424 matches found
PT-2026-41392
Name of the Vulnerable Software and Affected Versions Weblate versions prior to 2026.5 Description The live search preview renders the source and context variables as HTML without proper escaping. This allows a contributor to store HTML and CSS that executes within the authenticated editor of any...
Open WebUI 跨站脚本漏洞
Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI that is open source. Versions of Open WebUI prior to 0.9.3 had a cross-site scripting vulnerability. This vulnerability stemmed from the XLSX.utils.sheettohtml function, which was rendered using @html excelHtml without...
Open WebUI has stored XSS via unsanitized Office/Excel/DOCX file preview rendering ({@html} without DOMPurify)
Related advisory This advisory tracks a regression of the original Excel-preview XSS that was publicly disclosed and patched under GHSA-jwf8-pv5p-vhmc patched in v0.8.0. The same root cause — XLSX.utils.sheettohtml output rendered via @html excelHtml without DOMPurify — was reintroduced sometime...
Cross-site Scripting (XSS)
Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Cross-site Scripting XSS in the rendering of user-uploaded Office files as HTML using the Svelte @html directive without proper sanitization. An attacker can execute arbitrary JavaScript in the context of oth...
GHSA-HCWP-82G6-8WXC Open WebUI has stored XSS via unsanitized Office/Excel/DOCX file preview rendering ({@html} without DOMPurify)
Related advisory This advisory tracks a regression of the original Excel-preview XSS that was publicly disclosed and patched under GHSA-jwf8-pv5p-vhmc patched in v0.8.0. The same root cause — XLSX.utils.sheettohtml output rendered via @html excelHtml without DOMPurify — was reintroduced sometime...
Open WebUI has stored XSS via the HTML renedering view
Summary Through the HTML rendering view, scripts can be injected and executed. The finding resulted from a penetration test for a customer. It is suspected that the root cause of the issue lies within the core of Open WebUI, which is why it is being reported as a security issue here. Tested on Op...
Cross-site Scripting (XSS)
Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Cross-site Scripting XSS via the HTML rendering view. An attacker can execute arbitrary HTML or JavaScript in the user's context by injecting malicious scripts into embedded file in the chat that later shared...
GHSA-4VRC-M9CH-6M3R Open WebUI has stored XSS via the HTML renedering view
Summary Through the HTML rendering view, scripts can be injected and executed. The finding resulted from a penetration test for a customer. It is suspected that the root cause of the issue lies within the core of Open WebUI, which is why it is being reported as a security issue here. Tested on Op...
CVE-2026-42159
CVE-2026-42159 affects Flowsint, an open-source OSINT graph exploration tool. A remote attacker can create a node whose description contains arbitrary HTML; when selected, the node renders that HTML and may trigger stored XSS. The issue resides in sketches and their nodes/relationships where desc...
CVE-2026-45228
Quark Drive before 0.8.5 contains a stored cross-site scripting vulnerability in the System Configuration page where the template renders pushconfig key names using Vue.js's v-html directive without escaping. Authenticated attackers can inject HTML or JavaScript payloads as key names through the...
CVE-2026-8012
Inappropriate implementation in MHTML in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Low...
Cross-site Scripting (XSS)
Overview ip-address is an A library for parsing IPv4 and IPv6 IP addresses in node and the browser. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the group, link, and spanAll functions, as well as the parseMessage field of thrown errors. An attacker can execute...
Cross-site Scripting (XSS)
Overview org.webjars.npm:ip-address is an A library for parsing IPv4 and IPv6 IP addresses in node and the browser. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the group, link, and spanAll functions, as well as the parseMessage field of thrown errors. An...
PT-2026-37247
Name of the Vulnerable Software and Affected Versions LobeHub versions prior to 2.1.48 Description A stored cross-site scripting XSS issue exists in the message rendering mechanism. When processing custom tags in the src/features/Portal/Artifacts/Body/Renderer/index.tsx render process, the softwa...
PT-2026-35065
Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.6.5 Description SiYuan desktop renders notification messages as raw HTML within an Electron renderer. The API endpoint '/api/notification/pushMsg' accepts a user-controlled msg value, which is forwarded through the...
CVE-2026-40472
In hackage-server, user-controlled metadata from .cabal files are rendered into HTML href attributes without proper sanitization, enabling stored Cross-Site Scripting XSS attacks...
CVE-2026-3673
An authenticated attacker can store a crafted tag value in usertags and trigger JavaScript execution when a victim opens the list/report view where tags are rendered. The vulnerable renderer interpolates tag content into HTML attributes and element content without escaping. This issue affects...
CVE-2026-3673
An authenticated attacker can store a crafted tag value in usertags and trigger JavaScript execution when a victim opens the list/report view where tags are rendered. The vulnerable renderer interpolates tag content into HTML attributes and element content without escaping. This issue affects...
PT-2026-33923
Reflected Cross-Site Scripting XSS vulnerability in Navigate Content Management System. The vulnerability is present in the '/blog' endpoint because user input is not properly sanitized through designed query parameters. This results in unsafe HTML rendering, which could allow a remote attacker t...
EUVD-2026-23513
Stirling-PDF is a locally hosted web application that facilitates various operations on PDF files. In versions prior to 2.0.0, file upload endpoints render user-supplied filenames directly into HTML using unsafe methods like innerHTML without sanitization. An attacker can craft a file with a...