187 matches found
CVE-2026-22210 wpDiscuz before 7.6.47 - Cross-Site Scripting via Unescaped Attachment URLs
wpDiscuz before 7.6.47 contains a cross-site scripting vulnerability that allows attackers to inject malicious code through unescaped attachment URLs in HTML output by exploiting the WpdiscuzHelperUpload class. Attackers can craft malicious attachment records or filter hooks to inject arbitrary...
Cross-site Scripting (XSS)
Overview net.sourceforge.pmd:pmd-core is an extensible multilanguage static code analyzer. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the vbhtml or yahtml report formats, which include rule violation messages in HTML output, in renderFileViolations and...
CVE-2026-27746
The SPIP jeux plugin versions prior to 4.1.1 contain a reflected cross-site scripting XSS vulnerability in the prepropre pipeline. The plugin incorporates untrusted request parameters into HTML output without proper output encoding, allowing attackers to inject arbitrary script content into pages...
CVE-2026-27746
The SPIP jeux plugin versions prior to 4.1.1 contain a reflected cross-site scripting XSS vulnerability in the prepropre pipeline. The plugin incorporates untrusted request parameters into HTML output without proper output encoding, allowing attackers to inject arbitrary script content into pages...
CVE-2026-27746
The CVE-2026-27746 entry concerns the SPIP jeux plugin (versions prior to 4.1.1). Affected component: the pre_propre pipeline, where untrusted request parameters are inserted into HTML output without proper encoding. This results in a reflected XSS vulnerability: when a user visits a crafted URL,...
SPIP 安全漏洞
SPIP is an open-source software for creating Internet websites. Versions of SPIP prior to 4.1.1 contained security vulnerabilities. These vulnerabilities stemmed from the pre-proprietary pipeline, which combined untrusted request parameters into HTML output, potentially allowing for reflection-ty...
CVE-2026-1437
Reflected Cross-Site Scripting XSS vulnerability in the Graylog Web Interface console, version 2.2.3, caused by a lack of proper sanitization and escaping in HTML output. Several endpoints include segments of the URL directly in the response without applying output encoding, allowing an attacker ...
CVE-2026-1439
Reflected Cross-Site Scripting XSS vulnerability in the Graylog Web Interface console, version 2.2.3, caused by a lack of proper sanitization and escaping in HTML output. Several endpoints include segments of the URL directly in the response without applying output encoding, allowing an attacker ...
CVE-2026-1439
Reflected Cross-Site Scripting XSS vulnerability in the Graylog Web Interface console, version 2.2.3, caused by a lack of proper sanitization and escaping in HTML output. Several endpoints include segments of the URL directly in the response without applying output encoding, allowing an attacker ...
CVE-2026-1441
Reflected Cross-Site Scripting XSS vulnerability in the Graylog Web Interface console, version 2.2.3, caused by a lack of proper sanitization and escaping in HTML output. Several endpoints include segments of the URL directly in the response without applying output encoding, allowing an attacker ...
CVE-2026-1440
The CVE-2026-1440 entry concerns the Graylog Web Interface console (version 2.2.3) with a Reflected XSS flaw caused by insufficient sanitization/escaping of HTML output. Several endpoints include URL segments directly in responses without proper encoding, enabling an attacker to inject and execut...
CVE-2026-1437
Graylog Web Interface console 2.2.3 contains a reflected XSS flaw due to insufficient sanitization/escaping of HTML output. Several endpoints may echo parts of the URL in responses, enabling arbitrary JavaScript execution when a user visits a crafted URL. The vulnerability could allow script exec...
PT-2026-20394
Reflected Cross-Site Scripting XSS vulnerability in the Graylog Web Interface console, version 2.2.3, caused by a lack of proper sanitization and escaping in HTML output. Several endpoints include segments of the URL directly in the response without applying output encoding, allowing an attacker ...
CVE-2026-1592
Foxit PDF Editor Cloud pdfonline contains a stored cross-site scripting vulnerability in the Create New Layer feature. Unsanitized user input is embedded into the HTML output, allowing arbitrary JavaScript execution when the layer is referenced. This issue affects pdfonline.foxit.com: before...
CVE-2025-67481 mw.message(…).parse() doesn't output safe HTML, but it's being used as if it does
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.JqueryMsg/mediawiki.JqueryMsg.Js. This issue affects MediaWiki: from before 1.39.1...
PT-2026-6048
Name of the Vulnerable Software and Affected Versions Foxit PDF Editor Cloud pdfonline versions prior to 2026-02-03 Description Foxit PDF Editor Cloud pdfonline has a stored cross-site scripting issue in the Create New Layer feature. The application embeds unsanitized user input into the HTML...
CVE-2025-21621
GeoServer is an open source server that allows users to share and edit geospatial data. Prior to version 2.25.0, a reflected cross-site scripting XSS vulnerability exists in the WMS GetFeatureInfo HTML output format that enables a remote attacker to execute arbitrary JavaScript code in a victim's...
GHSA-W66H-J855-QR72 GeoServer has a Reflected Cross-Site Scripting (XSS) vulnerability in its WMS GetFeatureInfo HTML format
Summary A reflected cross-site scripting XSS vulnerability exists in the WMS GetFeatureInfo HTML output format that enables a remote attacker to execute arbitrary JavaScript code in a victim's browser through specially crafted SLDBODY parameters. Details The WMS service setting that controls HTML...
PT-2025-48090
GeoServer is an open source server that allows users to share and edit geospatial data. Prior to version 2.25.0, a reflected cross-site scripting XSS vulnerability exists in the WMS GetFeatureInfo HTML output format that enables a remote attacker to execute arbitrary JavaScript code in a victim's...
GeoServer 跨站脚本漏洞
GeoServer is GeoServer open source an open source software server written in Java. It allows users to share and edit geospatial data. A cross-site scripting vulnerability exists in GeoServer versions prior to 2.25.0, which stems from the presence of reflective cross-site scripting in the WMS...