90 matches found
CVE-2026-48952
Lack of escaping leads to an XSS vulnerability in the update list view of cominstaller...
EUVD-2026-42070
Lack of escaping leads to an XSS vulnerability in the update list view of cominstaller...
CVE-2026-48952
Lack of escaping leads to an XSS vulnerability in the update list view of cominstaller...
CVE-2026-48952 Joomla! Core - [20260706] - XSS in com_installer
Lack of escaping leads to an XSS vulnerability in the update list view of cominstaller...
CVE-2026-48952 Joomla! Core - [20260706] - XSS in com_installer
Lack of escaping leads to an XSS vulnerability in the update list view of cominstaller...
CVE-2026-48952
CVE-2026-48952 affects Joomla core, specifically the com_installer update list view. Root cause is lack of escaping, resulting in an XSS vulnerability. CVSS 4.0 base score 8.4 ( HIGH ) with network attack vector, low attack complexity, high impact to confidentiality and integrity, and low impact ...
PT-2026-56225
Name of the Vulnerable Software and Affected Versions Joomla! Core affected versions not specified Description Lack of escaping in the update list view of the com installer component leads to a Cross-Site Scripting XSS issue. XSS is a flaw that allows an attacker to inject malicious scripts into...
CVE-2026-53568
Frappe is a full-stack web application framework. Prior to versions 15.107.2 and 16.17.4, there is a stored XSS vulnerablity in Frappe Report/List View. This issue has been patched in versions 15.107.2 and 16.17.4...
EUVD-2026-36460
Frappe is a full-stack web application framework. Prior to versions 15.107.2 and 16.17.4, there is a stored XSS vulnerablity in Frappe Report/List View. This issue has been patched in versions 15.107.2 and 16.17.4...
CVE-2026-53568
Frappe stored XSS CVE-2026-53568 affects the Frappe full-stack web framework. A stored XSS vulnerability exists in the Report/List View via the set_link_title_field_value path, impacting versions prior to 15.107.2 and 16.17.4. The issue has been patched in those versions (15.107.2 and 16.17.4). P...
PT-2026-48917
Frappe is a full-stack web application framework. Prior to versions 15.107.2 and 16.17.4, there is a stored XSS vulnerablity in Frappe Report/List View. This issue has been patched in versions 15.107.2 and 16.17.4...
CVE-2026-47716
Bugsink is a self-hosted error tracking tool. Prior to 2.2.0, In affected versions, the issue list view authorizes access through the project in the URL, but applies the requested bulk action to the submitted issue IDs without also requiring those issues to belong to that project. This...
CVE-2026-47716
Bugsink is a self-hosted error tracking tool. Prior to 2.2.0, In affected versions, the issue list view authorizes access through the project in the URL, but applies the requested bulk action to the submitted issue IDs without also requiring those issues to belong to that project. This...
[20260706] - Core - XSS in com_installer
Lack of escaping leads to an XSS vulnerability in the update list view of cominstaller...
CVE-2026-2396
The List View Google Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the event description in all versions up to, and including, 7.4.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
WordPress List View Google Calendar plugin <= 7.4.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via Event Description vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting via Event Description vulnerability discovered by Pattama Tangpoonponwiwat Kwan - - in WordPress Plugin List View Google Calendar versions = 7.4.3...
WordPress plugin List View Google Calendar 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...
CVE-2026-2396
The List View Google Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the event description in all versions up to, and including, 7.4.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2026-2396 List View Google Calendar <= 7.4.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via Event Description
The List View Google Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the event description in all versions up to, and including, 7.4.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2026-2396 List View Google Calendar <= 7.4.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via Event Description
The List View Google Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the event description in all versions up to, and including, 7.4.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...