CVE-2026-40596

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.11.0 through 2.28.1 allow any authenticated user to inject arbitrary HTML by updating their account's font family. Upon exploitation, an XSS payload would be reflected on every MantisBT page. Leveraging another vulnerability...

Linux Distros Unpatched Vulnerability : CVE-2025-12669

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.11 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have...

PT-2026-45157

Name of the Vulnerable Software and Affected Versions Twig affected versions not specified Description The TwigProfilerDumperHtmlDumper component fails to escape the output of Profile::getTemplate and Profile::getName when writing to HTML. If an attacker can control the template name—which may...

PT-2026-42683

Name of the Vulnerable Software and Affected Versions Umbraco CMS versions prior to 17.4.0 Description Authenticated users can inject HTML into an input field. This content is then rendered in the confirmation dialog without proper output encoding, leading to Cross-Site Scripting XSS or HTML...

CVE-2026-39960

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and below contain flawed logic that causes improper escaping of a textarea custom field's contents in the Update Issue page, bugupdatepage.php allowing an attacker to inject HTML and, if CSP settings permit, execute...

CVE-2026-39960

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and below contain flawed logic that causes improper escaping of a textarea custom field's contents in the Update Issue page, bugupdatepage.php allowing an attacker to inject HTML and, if CSP settings permit, execute...

CVE-2026-26028 CryptPad: Sanitizer Bypass in Diffmarked.js Allows Arbitrary HTML Injection and Potential XSS

CryptPad is an end-to-end encrypted collaborative office suite. In versions prior to 2026.2.0, the HTML sanitizer in Diffmarked.js can be bypassed due to incomplete attribute filtering on restricted tags. The sanitizer validates only the src attribute of , , and elements, leaving all other...

CVE-2026-26028

CryptPad suffers a sanitizer bypass in Diffmarked.js prior to 2026.2.0. The HTML sanitizer only enforces the src attribute on iframe, video, and audio tags while treating iframe as restricted rather than forbidden, allowing an attacker to inject arbitrary HTML via srcdoc and defeat bounce sandbox...

Astra Linux - уязвимость в twisted

Twisted is an event-based framework for internet applications, compatible with Python 3.6+. The twisted.web.util.redirectTo function contains an HTML injection vulnerability. If the application code allows an attacker to control the redirect URL, this vulnerability may lead to Reflected Cross-Sit...

Astra Linux - уязвимость в golang-1.19

Templates that contain actions within unquoted HTML attributes e.g., “attr=.” and are executed with an empty input can result in unexpected outputs when parsed due to HTML normalization rules. This may allow for the injection of arbitrary attributes into tags...

Linux Distros Unpatched Vulnerability : CVE-2026-5090

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Template::Plugin::HTML versions through 3.102 for Perl allows HTML and JavaScript to be injected. The htmlfilter function did not escape single quotes. HTML...

CryptPad 跨站脚本漏洞

CryptPad is an open-source collaboration suite developed by CryptPad. Versions of CryptPad prior to 2026.2.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from the HTML cleaner’s incomplete filtering of restricted tag attributes, allowing attackers to inject arbitrary...

DEBIAN-CVE-2026-5090

Template::Plugin::HTML versions through 3.102 for Perl allows HTML and JavaScript to be injected. The htmlfilter function did not escape single quotes. HTML attributes inside of single quotes could be have code injected. For example, the variable "var" in would not be properly escaped. An attacke...

CVE-2026-5090

Template::Plugin::HTML versions through 3.102 for Perl allows HTML and JavaScript to be injected. The htmlfilter function did not escape single quotes. HTML attributes inside of single quotes could be have code injected. For example, the variable "var" in would not be properly escaped. An attacke...

CVE-2026-5090 Template::Plugin::HTML versions through 3.102 for Perl allows HTML and JavaScript to be injected

Template::Plugin::HTML versions through 3.102 for Perl allows HTML and JavaScript to be injected. The htmlfilter function did not escape single quotes. HTML attributes inside of single quotes could be have code injected. For example, the variable "var" in would not be properly escaped. An attacke...

CVE-2026-5090

Template::Plugin::HTML versions through 3.102 for Perl allows HTML and JavaScript to be injected. The htmlfilter function did not escape single quotes. HTML attributes inside of single quotes could be have code injected. For example, the variable "var" in would not be properly escaped. An attacke...

CVE-2026-5090 Template::Plugin::HTML versions through 3.102 for Perl allows HTML and JavaScript to be injected

Template::Plugin::HTML versions through 3.102 for Perl allows HTML and JavaScript to be injected. The htmlfilter function did not escape single quotes. HTML attributes inside of single quotes could be have code injected. For example, the variable "var" in would not be properly escaped. An attacke...

CVE-2026-5090

The CVE concerns Template::Plugin::HTML for Perl, affecting versions up to and including 3.102. The root cause is that html_filter fails to escape single quotes, allowing HTML attributes delimited by single quotes to be injected with limited HTML/JavaScript. For example, in , a value like var = "...

CVE-2025-40904

A Stored HTML Injection vulnerability was discovered in the Smart Polling functionality due to improper validation of an input parameter. An authenticated user with limited privileges can push malicious remote strategies containing HTML tags through the sync. When a victim views the affected remo...

CVE-2025-40901

A Stored HTML Injection vulnerability was discovered in the Credentials Manager functionality due to improper validation of an input parameter. An authenticated user with administrative privileges can define a malicious identity containing HTML tags. When a victim attempts to delete the affected...