Lucene search
K

424 matches found

Positive Technologies
Positive Technologies
added 2026/05/15 12:0 a.m.10 views

PT-2026-41392

Name of the Vulnerable Software and Affected Versions Weblate versions prior to 2026.5 Description The live search preview renders the source and context variables as HTML without proper escaping. This allows a contributor to store HTML and CSS that executes within the authenticated editor of any...

4.6CVSS5.5AI score0.00208EPSS
Exploits0References10
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.10 views

Open WebUI 跨站脚本漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI that is open source. Versions of Open WebUI prior to 0.9.3 had a cross-site scripting vulnerability. This vulnerability stemmed from the XLSX.utils.sheettohtml function, which was rendered using @html excelHtml without...

5.4CVSS5.6AI score0.00209EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/05/14 8:18 p.m.13 views

Open WebUI has stored XSS via unsanitized Office/Excel/DOCX file preview rendering ({@html} without DOMPurify)

Related advisory This advisory tracks a regression of the original Excel-preview XSS that was publicly disclosed and patched under GHSA-jwf8-pv5p-vhmc patched in v0.8.0. The same root cause — XLSX.utils.sheettohtml output rendered via @html excelHtml without DOMPurify — was reintroduced sometime...

5.4CVSS5.8AI score0.00209EPSS
Exploits1References5Affected Software1
Snyk
Snyk
added 2026/05/14 8:18 p.m.8 views

Cross-site Scripting (XSS)

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Cross-site Scripting XSS in the rendering of user-uploaded Office files as HTML using the Svelte @html directive without proper sanitization. An attacker can execute arbitrary JavaScript in the context of oth...

5.4CVSS5.8AI score0.00209EPSS
Exploits1References2
OSV
OSV
added 2026/05/14 8:18 p.m.6 views

GHSA-HCWP-82G6-8WXC Open WebUI has stored XSS via unsanitized Office/Excel/DOCX file preview rendering ({@html} without DOMPurify)

Related advisory This advisory tracks a regression of the original Excel-preview XSS that was publicly disclosed and patched under GHSA-jwf8-pv5p-vhmc patched in v0.8.0. The same root cause — XLSX.utils.sheettohtml output rendered via @html excelHtml without DOMPurify — was reintroduced sometime...

5.4CVSS5.8AI score0.00209EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2026/05/14 8:16 p.m.12 views

Open WebUI has stored XSS via the HTML renedering view

Summary Through the HTML rendering view, scripts can be injected and executed. The finding resulted from a penetration test for a customer. It is suspected that the root cause of the issue lies within the core of Open WebUI, which is why it is being reported as a security issue here. Tested on Op...

7.7CVSS6AI score0.00217EPSS
Exploits1References3Affected Software1
Snyk
Snyk
added 2026/05/14 8:16 p.m.11 views

Cross-site Scripting (XSS)

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Cross-site Scripting XSS via the HTML rendering view. An attacker can execute arbitrary HTML or JavaScript in the user's context by injecting malicious scripts into embedded file in the chat that later shared...

9.3CVSS5.9AI score0.00217EPSS
Exploits1References2
OSV
OSV
added 2026/05/14 8:16 p.m.7 views

GHSA-4VRC-M9CH-6M3R Open WebUI has stored XSS via the HTML renedering view

Summary Through the HTML rendering view, scripts can be injected and executed. The finding resulted from a penetration test for a customer. It is suspected that the root cause of the issue lies within the core of Open WebUI, which is why it is being reported as a security issue here. Tested on Op...

7.7CVSS6AI score0.00217EPSS
Exploits1References3
CVE
CVE
added 2026/05/14 3:39 p.m.18 views

CVE-2026-42159

CVE-2026-42159 affects Flowsint, an open-source OSINT graph exploration tool. A remote attacker can create a node whose description contains arbitrary HTML; when selected, the node renders that HTML and may trigger stored XSS. The issue resides in sketches and their nodes/relationships where desc...

5.4CVSS6AI score0.00192EPSS
Exploits1References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/13 7:54 p.m.9 views

CVE-2026-45228

Quark Drive before 0.8.5 contains a stored cross-site scripting vulnerability in the System Configuration page where the template renders pushconfig key names using Vue.js's v-html directive without escaping. Authenticated attackers can inject HTML or JavaScript payloads as key names through the...

5.4CVSS5.8AI score0.00183EPSS
Exploits0References4
NVD
NVD
added 2026/05/06 7:16 p.m.8 views

CVE-2026-8012

Inappropriate implementation in MHTML in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Low...

5.4CVSS0.00139EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/05 9:50 p.m.14 views

Cross-site Scripting (XSS)

Overview ip-address is an A library for parsing IPv4 and IPv6 IP addresses in node and the browser. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the group, link, and spanAll functions, as well as the parseMessage field of thrown errors. An attacker can execute...

6.1CVSS5.8AI score0.00471EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/05 9:50 p.m.10 views

Cross-site Scripting (XSS)

Overview org.webjars.npm:ip-address is an A library for parsing IPv4 and IPv6 IP addresses in node and the browser. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the group, link, and spanAll functions, as well as the parseMessage field of thrown errors. An...

8.1CVSS5.9AI score0.00471EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.12 views

PT-2026-37247

Name of the Vulnerable Software and Affected Versions LobeHub versions prior to 2.1.48 Description A stored cross-site scripting XSS issue exists in the message rendering mechanism. When processing custom tags in the src/features/Portal/Artifacts/Body/Renderer/index.tsx render process, the softwa...

6.2CVSS6.5AI score0.00266EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.6 views

PT-2026-35065

Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.6.5 Description SiYuan desktop renders notification messages as raw HTML within an Electron renderer. The API endpoint '/api/notification/pushMsg' accepts a user-controlled msg value, which is forwarded through the...

8.8CVSS5.3AI score0.00134EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/04/23 3:0 p.m.6 views

CVE-2026-40472

In hackage-server, user-controlled metadata from .cabal files are rendered into HTML href attributes without proper sanitization, enabling stored Cross-Site Scripting XSS attacks...

9.9CVSS5.8AI score0.00303EPSS
Exploits0References2
NVD
NVD
added 2026/04/22 8:16 p.m.5 views

CVE-2026-3673

An authenticated attacker can store a crafted tag value in usertags and trigger JavaScript execution when a victim opens the list/report view where tags are rendered. The vulnerable renderer interpolates tag content into HTML attributes and element content without escaping. This issue affects...

5.4CVSS0.00201EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/04/22 7:32 p.m.9 views

CVE-2026-3673

An authenticated attacker can store a crafted tag value in usertags and trigger JavaScript execution when a victim opens the list/report view where tags are rendered. The vulnerable renderer interpolates tag content into HTML attributes and element content without escaping. This issue affects...

4.6CVSS5.9AI score0.00201EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.6 views

PT-2026-33923

Reflected Cross-Site Scripting XSS vulnerability in Navigate Content Management System. The vulnerability is present in the '/blog' endpoint because user input is not properly sanitized through designed query parameters. This results in unsafe HTML rendering, which could allow a remote attacker t...

5.1CVSS6AI score0.00343EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/17 8:29 p.m.6 views

EUVD-2026-23513

Stirling-PDF is a locally hosted web application that facilitates various operations on PDF files. In versions prior to 2.0.0, file upload endpoints render user-supplied filenames directly into HTML using unsafe methods like innerHTML without sanitization. An attacker can craft a file with a...

3.1CVSS5.7AI score0.00168EPSS
Exploits1References1
Rows per page
Query Builder