CVE-2026-56698

Nuxt CVE-2026-56698 affects Nuxt 4.0.0–4.4.6 and 3.x up to 3.21.6 (versions before the fixed releases). The navigateTo open option fails to validate script-capable URLs, allowing attacker-controlled javascript: URLs to execute arbitrary scripts in the application's origin when user input is passe...

CVE-2026-8833

Improper neutralization of HTML-encoded characters in the URL validation function in Checkmk 2.5.0p5, 2.4.0p31, 2.3.0p48, and all 2.2.0 versions allows an authenticated user to bypass URL validation and inject malicious URLs such as javascript: URIs, resulting in cross-site scripting when another...

CVE-2026-8833 XSS in urls

Improper neutralization of HTML-encoded characters in the URL validation function in Checkmk 2.5.0p5, 2.4.0p31, 2.3.0p48, and all 2.2.0 versions allows an authenticated user to bypass URL validation and inject malicious URLs such as javascript: URIs, resulting in cross-site scripting when another...

CVE-2026-41063

WWBN AVideo is an open source video platform. In versions 29.0 and below, an incomplete XSS fix in AVideo's ParsedownSafeWithLinks class overrides inlineMarkup for raw HTML but does not override inlineLink or inlineUrlTag, allowing javascript: URLs in markdown link syntax to bypass sanitization...

CVE-2026-35451

Twenty is an open source CRM. Prior to 1.20.6, a Stored Cross-Site Scripting XSS vulnerability exists in the BlockNote editor component. Due to a lack of protocol validation in the FileBlock component and insufficient server-side inspection of block content, an attacker can inject a javascript: U...

Stored XSS via <iframe> in HAX CMS allows access to sensitive client-side data and account takeover

Summary A stored cross-site scripting XSS vulnerability exists in HAX CMS due to improper sanitization of elements. The application allows javascript: URIs in the src attribute, which are executed when a malicious page is viewed. This enables attackers to execute arbitrary JavaScript in the conte...

Astra Linux – Vulnerability in jsoup

jsoup is a Java HTML parser designed for HTML editing, cleaning, scraping, and XSS Cross-Site Scripting protection. However, jsoup may incorrectly sanitize HTML containing javascript: URLs, which could allow XSS attacks when a user clicks on those links. If the non-default...

CVE-2026-41063 WWBN AVideo has incomplete fix for CVE-2026-33500 (XSS)

WWBN AVideo is an open source video platform. In versions 29.0 and below, an incomplete XSS fix in AVideo's ParsedownSafeWithLinks class overrides inlineMarkup for raw HTML but does not override inlineLink or inlineUrlTag, allowing javascript: URLs in markdown link syntax to bypass sanitization...

CVE-2026-41063

WWBN AVideo is an open source video platform. In versions 29.0 and below, an incomplete XSS fix in AVideo's ParsedownSafeWithLinks class overrides inlineMarkup for raw HTML but does not override inlineLink or inlineUrlTag, allowing javascript: URLs in markdown link syntax to bypass sanitization...

CVE-2026-41063

CVE-2026-33500 / CVE-2026-41063 (AVideo) : In versions up to 26.0, WWBN AVideo’s custom ParsedownSafeWithLinks sanitizes raw HTML but does not override inlineLink() and inlineUrlTag() in the base Parsedown, so markdown links using [text](javascript:…) or bypass sanitization. Public docs confirm ...

PT-2026-34208

Name of the Vulnerable Software and Affected Versions WWBN AVideo versions 29.0 and earlier Description An incomplete fix for cross-site scripting in the ParsedownSafeWithLinks class allows the use of javascript: URLs in markdown link syntax to bypass sanitization. This occurs because the...

WWBN AVideo 安全漏洞

WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to 29.0 contained security vulnerabilities. These vulnerabilities stemmed from incomplete XSS repairs in the ParsedownSafeWithLinks class, as well as the lack of coverage for...

CVE-2026-40322 SiYuan: Mermaid `javascript:` Link Injection Leads to Stored XSS and Electron RCE

SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and below, Mermaid diagrams are rendered with securityLevel set to "loose", and the resulting SVG is injected into the DOM via innerHTML. This allows attacker-controlled javascript: URLs in Mermaid code blocks to...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the MarkdownBody class, where user-supplied markdown content is rendered without proper URL sanitization due to an overridden urlTransform function. An attacker can execute arbitrary JavaScript in the context...

USN-8181-1 libowasp-esapi-java vulnerabilities

Jaroslav Lobačevski discovered that ESAPI incorrectly validated directory paths during path verification. An attacker could possibly use this issue to bypass directory validation checks, leading to control-flow bypass. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS,...

PT-2026-33374

Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.6.4 Description Mermaid diagrams are rendered with the securityLevel set to "loose", and the resulting SVG is injected into the DOM via innerHTML. This allows attacker-controlled javascript: URLs in Mermaid code bloc...

SiYuan 安全漏洞

SiYuan is an open-source privacy-oriented personal knowledge management system developed by SiYuan itself. Versions of SiYuan 3.6.3 and earlier contained security vulnerabilities. These vulnerabilities stemmed from Mermaid charts being rendered with a relaxed security level, and the generated SVG...

CVE-2026-4120

The Info Cards – Add Text and Media in Card Layouts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the btnUrl parameter in the Info Cards block for all versions up to 2.0.7. Insufficient input validation on URL schemes allows javascript: URLs to slip through the JSON data p...

CVE-2026-4120 Info Cards <= 2.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Attributes

The Info Cards – Add Text and Media in Card Layouts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'btnUrl' parameter within the Info Cards block in all versions up to, and including, 2.0.7. This is due to insufficient input validation on URL schemes, specifically the...

Stored-XSS-in-node-html-markdown-2.0.0

Stored XSS in node-html-markdown ≤ 2.0.0 Overview This re...