Wagtail has improper permission handling when viewing page history

Impact A CMS user without the ability to edit a page could still access the history report for the page, potentially resulting in disclosure of sensitive information. Patches Patched versions have been released as Wagtail 7.0.7 and 7.3.2. The new 7.4 LTS feature release also incorporates this fix...

EUVD-2026-22282

FacturaScripts has Stored Cross-Site Scripting XSS in "Observations" field via History View...

CVE-2026-23997

FacturaScripts is open-source enterprise resource planning and accounting software. In 2025.71 and earlier, a Stored Cross-Site Scripting XSS vulnerability was discovered in the Observations field. The flaw occurs in the History view, where historical data is rendered without proper HTML entity...

CVE-2026-23997

FacturaScripts is open-source enterprise resource planning and accounting software. In 2025.71 and earlier, a Stored Cross-Site Scripting XSS vulnerability was discovered in the Observations field. The flaw occurs in the History view, where historical data is rendered without proper HTML entity...

CVE-2026-23997

FacturaScripts is open-source enterprise resource planning and accounting software. In 2025.71 and earlier, a Stored Cross-Site Scripting XSS vulnerability was discovered in the Observations field. The flaw occurs in the History view, where historical data is rendered without proper HTML entity...

CVE-2026-23997 FacturaScripts has a Stored Cross-Site Scripting (XSS) in "Observations" field via History View

FacturaScripts is open-source enterprise resource planning and accounting software. In 2025.71 and earlier, a Stored Cross-Site Scripting XSS vulnerability was discovered in the Observations field. The flaw occurs in the History view, where historical data is rendered without proper HTML entity...

CVE-2026-23997 FacturaScripts has a Stored Cross-Site Scripting (XSS) in "Observations" field via History View

FacturaScripts is open-source enterprise resource planning and accounting software. In 2025.71 and earlier, a Stored Cross-Site Scripting XSS vulnerability was discovered in the Observations field. The flaw occurs in the History view, where historical data is rendered without proper HTML entity...

CVE-2026-23997 FacturaScripts has a Stored Cross-Site Scripting (XSS) in "Observations" field via History View

FacturaScripts is open-source enterprise resource planning and accounting software. In 2025.71 and earlier, a Stored Cross-Site Scripting XSS vulnerability was discovered in the Observations field. The flaw occurs in the History view, where historical data is rendered without proper HTML entity...

CVE-2026-23997

CVE-2026-23997 : FacturaScripts has a Stored Cross-Site Scripting (XSS) in the Observations field via the History view. In affected versions (2025.71 and earlier), data rendered in History is not HTML-encoded, allowing an attacker with note-editing permissions to inject JavaScript that executes i...

GHSA-4V7V-7V7R-3R5H FacturaScripts has Stored Cross-Site Scripting (XSS) in "Observations" field via History View

Summary A Stored Cross-Site Scripting XSS vulnerability was discovered in the Observations field. The flaw occurs in the History view, where historical data is rendered without proper HTML entity encoding. This allows an attacker to execute arbitrary JavaScript in the browser of viewing the histo...

FacturaScripts has Stored Cross-Site Scripting (XSS) in "Observations" field via History View

Summary A Stored Cross-Site Scripting XSS vulnerability was discovered in the Observations field. The flaw occurs in the History view, where historical data is rendered without proper HTML entity encoding. This allows an attacker to execute arbitrary JavaScript in the browser of viewing the histo...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the Observations field in the History view. An attacker can execute arbitrary JavaScript code in the context of an administrator's browser session by injecting malicious scripts into the Observations field,...

PT-2026-5714

Name of the Vulnerable Software and Affected Versions FacturaScripts versions 2025.71 and earlier Description FacturaScripts software contains a Stored Cross-Site Scripting XSS flaw within the Observations field in the History view. The application fails to properly encode HTML entities when...

FacturaScripts 跨站脚本漏洞

FacturaScripts is an open-source ERP software developed by Carlos Garcia, a Spanish developer. Versions of FacturaScripts prior to 2025.71 contained a cross-site scripting vulnerability. This vulnerability occurred due to improper HTML entity encoding during the rendering of historical data in th...

EUVD-2013-0004

Malware in sbrugna...

EUVD-2025-16050

Malicious code in bioql PyPI...

EUVD-2025-13593

Malicious code in bioql PyPI...

rhel-lightspeed: Improper Access Control in Lightspeed History Management Allows Local Privilege Manipulation

A flaw was found in the Lightspeed history service. Insufficient access controls allow a local, unprivileged user to access and manipulate the chat history of another user on the same system. By abusing inter-process communication calls to the history service, an attacker can view, delete, or...

CVE-2025-48064

GitHub Desktop is an open-source, Electron-based GitHub app designed for git development. Prior to version 3.4.20-beta3, an attacker convincing a user to view a file in a commit of their making in the history view can cause information disclosure by means of Git attempting to access a network...

CVE-2025-48064 GitHub Desktop vulnerable to maliciously crafted file renames leading to information disclosure

GitHub Desktop is an open-source, Electron-based GitHub app designed for git development. Prior to version 3.4.20-beta3, an attacker convincing a user to view a file in a commit of their making in the history view can cause information disclosure by means of Git attempting to access a network...