CVE-2025-61655

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation VisualEditor. This vulnerability is associated with program files includes/ApiVisualEditorEdit.Php, modules/ve-mw/init/targets/ve.Init.Mw.DesktopArticleTarget.Js,...

CVE-2025-61657

CVE-2025-61657 is an XSS vulnerability in the Wikimedia Foundation Vector UI skin, specifically related to resources/skins.Vector.Js/stickyHeader.Js. Affected: Vector prior to 1.43.4 and 1.44.1. Root cause: improper neutralization of input during web page generation. Impact and exploitability are...

CVE-2025-61644

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Rcfilters/ui/WatchlistTopSectionWidget.Js. This issue affects MediaWiki: from befo...

Cross-site Scripting (XSS)

Overview mediawiki/core is a Free software wiki application developed by the Wikimedia Foundation and others. Note: This package is not maintained on Packagist anymore, but newer releases exist. Affected versions of this package are vulnerable to Cross-site Scripting XSS via improper input...

CVE-2025-61645 CodexTablePager has i18n XSS

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/pager/CodexTablePager.Php. This issue affects MediaWiki: from before 1.44.1...

CVE-2025-61644

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Rcfilters/ui/WatchlistTopSectionWidget.Js. This issue affects MediaWiki: from befo...

PT-2026-6001

Name of the Vulnerable Software and Affected Versions Kod8 Individual and SME Website versions through 03022026 Description The Kod8 Individual and SME Website software contains a flaw related to improper neutralization of input during web page generation, leading to a Reflected Cross-Site...

CVE-2025-61637

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Action/mediawiki.Action.Edit.Preview.Js, resources/src/mediawiki.Page.Preview.Js...

Improper Neutralization of Input Used for LLM Prompting

Overview omni-cortex is a Give Claude Code a perfect memory - auto-logs everything, searches smartly, and gets smarter over time Affected versions of this package are vulnerable to Improper Neutralization of Input Used for LLM Prompting. LLM prompt construction fails to sanitize user-controlled...

CVE-2026-0805

An input neutralization vulnerability in the Backup Configuration component of Crafty Controller allows a remote, authenticated attacker to perform file tampering and remote code execution via path traversal...

CVE-2026-0963

An input neutralization vulnerability in the File Operations API Endpoint component of Crafty Controller allows a remote, authenticated attacker to perform file tampering and remote code execution via path traversal...

EUVD-2026-5044

An input neutralization vulnerability in the File Operations API Endpoint component of Crafty Controller allows a remote, authenticated attacker to perform file tampering and remote code execution via path traversal...

PT-2026-5381

Name of the Vulnerable Software and Affected Versions Crafty Controller affected versions not specified Description An input neutralization issue exists in the File Operations API Endpoint component of Crafty Controller. A remote, authenticated attacker can exploit this to perform file tampering...

CVE-2025-13981

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal AI Artificial Intelligence allows Cross-Site Scripting XSS.This issue affects AI Artificial Intelligence: from 0.0.0 before 1.0.7, from 1.1.0 before 1.1.7, from 1.2.0 before 1.2.4...

CVE-2025-13983

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Tagify allows Cross-Site Scripting XSS.This issue affects Tagify: from 0.0.0 before 1.2.44...

CVE-2025-13983

Summary of CVE-2025-13983 (Drupal Tagify XSS) A Cross-Site Scripting vulnerability affects the Drupal Tagify module, specifically Tagify up to version 1.2.43 (i.e., before 1.2.44). The root cause is improper neutralization of input during web page generation, which can allow attackers to inject s...

CVE-2025-13981

CVE-2025-13981 describes a Cross-Site Scripting (XSS) vulnerability in the Drupal AI module (Artificial Intelligence) caused by improper neutralization of input during web page generation. Affected versions are: 0.0.0 before 1.0.7, 1.1.0 before 1.1.7, and 1.2.0 before 1.2.4. The provided document...

CVE-2025-13981

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal AI Artificial Intelligence allows Cross-Site Scripting XSS.This issue affects AI Artificial Intelligence: from 0.0.0 before 1.0.7, from 1.1.0 before 1.1.7, from 1.2.0 before 1.2.4...

CVE-2026-0749

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Form Builder allows Cross-Site Scripting XSS.This issue affects Drupal: from 7.X-1.0 through 7.X-1.22...

CVE-2026-0749

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Form Builder allows Cross-Site Scripting XSS.This issue affects Drupal: from 7.X-1.0 through 7.X-1.22...