CVE-2026-31013

Dovestones Softwares ADPhonebook 4.0.1.1 has a reflected cross-site scripting XSS vulnerability in the search parameter of the /ADPhonebook?Department=HR endpoint. User-supplied input is reflected in the HTTP response without proper input validation or output encoding, allowing execution of...

ROS-20260417-73-0044

Vulnerability in glpi due to a flaw in the output encoding or escaping mechanism. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

ROS-20260417-73-0046

Vulnerability in glpi due to a flaw in the output encoding or escaping mechanism. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

CVE-2024-4867

The CVE-2024-4867 entry describes a cross-site scripting (XSS) vulnerability in the WSO2 API Manager developer portal. User-supplied input is not properly validated or output-encoded, enabling injection of script content executed in the user’s browser. Exploitation can cause the UI to redirect to...

WSO2 API Manager 安全漏洞

The WSO2 API Manager is a set of API lifecycle management solutions provided by the American company WSO2. There is a security vulnerability present in the WSO2 API Manager developer portal. This vulnerability stems from the lack of enforceable validation constraints on user inputs and output...

CVE-2026-2404

CWE-116 Improper Encoding or Escaping of Output vulnerability exists that could cause log injection and forged log when an attacker alters the POST /jsecurity check request payload...

SUSE CVE-2026-34483

Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve component of Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.20, from 10.1.0-M1 through 10.1.53, from 9.0.40 through 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 o...

DEBIAN-CVE-2026-34483

Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve component of Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.20, from 10.1.0-M1 through 10.1.53, from 9.0.40 through 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 o...

CVE-2026-34483

Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve component of Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.20, from 10.1.0-M1 through 10.1.53, from 9.0.40 through 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 o...

CVE-2026-34483

Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve component of Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.20, from 10.1.0-M1 through 10.1.53, from 9.0.40 through 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 o...

EUVD-2025-209388

A stored cross-site scripting XSS vulnerability exists in Kiamo before 8.4 due to improper output encoding of user-supplied input in administrative interfaces. An authenticated administrative user can inject arbitrary JavaScript code that is executed in the browser of users viewing the affected...

CVE-2025-70365

A stored cross-site scripting XSS vulnerability exists in Kiamo before 8.4 due to improper output encoding of user-supplied input in administrative interfaces. An authenticated administrative user can inject arbitrary JavaScript code that is executed in the browser of users viewing the affected...

PT-2026-31638

A stored cross-site scripting XSS vulnerability exists in Kiamo before 8.4 due to improper output encoding of user-supplied input in administrative interfaces. An authenticated administrative user can inject arbitrary JavaScript code that is executed in the browser of users viewing the affected...

CVE-2025-70365

A stored cross-site scripting XSS vulnerability exists in Kiamo before 8.4 due to improper output encoding of user-supplied input in administrative interfaces. An authenticated administrative user can inject arbitrary JavaScript code that is executed in the browser of users viewing the affected...

Improper Privilege Management

ci4-cms-erp/ci4ms is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper sanitization and output encoding of user-controlled profile name input, which allows an attacker to inject and execute malicious JavaScript in application views...

CVE-2026-34561

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input within System Settings – Social Media Management. Multiple...

CVE-2026-34564

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input when adding Pages to navigation menus through the Menu Manageme...

CVE-2026-34566

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input within the Page Management functionality when creating or editi...

Cross-site Scripting (XSS)

Overview ci4-cms-erp/ci4ms is a composer create-project ci4-cms-erp/ci4ms Affected versions of this package are vulnerable to Cross-site Scripting XSS via unsanitized input in the Categories section of blog management. An attacker can execute arbitrary JavaScript in the context of other users by...

Cross-site Scripting (XSS)

Overview ci4-cms-erp/ci4ms is a composer create-project ci4-cms-erp/ci4ms Affected versions of this package are vulnerable to Cross-site Scripting XSS in the menu management process when user-controlled input is added to navigation menus via the Posts section and rendered without proper output...