185 matches found
CVE-2026-27746
The SPIP jeux plugin versions prior to 4.1.1 contain a reflected cross-site scripting XSS vulnerability in the prepropre pipeline. The plugin incorporates untrusted request parameters into HTML output without proper output encoding, allowing attackers to inject arbitrary script content into pages...
CVE-2026-27746
The SPIP jeux plugin versions prior to 4.1.1 contain a reflected cross-site scripting XSS vulnerability in the prepropre pipeline. The plugin incorporates untrusted request parameters into HTML output without proper output encoding, allowing attackers to inject arbitrary script content into pages...
CVE-2026-27746
The CVE-2026-27746 entry concerns the SPIP jeux plugin (versions prior to 4.1.1). Affected component: the pre_propre pipeline, where untrusted request parameters are inserted into HTML output without proper encoding. This results in a reflected XSS vulnerability: when a user visits a crafted URL,...
SPIP 安全漏洞
SPIP is an open-source software for creating Internet websites. Versions of SPIP prior to 4.1.1 contained security vulnerabilities. These vulnerabilities stemmed from the pre-proprietary pipeline, which combined untrusted request parameters into HTML output, potentially allowing for reflection-ty...
CVE-2026-1437
Reflected Cross-Site Scripting XSS vulnerability in the Graylog Web Interface console, version 2.2.3, caused by a lack of proper sanitization and escaping in HTML output. Several endpoints include segments of the URL directly in the response without applying output encoding, allowing an attacker ...
CVE-2026-1439
Reflected Cross-Site Scripting XSS vulnerability in the Graylog Web Interface console, version 2.2.3, caused by a lack of proper sanitization and escaping in HTML output. Several endpoints include segments of the URL directly in the response without applying output encoding, allowing an attacker ...
CVE-2026-1441
Reflected Cross-Site Scripting XSS vulnerability in the Graylog Web Interface console, version 2.2.3, caused by a lack of proper sanitization and escaping in HTML output. Several endpoints include segments of the URL directly in the response without applying output encoding, allowing an attacker ...
CVE-2026-1439
Reflected Cross-Site Scripting XSS vulnerability in the Graylog Web Interface console, version 2.2.3, caused by a lack of proper sanitization and escaping in HTML output. Several endpoints include segments of the URL directly in the response without applying output encoding, allowing an attacker ...
CVE-2026-1440
The CVE-2026-1440 entry concerns the Graylog Web Interface console (version 2.2.3) with a Reflected XSS flaw caused by insufficient sanitization/escaping of HTML output. Several endpoints include URL segments directly in responses without proper encoding, enabling an attacker to inject and execut...
CVE-2026-1437
Graylog Web Interface console 2.2.3 contains a reflected XSS flaw due to insufficient sanitization/escaping of HTML output. Several endpoints may echo parts of the URL in responses, enabling arbitrary JavaScript execution when a user visits a crafted URL. The vulnerability could allow script exec...
PT-2026-20394
Reflected Cross-Site Scripting XSS vulnerability in the Graylog Web Interface console, version 2.2.3, caused by a lack of proper sanitization and escaping in HTML output. Several endpoints include segments of the URL directly in the response without applying output encoding, allowing an attacker ...
CVE-2026-1592
Foxit PDF Editor Cloud pdfonline contains a stored cross-site scripting vulnerability in the Create New Layer feature. Unsanitized user input is embedded into the HTML output, allowing arbitrary JavaScript execution when the layer is referenced. This issue affects pdfonline.foxit.com: before...
CVE-2025-67481 mw.message(…).parse() doesn't output safe HTML, but it's being used as if it does
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.JqueryMsg/mediawiki.JqueryMsg.Js. This issue affects MediaWiki: from before 1.39.1...
PT-2026-6048
Name of the Vulnerable Software and Affected Versions Foxit PDF Editor Cloud pdfonline versions prior to 2026-02-03 Description Foxit PDF Editor Cloud pdfonline has a stored cross-site scripting issue in the Create New Layer feature. The application embeds unsanitized user input into the HTML...
CVE-2025-21621
GeoServer is an open source server that allows users to share and edit geospatial data. Prior to version 2.25.0, a reflected cross-site scripting XSS vulnerability exists in the WMS GetFeatureInfo HTML output format that enables a remote attacker to execute arbitrary JavaScript code in a victim's...
GHSA-W66H-J855-QR72 GeoServer has a Reflected Cross-Site Scripting (XSS) vulnerability in its WMS GetFeatureInfo HTML format
Summary A reflected cross-site scripting XSS vulnerability exists in the WMS GetFeatureInfo HTML output format that enables a remote attacker to execute arbitrary JavaScript code in a victim's browser through specially crafted SLDBODY parameters. Details The WMS service setting that controls HTML...
PT-2025-48090
GeoServer is an open source server that allows users to share and edit geospatial data. Prior to version 2.25.0, a reflected cross-site scripting XSS vulnerability exists in the WMS GetFeatureInfo HTML output format that enables a remote attacker to execute arbitrary JavaScript code in a victim's...
GeoServer 跨站脚本漏洞
GeoServer is GeoServer open source an open source software server written in Java. It allows users to share and edit geospatial data. A cross-site scripting vulnerability exists in GeoServer versions prior to 2.25.0, which stems from the presence of reflective cross-site scripting in the WMS...
GHSA-H369-CPJJ-QFFF phppgadmin vulnerable to Cross-site Scripting
phpPgAdmin versions 7.13.0 and earlier contain multiple cross-site scripting XSS vulnerabilities across various components. User-supplied inputs from $REQUEST parameters are reflected in HTML output without proper encoding or sanitization in multiple locations including sequences.php, indexes.php...
phppgadmin vulnerable to Cross-site Scripting
phpPgAdmin versions 7.13.0 and earlier contain multiple cross-site scripting XSS vulnerabilities across various components. User-supplied inputs from $REQUEST parameters are reflected in HTML output without proper encoding or sanitization in multiple locations including sequences.php, indexes.php...