WWBN AVideo 跨站脚本漏洞

WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to 29.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from the lack of escaping of user input in the plugin/Meet/iframe.php file, which could allo...

📄 Car Rental Script 4.0 Cross Site Scripting

Car Rental Script version 4.0 suffers from a cross site scripting vulnerability. Titles: Car-Rental-Script4.0-XSS-Reflected Cross-site scripting reflected Author: nu11secur1ty Date: 05/08/2026 Vendor: https://www.phpjabbers.com/ Software: https://www.phpjabbers.com/car-rental-script/ Reference:...

EUVD-2022-55982

WordPress Plugin IP2Location Country Blocker 2.26.7 contains a stored cross-site scripting vulnerability that allows authenticated users to inject arbitrary JavaScript code through the Frontend Settings interface. Attackers can inject malicious scripts in the URL field of the Display page setting...

EUVD-2021-34791

Filterable Portfolio Gallery 1.0 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by entering payloads in the title field. Attackers can store JavaScript code like image tags with onerror handlers that execute when the gallery...

CVE-2022-50959

WordPress Contact Form Builder 1.6.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting the formid parameter. Attackers can craft malicious URLs to codegenerator.php with script payloads in the formid parameter t...

CVE-2022-50945

WordPress 3dady Real-Time Web Stats plugin 1.0 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by exploiting unsanitized input fields. Attackers can insert JavaScript payloads in the dadyinputtext or dady2inputtext fields via...

CVE-2022-50945

CVE-2022-50945 : WordPress plugin “3dady Real-Time Web Stats” v1.0 contains a stored cross-site scripting (XSS) vulnerability. Unsanitized inputs in dady_input_text and dady2_input_text (via the plugin options panel) allow authenticated attackers to inject JavaScript that executes when the page i...

PT-2026-39505

Filterable Portfolio Gallery 1.0 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by entering payloads in the title field. Attackers can store JavaScript code like image tags with onerror handlers that execute when the gallery...

SUSE CVE-2025-14576

Insufficient validation of node IDs in Qt SVG module allows arbitrary QML/JavaScript code injection when loading malicious SVG files through the VectorImage component in Qt Quick. While QML execution is typically more restricted than native code execution, this could still lead to denial of...

CVE-2026-42224

ipl/web is a set of common web components for php projects. Prior to versions 0.13.1 and 0.10.3, the vulnerability allows an attacker to inject malicious Javascript into a victim's browser to run it in the context of Icinga Web. The victim needs to visit a specifically prepared website and may ha...

CVE-2026-42794

Improper Neutralization of Input During Web Page Generation XSS vulnerability in absinthe-graphql absintheplug allows reflected cross-site scripting via the GraphiQL interface. 'Elixir.Absinthe.Plug.GraphiQL':jsescape/1 in lib/absinthe/plug/graphiql.ex escapes single quotes and newlines in the...

CVE-2026-41512

ai-scanner is an AI model safety scanner built on NVIDIA garak. From version 1.0.0 to before version 1.4.1, there is a remote code execution vulnerability via JavaScript injection in BrowserAutomation::PlaywrightService. This issue has been patched in version 1.4.1...

CVE-2026-41512 Remote code execution via JavaScript injection in `BrowserAutomation::PlaywrightService`

ai-scanner is an AI model safety scanner built on NVIDIA garak. From version 1.0.0 to before version 1.4.1, there is a remote code execution vulnerability via JavaScript injection in BrowserAutomation::PlaywrightService. This issue has been patched in version 1.4.1...

EUVD-2026-28599

ai-scanner is an AI model safety scanner built on NVIDIA garak. From version 1.0.0 to before version 1.4.1, there is a remote code execution vulnerability via JavaScript injection in BrowserAutomation::PlaywrightService. This issue has been patched in version 1.4.1...

CVE-2026-41512

ai-scanner is an AI model safety scanner built on NVIDIA garak. From version 1.0.0 to before version 1.4.1, there is a remote code execution vulnerability via JavaScript injection in BrowserAutomation::PlaywrightService. This issue has been patched in version 1.4.1...

CVE-2026-41512 Remote code execution via JavaScript injection in `BrowserAutomation::PlaywrightService`

ai-scanner is an AI model safety scanner built on NVIDIA garak. From version 1.0.0 to before version 1.4.1, there is a remote code execution vulnerability via JavaScript injection in BrowserAutomation::PlaywrightService. This issue has been patched in version 1.4.1...

CVE-2026-41512

ai-scanner (built on NVIDIA garak) contains a remote code execution vulnerability in versions 1.0.0 up to before 1.4.1, caused by JavaScript injection in BrowserAutomation::PlaywrightService. A patch is available in v1.4.1. CVSSv3.1 metrics in the entry indicate a CRITICAL base score (9.9) with n...

SUSE CVE-2026-23928

The Item history widget in Zabbix 7.0+ or the Plain text widget in Zabbix 6.0 can execute injected JavaScript when HTML display is enabled. This can allow an attacker to perform unauthorized actions depending on which user opens a dashboard containing these widgets. The malicious JavaScript would...

Scanner 代码注入漏洞

Scanner is an AI model security assessment tool developed by 0DIN.ai. Versions 1.0.0 to 1.4.1 of Scanner contained a code injection vulnerability. This vulnerability originated from JavaScript injection in BrowserAutomation::PlaywrightService, which could lead to remote code execution...

PT-2026-38966

Name of the Vulnerable Software and Affected Versions ai-scanner versions 1.0.0 through 1.4.0 Description Remote code execution is possible via JavaScript injection in the BrowserAutomation::PlaywrightService function. This software is an AI model safety scanner built on NVIDIA garak...