Cross-Site Scripting (XSS)

getgrav/grav is vulnerable to Reflected Cross-Site Scripting XSS. The vulnerability is due to improper input validation in the /admin/pages/page endpoint, which allows an attacker to inject malicious scripts via the dataheadercontentitems parameter...

CVE-2025-66309

This admin plugin for Grav is an HTML user interface that provides a convenient way to configure Grav and easily create and modify pages. Prior to 1.11.0-beta.1, a Reflected Cross-Site Scripting XSS vulnerability was identified in the /admin/pages/page endpoint of the Grav application. This...

GHSA-65MJ-F7P4-WGGQ Grav is vulnerable to Cross-Site Scripting (XSS) Reflected endpoint /admin/pages/[page], parameter data[header][content][items], located in the "Blog Config" tab

Summary A Reflected Cross-Site Scripting XSS vulnerability was identified in the /admin/pages/page endpoint of the Grav application. This vulnerability allows attackers to inject malicious scripts into the dataheadercontentitems parameter. --- Details Vulnerable Endpoint: GET /admin/pages/page...

CVE-2025-66309 Grav vulnerable to Cross-Site Scripting (XSS) Reflected endpoint /admin/pages/[page], parameter data[header][content][items], located in the "Blog Config" tab

This admin plugin for Grav is an HTML user interface that provides a convenient way to configure Grav and easily create and modify pages. Prior to 1.11.0-beta.1, a Reflected Cross-Site Scripting XSS vulnerability was identified in the /admin/pages/page endpoint of the Grav application. This...

CVE-2025-66309 Grav vulnerable to Cross-Site Scripting (XSS) Reflected endpoint /admin/pages/[page], parameter data[header][content][items], located in the "Blog Config" tab

This admin plugin for Grav is an HTML user interface that provides a convenient way to configure Grav and easily create and modify pages. Prior to 1.11.0-beta.1, a Reflected Cross-Site Scripting XSS vulnerability was identified in the /admin/pages/page endpoint of the Grav application. This...

CVE-2025-66309

Grav admin plugin (admin/pages/[page]) is affected by a Reflected XSS in the data[header][content][items] parameter of GET /admin/pages/[page]. The issue stems from insufficient input validation/sanitization and is fixed in Grav 1.11.0-beta.1. Multiple sources describe the vulnerability and inclu...

EUVD-2022-6435

Malicious code in bioql PyPI...

Security Bulletin: IBM i is vulnerable to a host header injection attack due to improper neutralization of HTTP header content by IBM Navigator for i [CVE-2025-2950].

Summary IBM i is vulnerable to a host header injection attack caused by improper neutralization of HTTP header content by IBM Navigator for i as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerabilities as described in the...

CVE-2024-23308

When a BIG-IP Advanced WAF or BIG-IP ASM policy with a Request Body Handling option is attached to a virtual server, undisclosed requests can cause the BD process to terminate. The condition results from setting the Request Body Handling option in the Header-Based Content Profile for an Allowed U...

CVE-2023-6953

The PDF Generator For Fluent Forms – The Contact Form Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the header, PDF body and footer content parameters in all versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping. This makes ...

SUSE CVE-2023-40167

Jetty is a Java based web server and servlet engine. Prior to versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1, Jetty accepts the + character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests...

Cross-site Scripting (XSS)

Overview markdown-it-toc is an Adds syntax for an automatically generated table of contents to markdown-it markdown parser. Affected versions of this package are vulnerable to Cross-site Scripting XSS. The title of the generated toc and the contents of the header are not escaped. PoC // XSS from...

Mail.ru: Web Cache Poisoning

Reverse proxy cache poisoning via host header content could lead to stored XSS in uxui.geekbrains.ru...