Roundcube Webmail 跨站脚本漏洞

Roundcube Webmail is a browser-based open source IMAP client from Roundcube Open Source, which supports address book management, message searching, spell checking and more. A cross-site scripting vulnerability exists in Roundcube Webmail versions prior to 1.6.16 and prior to 1.7, which stems from...

Discourse cross-site scripting vulnerability (CNVD-2026-17264)

Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from a cross-site scripting vulnerability that stems from the onebox method in the SharedAiConversation model rendering...

Dependency-Track Front-End 跨站脚本漏洞

Dependency-Track Front-End is a Dependency-Track open source front-end UI for dependency tracking. A cross-site scripting vulnerability exists in Dependency-Track Front-End versions 4.12.0 through prior to 4.13.6, which stems from improper HTML cleanup and could lead to arbitrary JavaScript...

Emlog Pro 安全漏洞

Emlog Pro is a blogging system from Emlog Open Source. A security vulnerability exists in Emlog Pro version 2.5.19, which stems from an email template configuration component that does not properly clean up its HTML code and could lead to a stored cross-site scripting attack...

Malicious code in raptor-html-cleanup-transform (npm)

The package raptor-html-cleanup-transform was found to contain malicious code...

Zimbra Collaboration 安全漏洞

Zimbra Collaboration is an open source enterprise email and collaboration platform from Zimbra that supports email, calendar, document management and team collaboration features. A security vulnerability exists in Zimbra Collaboration versions 8.8.15, 9.0, 10.0, and 10.1, which is caused by a...

CVE-2024-45800

Snappymail is an open source web-based email client. SnappyMail uses the cleanHtml function to cleanup HTML and CSS in emails. Research discovered that the function has a few bugs which cause an mXSS exploit. Because the function allowed too many invalid HTML elements, it was possible with...

Zimbra Collaboration 安全漏洞

Zimbra Collaboration is an open source enterprise-class email and collaboration platform from Zimbra, Inc. that supports email, calendaring, document management, and team collaboration features. A security vulnerability exists in Zimbra Collaboration that stems from insufficient HTML content...

marp-core 跨站脚本漏洞

marp-core is a Marp open source core for a Marp converter. A cross-site scripting vulnerability exists in marp-core versions v3.0.2 through v3.9.0 and v4.0.0, which stems from improper neutralization of HTML cleanup and is vulnerable to cross-site scripting attacks...

JetBrains YouTrack Cross-Site Scripting Vulnerability (CNVD-2025-16702)

JetBrains YouTrack is a project management tool, developed by JetBrains, supporting cloud hosting and local deployment, providing task management, team collaboration, time tracking and other features for software development, human resources and other scenarios. JetBrains YouTrack suffers from a...

JetBrains YouTrack Cross-Site Scripting Vulnerability (CNVD-2025-16703)

JetBrains YouTrack is a project management tool, developed by JetBrains, supporting cloud hosting and local deployment, providing task management, team collaboration, time tracking and other features for software development, human resources and other scenarios. JetBrains YouTrack suffers from a...

JetBrains YouTrack 跨站脚本漏洞

JetBrains YouTrack is a project management tool, developed by JetBrains, supporting cloud hosting and local deployment, providing task management, team collaboration, time tracking and other features for software development, human resources and other scenarios. JetBrains YouTrack suffers from a...

insane 安全漏洞

insane is a streamlined and configurable whitelist-oriented HTML cleanup tool from the individual developer Nicolás Bevacqua. A security vulnerability exists in insane version 2.6.2 and prior versions, which stems from the presence of a regular expression denial of service vulnerability...

ROS-20241001-15

A vulnerability in the configuration implementation of the HTML cleanup tool for Rails Rails Rails Html Sanitizer applications is related to incorrect use of select and style elements when overriding allowed tags. Exploitation of the vulnerability could allow an attacker acting remotely to perfor...

ZITADEL Security Vulnerabilities

ZITADEL is a modern open source alternative to Auth0, Firebase Auth, AWS Cognito, and Keycloak built for the age of containers and serverless, open sourced by ZITADEL in Switzerland. ZITADEL suffers from a security vulnerability that stems from improper HTML cleanup that allows an attacker to...

Mastodon Cross-Site Scripting Vulnerability

Mastodon is an open source social network server based on ActivityPub. A cross-site scripting vulnerability exists in Mastodon versions prior to 3.5.14, prior to 4.0.10, prior to 4.1.8, and prior to 4.2.0-rc2, which stems from the fact that under certain circumstances, an attacker can abuse the...

RainLoop Webmail 跨站脚本漏洞

RainLoop Webmail is a web-based email client software. A cross-site scripting vulnerability exists in RainLoop Webmail 1.6.0 and earlier versions, which stems from a failure to properly clean up when processing HTML content, and can be exploited by an attacker to take control of a victim's sessio...

Open-Xchange OX App Suite 跨站脚本漏洞

Open-Xchange OX App Suite is an email and productivity suite client software from Open-Xchange, a German company. A cross-site scripting vulnerability exists in Open-Xchange OX App Suite versions 7.10.6 and below, which stems from the ability to bypass existing HTML file cleanup and filtering...

BookWyrm 跨站脚本漏洞

BookWyrm is a social reading platform. A cross-site scripting vulnerability exists in BookWyrm versions prior to 0.4.1, which stems from not properly cleaning up the html presented to the user, and is exploited by an attacker to perform cross-site scripting attacks...

Joplin Cross-Site Scripting Vulnerability (CNVD-2022-66492)

Joplin is an open source notes and to-do list application. versions prior to Joplin Desktop App 1.8.5 are vulnerable to a cross-site scripting vulnerability, which stems from improper html cleanup and can be exploited to execute arbitrary code...