Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the renderadmonition, renderfigure, and blockerror rendering paths in the HTML output components. An attacker can inject arbitrary HTML by supplying crafted admonition classes, figure classes, or widths, or...

EUVD-2026-28501

wlc is a Weblate command-line client using Weblate's REST API. Prior to version 2.0.0, the HTML output format in wlc embeds API response data into HTML without escaping, allowing cross-site scripting when the output is rendered in a browser. This issue has been patched in version 2.0.0...

GHSA-QJV7-627W-8QJV Fiber vulnerable to XSS in AutoFormat Content Negotiation

Summary Description A Cross-Site Scripting CWE-79 vulnerability in Go Fiber allows a remote attacker to inject arbitrary HTML/JavaScript by supplying Accept: text/html on any request whose handler passes attacker-influenced data to the AutoFormat feature. This affects github.com/gofiber/fiber/v3...

PT-2026-6747

Name of the Vulnerable Software and Affected Versions Asterisk versions prior to 20.7-cert9 Asterisk versions prior to 20.18.2 Asterisk versions prior to 21.12.1 Asterisk versions prior to 22.8.2 Asterisk versions prior to 23.2.2 Description Asterisk is a private branch exchange and telephony...