CVE-2026-8012

Inappropriate implementation in MHTML in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Low...

Cross-site Scripting (XSS)

Overview ip-address is an A library for parsing IPv4 and IPv6 IP addresses in node and the browser. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the group, link, and spanAll functions, as well as the parseMessage field of thrown errors. An attacker can execute...

Cross-site Scripting (XSS)

Overview org.webjars.npm:ip-address is an A library for parsing IPv4 and IPv6 IP addresses in node and the browser. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the group, link, and spanAll functions, as well as the parseMessage field of thrown errors. An...

PT-2026-37247

Name of the Vulnerable Software and Affected Versions LobeHub versions prior to 2.1.48 Description A stored cross-site scripting XSS issue exists in the message rendering mechanism. When processing custom tags in the src/features/Portal/Artifacts/Body/Renderer/index.tsx render process, the softwa...

PT-2026-35065

Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.6.5 Description SiYuan desktop renders notification messages as raw HTML within an Electron renderer. The API endpoint '/api/notification/pushMsg' accepts a user-controlled msg value, which is forwarded through the...

CVE-2026-40472

In hackage-server, user-controlled metadata from .cabal files are rendered into HTML href attributes without proper sanitization, enabling stored Cross-Site Scripting XSS attacks...

CVE-2026-3673

An authenticated attacker can store a crafted tag value in usertags and trigger JavaScript execution when a victim opens the list/report view where tags are rendered. The vulnerable renderer interpolates tag content into HTML attributes and element content without escaping. This issue affects...

CVE-2026-3673

An authenticated attacker can store a crafted tag value in usertags and trigger JavaScript execution when a victim opens the list/report view where tags are rendered. The vulnerable renderer interpolates tag content into HTML attributes and element content without escaping. This issue affects...

PT-2026-33923

Reflected Cross-Site Scripting XSS vulnerability in Navigate Content Management System. The vulnerability is present in the '/blog' endpoint because user input is not properly sanitized through designed query parameters. This results in unsafe HTML rendering, which could allow a remote attacker t...

EUVD-2026-23513

Stirling-PDF is a locally hosted web application that facilitates various operations on PDF files. In versions prior to 2.0.0, file upload endpoints render user-supplied filenames directly into HTML using unsafe methods like innerHTML without sanitization. An attacker can craft a file with a...

GHSA-6F54-QJVM-WWQ3 wger has Stored XSS via Unescaped License Attribution Fields

Stored XSS via Unescaped License Attribution Fields Summary The AbstractLicenseModel.attributionlink property in wger/utils/models.py constructs HTML strings by directly interpolating user-controlled fields licenseauthor, licensetitle, licenseobjecturl, licenseauthorurl, licensederivativesourceur...

PraisonAI Vulnerable to Stored XSS via Unsanitized Agent Output in HTML Rendering (nh3 Not a Required Dependency)

Summary The Flask API endpoint in src/praisonai/api.py renders agent output as HTML without effective sanitization. The sanitizehtml function relies on the nh3 library, which is not listed as a required or optional dependency in pyproject.toml. When nh3 is absent the default installation, the...

CVE-2026-40112 PraisonAI has Stored XSS via Unsanitized Agent Output in HTML Rendering (nh3 Not a Required Dependency)

PraisonAI is a multi-agent teams system. Prior to 4.5.128, the Flask API endpoint in src/praisonai/api.py renders agent output as HTML without effective sanitization. The sanitizehtml function relies on the nh3 library, which is not listed as a required or optional dependency in pyproject.toml...

CVE-2026-40112

PraisonAI (multi-agent system) is affected by a Stored XSS in the Flask API before version 4.5.128. The /src/praisonai/api.py endpoint renders agent output as HTML using a _sanitize_html routine that relies on the nh3 library, which is not declared as a required/optional dependency in pyproject.t...

PraisonAI 跨站脚本漏洞

PraisonAI is a low-code multi-agent collaboration framework developed by Mervin Praison. Versions of PraisonAI prior to 4.5.128 contained a cross-site scripting vulnerability. This vulnerability stemmed from Flask API endpoints rendering HTML, where cleanup operations were ineffective, allowing...

CI4MS has stored XSS in Pages Content Due to Missing html_purify Sanitization

Summary The Pages module does not apply the htmlpurify validation rule to content fields during create and update operations, while the Blog module does. Page content is stored unsanitized in the database and rendered as raw HTML on the public frontend via echo $pageInfo-content. An authenticated...

PT-2026-31431

immich is a high performance self-hosted photo and video management solution. Prior to 2.7.0, sStored Cross-Site Scripting XSS in the 360° panorama viewer allows any authenticated user to execute arbitrary JavaScript in the browser of any other user who views the malicious panorama with the OCR...

CVE-2026-33664 Kestra Vulnerable to Stored Cross-Site Scripting via Flow YAML Fields

Kestra is an open-source, event-driven orchestration platform Versions up to and including 1.3.3 render user-supplied flow YAML metadata fields — description, inputs.displayName, inputs.description — through the Markdown.vue component instantiated with html: true. The resulting HTML is injected...

n8n Vulnerable to XSS via Binary Data Inline HTML Rendering

Impact An authenticated user with permission to create or modify workflows could craft a workflow that produces an HTML binary data object without a filename. The /rest/binary-data endpoint served such responses inline on the n8n origin without Content-Disposition or Content-Security-Policy...

PT-2026-28508

Name of the Vulnerable Software and Affected Versions Kestra versions up to and including 1.3.3 Description Kestra is an open-source, event-driven orchestration platform. Versions up to and including 1.3.3 render user-supplied flow YAML metadata fields – description, inputs.displayName,...