 7 gallery comment, and 8 gallery feedback capabilities in web-app.org WebAPP before 0.9.9.7 do not verify presence of users in memberlist.dat, which has unknown impact and remote attack vectors...