CVE-2025-67202

A flaw was found in Sidekiq-cron, an open-source scheduling add-on for Sidekiq. A remote attacker could exploit this cross-site scripting XSS vulnerability by injecting malicious scripts into a crafted URL. When this URL is rendered from cron.erb, the attacker's script would execute in the victim...

CVE-2026-8539

Script injection in SanitizerAPI in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: High...

PT-2026-41068

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 148.0.7778.168 Description Script injection in the SanitizerAPI allows a remote attacker to inject arbitrary scripts or HTML, leading to Universal Cross-Site Scripting UXSS, which is a vulnerability...

SUSE CVE-2026-7939

Inappropriate implementation in SanitizerAPI in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Medium...

EUVD-2026-27981

Inappropriate implementation in SanitizerAPI in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-7939

Inappropriate implementation in SanitizerAPI in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-7953

CVE-2026-7953 describes UXSS in Google Chrome due to insufficient validation of untrusted input in the Omnibox. Affects Chrome versions prior to 148.0.7778.96; exploitation would require malicious network traffic to inject scripts/HTML. The linked PT-2026-38146 and OSV/NVD entries confirm the sam...

Google Chrome 跨站脚本漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 had a cross-site scripting vulnerability. This vulnerability stemmed from improper implementation of MHTML, and it could allow remote attackers to inject arbitrary scripts or HTML through...

Google Chrome 跨站脚本漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 had a cross-site scripting vulnerability. This vulnerability stemmed from improper implementation of the Sanitizer API, which could allow remote attackers to inject arbitrary scripts or HTML...

Astra Linux - уязвимость в chromium

Insufficient data validation in Blink Editing in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to inject arbitrary scripts or HTML via a crafted HTML page...

Astra Linux - уязвимость в chromium

Insufficient data validation in the New Tab Page of Google Chrome prior to 95.0.4638.69 allowed a remote attacker to inject arbitrary scripts or HTML into a new browser tab through a crafted HTML page...

Astra Linux - уязвимость в chromium

Insufficient data validation in the Browser Switcher component of Google Chrome prior to version 124.0.6367.60 allowed a remote attacker to inject scripts or HTML into a privileged page via a malicious file. Chromium security severity: Medium...

SUSE CVE-2026-5899

Insufficient policy enforcement in History Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Low...

Cross-site Scripting (XSS)

Overview org.webjars.npm:rrweb-snapshot is a rrweb's component to take a snapshot of DOM, aka DOM serializer Affected versions of this package are vulnerable to Cross-site Scripting XSS via the rrweb-snapshot process. An attacker can execute arbitrary web scripts or inject malicious HTML by...

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 147.0.7727.55 contained a security vulnerability. This vulnerability stemmed from insufficient execution of the History Navigation policy, which could allow remote attackers to inject arbitrary scripts or...

SourceCodester Zoo Management System 安全漏洞

The SourceCodester Zoo Management System is an open-source zoo management system developed by SourceCodester. Version 1.0 of the SourceCodester Zoo Management System contains a security vulnerability. This vulnerability stems from a reflection cross-site scripting vulnerability in the msg paramet...

CVE-2026-30564

A Reflected Cross-Site Scripting XSS vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the viewpayments.php file via the "limit" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or...

CVE-2026-30556

A Reflected Cross-Site Scripting XSS vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the index.php file via the "msg" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via...

CVE-2026-30565

A Reflected Cross-Site Scripting XSS vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the viewsupplier.php file via the "limit" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or...

PT-2026-29033

A Reflected Cross-Site Scripting XSS vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the view customers.php file via the "limit" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script ...