9 matches found
CVE-2026-41929
Vvveb before 1.0.8.2 contains an unauthenticated reflected cross-site scripting vulnerability in the visual editor preview renderer that allows attackers to execute arbitrary JavaScript by manipulating the r query parameter and componentajax POST parameter. Attackers can craft a malicious link or...
EUVD-2026-28459
Vvveb before 1.0.8.2 contains an unauthenticated reflected cross-site scripting vulnerability in the visual editor preview renderer that allows attackers to execute arbitrary JavaScript by manipulating the r query parameter and componentajax POST parameter. Attackers can craft a malicious link or...
CVE-2026-41929
Vvveb before 1.0.8.2 contains an unauthenticated reflected cross-site scripting vulnerability in the visual editor preview renderer that allows attackers to execute arbitrary JavaScript by manipulating the r query parameter and componentajax POST parameter. Attackers can craft a malicious link or...
CVE-2026-41929 Vvveb < 1.0.8.2 Unauthenticated Reflected XSS via Visual Editor
Vvveb before 1.0.8.2 contains an unauthenticated reflected cross-site scripting vulnerability in the visual editor preview renderer that allows attackers to execute arbitrary JavaScript by manipulating the r query parameter and componentajax POST parameter. Attackers can craft a malicious link or...
CVE-2026-41929
CVE-2026-41929 affects Vvveb prior to 1.0.8.2, where an unauthenticated reflected XSS can be triggered via the visual editor preview renderer by manipulating the r query parameter and _component_ajax POST data. The root cause is inadequate input handling: isEditor() lacks session/role/token check...
Vvveb 跨站脚本漏洞
Vvveb is a powerful and easy-to-use CMS developed by Givan’s developers, used for building websites, blogs, or e-commerce stores. Versions of Vvveb prior to 1.0.8.2 had a cross-site scripting vulnerability. This vulnerability stemmed from an unvalidated reflective cross-site scripting flaw in the...
PT-2026-38586
Name of the Vulnerable Software and Affected Versions Vvveb versions prior to 1.0.8.2 Description An unauthenticated reflected cross-site scripting issue exists in the visual editor preview renderer. Attackers can execute arbitrary JavaScript by manipulating the r query parameter and component aj...
TYPO3 cross-site scripting vulnerability (CNVD-2021-22140)
TYPO3 is a free and open source content management system framework CMS/CMF of the Swiss TYPO3 Typo3 Association. A cross-site scripting vulnerability exists in TYPO3 Core that stems from insufficient handling of user-supplied data in the Content Preview Renderer component. No detailed...
TYPO3 跨站脚本漏洞
TYPO3 is a free and open source content management system framework CMS/CMF of the Swiss TYPO3 Typo3 Association. A cross-site scripting vulnerability exists in TYPO3 Core that stems from insufficient handling of user-supplied data in the Content Preview Renderer component. No detailed...