15775 matches found
Import Export Tools NG security vulnerabilities
Import Export Tools NG is an open-source import and export tool developed by thundernest. Version 10.0.4 of Import Export Tools NG contains a security vulnerability. This vulnerability stems from a persistent HTML injection issue in the email export module, which could allow remote attackers to...
WordPress plugin Kunze Law 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress Kunze Law plugin, which originates from obtaining HTML content from a remote server and injecting it into a page...
CVE-2026-22813
OpenCode is an open source AI coding agent. The markdown renderer used for LLM responses will insert arbitrary HTML into the DOM. There is no sanitization with DOMPurify or even a CSP on the web interface to prevent JavaScript execution via HTML injection. This means controlling the LLM response...
Security Bulletin: Security vulnerabilities have been found in IBM Application Gateway (CVE-2024-26458, CVE-2025-3576, CVE-2025-36397, CVE-2025-36396)
Summary Security vulnerabilities have been addressed in IBM Application Gateway. Vulnerability Details CVEID:CVE-2024-26458 DESCRIPTION: Kerberos 5 aka krb5 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmaprmt.c. CWE:CWE-401: Missing Release of Memory after Effective Lifetime CVSS Source: I...
CVE-2026-22813
OpenCode is an open source AI coding agent. The markdown renderer used for LLM responses will insert arbitrary HTML into the DOM. There is no sanitization with DOMPurify or even a CSP on the web interface to prevent JavaScript execution via HTML injection. This means controlling the LLM response...
CVE-2026-22813 Malicious website can execute commands on the local system through XSS in the OpenCode web UI
OpenCode is an open source AI coding agent. The markdown renderer used for LLM responses will insert arbitrary HTML into the DOM. There is no sanitization with DOMPurify or even a CSP on the web interface to prevent JavaScript execution via HTML injection. This means controlling the LLM response...
CVE-2026-22813 Malicious website can execute commands on the local system through XSS in the OpenCode web UI
OpenCode is an open source AI coding agent. The markdown renderer used for LLM responses will insert arbitrary HTML into the DOM. There is no sanitization with DOMPurify or even a CSP on the web interface to prevent JavaScript execution via HTML injection. This means controlling the LLM response...
CVE-2026-22813
The CVE-2026-22813 issue affects OpenCode, where the markdown renderer for LLM responses does not sanitize HTML, allowing arbitrary HTML/JavaScript to run in the OpenCode web UI at http://localhost:4096. The root cause is lack of DOM sanitization and CSP, enabling XSS that can leverage the localh...
opencode 安全漏洞
opencode is an AI programming intelligence open-sourced by Anomaly. A security vulnerability exists in versions prior to opencode 1.1.10, which stems from the Markdown renderer not cleaning up the LLM response, and could lead to the execution of JavaScript via HTML injection...
CVE-2023-25364
Opswat Metadefender Core before 5.2.1 does not properly defend against potential HTML injection and XSS attacks...
CVE-2023-29637
Cross Site Scripting XSS vulnerability in Qbian61 forum-java, allows attackers to inject arbitrary web script or HTML via editing the article content in the "article editor" page...
CVE-2023-50566
A stored cross-site scripting XSS vulnerability in EyouCMS-V1.6.5-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Public Security Registration Number parameter...
CVE-2023-49977
A cross-site scripting XSS vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the address parameter at /customersupport/index.php?page=newcustomer...
CVE-2023-31434
The parameters nutzertitel, nutzervn, and nutzernn in the user profile, and langID and ONLINEID in direct links, in evasys before 8.2 Build 2286 and 9.x before 9.0 Build 2401 do not validate input, which allows authenticated attackers to inject HTML Code and XSS payloads in multiple locations...
CVE-2023-4109
The Ninja Forms WordPress Ninja Forms Contact Form WordPress plugin before 3.6.26 was affected by a HTML Injection security vulnerability...
CVE-2023-40817
OpenCRX version 5.2.0 is vulnerable to HTML injection via the Product Configuration Name Field...
CVE-2023-40819
ID4Portais in version V.2022.837.002a returns message parameter unsanitized in the response, resulting in a HTML Injection vulnerability...
CVE-2023-40815
OpenCRX version 5.2.0 is vulnerable to HTML injection via the Category Creation Name Field...
CVE-2023-40812
OpenCRX version 5.2.0 is vulnerable to HTML injection via the Accounts Group Name Field...
CVE-2023-40816
OpenCRX version 5.2.0 is vulnerable to HTML injection via Activity Milestone Name Field...