128 matches found
EUVD-2026-41433
Forgejo before 15.0.3 contains a stored cross-site scripting vulnerability that allows authenticated attackers to execute arbitrary JavaScript in other users' browsers by setting a full name containing an HTML payload and triggering an Actions run. When the DEFAULTSHOWFULLNAME option is enabled,...
PT-2026-55302
Name of the Vulnerable Software and Affected Versions Forgejo versions prior to 15.0.3 Description Authenticated attackers can execute arbitrary JavaScript in the browsers of other users. This occurs when the DEFAULT SHOW FULL NAME option is enabled and an attacker sets a full name containing an...
EUVD-2026-40945
In Open VSX Registry before 1.0.2, the /vscode/unpkg/ endpoint serves user-supplied HTML files with Content-Type: text/html and without a Content-Security-Policy or Content-Disposition: attachment response header. An unauthenticated attacker can register a publisher account, upload a VSIX...
CVE-2026-13323
In Open VSX Registry before 1.0.2, the /vscode/unpkg/ endpoint serves user-supplied HTML files with Content-Type: text/html and without a Content-Security-Policy or Content-Disposition: attachment response header. An unauthenticated attacker can register a publisher account, upload a VSIX...
PT-2026-54628
Name of the Vulnerable Software and Affected Versions Open VSX Registry versions prior to 1.0.2 Description The '/vscode/unpkg/' endpoint serves user-supplied HTML files with a text/html Content-Type and lacks a Content-Security-Policy or Content-Disposition: attachment response header. This allo...
CVE-2026-52807
Gogs is an open source self-hosted Git service. Prior to 0.14.3, in newform.tmpl, milestone names are rendered with Go's default auto-escaping .Name, which converts to etc. This prevents direct HTML injection. However, when the browser renders the DOM, the text content of the element contains the...
CVE-2026-44727
Jupyter Server (prior to 2.20) is affected by a stored XSS in the nbconvert HTML export path. The nbconvert HTTP handlers NbconvertFileHandler and NbconvertPostHandler render notebook HTML under the Jupyter origin without a sandbox directive in Content-Security-Policy, and NbconvertHTMLExporter’s...
CVE-2026-56395 SiYuan - Remote Code Execution via Malicious Bazaar Package Metadata and README
SiYuan before v3.6.1 fails to sanitize package metadata and README content in the Bazaar marketplace, allowing malicious package authors to inject arbitrary HTML and JavaScript. Attackers can achieve remote code execution on any user browsing the Bazaar by embedding XSS payloads in package...
CVE-2026-4344
A maliciously crafted HTML payload in a component name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read loc...
CVE-2026-44482
soundcloud-rpc is a SoundCloud Client with Discord Rich Presence, Dark Mode, Last.fm and AdBlock support. Prior to 0.1.8, a track title containing an HTML payload executed locally in the Electron app. This means attacker-controlled SoundCloud track metadata can lead to local command execution on...
CVE-2026-41552
PDF Export Module used in DHTMLX’s Gantt and Scheduler is vulnerable to path traversal due to insufficient HTML sanitization. An unauthenticated user could craft a payload that references local server files and renders them in the generated PDF. The issue is fixed in PDF Export Module version 0.7...
CVE-2026-44482
soundcloud-rpc is a SoundCloud Client with Discord Rich Presence, Dark Mode, Last.fm and AdBlock support. Prior to 0.1.8, a track title containing an HTML payload executed locally in the Electron app. This means attacker-controlled SoundCloud track metadata can lead to local command execution on...
EUVD-2026-30300
soundcloud-rpc is a SoundCloud Client with Discord Rich Presence, Dark Mode, Last.fm and AdBlock support. Prior to 0.1.8, a track title containing an HTML payload executed locally in the Electron app. This means attacker-controlled SoundCloud track metadata can lead to local command execution on...
WWBN AVideo has Stored XSS via Unanchored Duration Regex in Video Encoder Receiver
Summary The isValidDuration regex at objects/video.php:918 uses /^0-91,2:0-91,2:0-91,2/ without a $ end anchor, allowing arbitrary HTML/JavaScript to be appended after a valid duration prefix. The crafted duration is stored in the database and rendered without HTML escaping via echo...
EUVD-2026-22276
A maliciously crafted HTML payload in an assembly variant name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to...
CVE-2026-4344
A maliciously crafted HTML payload in a component name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read loc...
CVE-2026-4345
A maliciously crafted HTML payload, stored in a design name and exported to CSV, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context o...
PT-2026-32645
A maliciously crafted HTML payload, stored in a design name and exported to CSV, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context o...
CVE-2026-35218
Budibase is an open-source low-code platform. Prior to version 3.32.5, Budibase's Builder Command Palette renders entity names tables, views, queries, automations using Svelte's @html directive without any sanitization. An authenticated user with Builder access can create a table, automation, vie...
CVE-2026-35218
Budibase is an open-source low-code platform. Prior to version 3.32.5, Budibase's Builder Command Palette renders entity names tables, views, queries, automations using Svelte's @html directive without any sanitization. An authenticated user with Builder access can create a table, automation, vie...