Lucene search
K

84 matches found

Nuclei
Nuclei
added 4 hours ago4 views

SiYuan <= v3.5.9 - Cross Site Scripting

SiYuan v3.5.10 contains a reflected XSS caused by improper sanitization of javascript: href attributes allowing ASCII control characters to bypass prefix checks in SVG sanitizer, letting unauthenticated attackers execute JavaScript via /api/icon/getDynamicIcon. id: CVE-2026-31809 info: name: SiYu...

6.4CVSS7.3AI score0.00505EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/05 8:9 p.m.56 views

EUVD-2026-32920

TinyMCE Cross-Site Scripting XSS vulnerability using sanitization bypass through nested SVGs...

8.7CVSS5.4AI score0.00191EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/05 8:9 p.m.22 views

TinyMCE Cross-Site Scripting (XSS) vulnerability using sanitization bypass through nested SVGs

Impact TinyMCE 6.8.x contains an XSS vulnerability caused by improper SVG namespace scope handling in the sanitizer. A crafted payload using nested elements can bypass attribute sanitization and execute arbitrary JavaScript. Patches This issue affects TinyMCE 6.8.x-7.0.x. The vulnerability is fix...

8.7CVSS5.8AI score0.00191EPSS
Exploits0References3Affected Software2
RedhatCVE
RedhatCVE
added 2026/06/05 7:23 p.m.9 views

CVE-2026-43900

DeepChat is an open-source artificial intelligence agent platform that unifies models, tools, and agents. Prior to v1.0.4-beta.1, a Cross-Site Scripting XSS vulnerability exists due to a discrepancy between the backend validation layer and the frontend browser rendering engine. The SVGSanitizer...

9.3CVSS5.8AI score0.00306EPSS
Exploits0References1
OSV
OSV
added 2026/05/15 9:31 p.m.9 views

GHSA-WJ3Q-VW2V-3RJ3 Duplicate Advisory: phpMyFAQ: SVG Sanitizer Entity Decoding Depth Limit Bypass Leading to Stored XSS

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-whqh-9pq5-c7r3. This link is maintained to preserve external references. Original Description phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in SvgSanitizer::decodeAllEntities that...

5.4CVSS5.5AI score0.00153EPSS
Exploits0References4
NVD
NVD
added 2026/05/15 7:17 p.m.21 views

CVE-2026-46360

phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in SvgSanitizer::decodeAllEntities that limits recursive entity decoding to 5 iterations, allowing attackers to bypass sanitization. Authenticated users with FAQEDIT permission can upload malicious SVG files with deeply...

5.4CVSS0.00153EPSS
Exploits0References2
CVE
CVE
added 2026/05/15 6:36 p.m.17 views

CVE-2026-46360

CVE-2026-46360 : phpMyFAQ

5.4CVSS5.9AI score0.00153EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/15 12:0 a.m.9 views

PT-2026-41362

phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in SvgSanitizer::decodeAllEntities that limits recursive entity decoding to 5 iterations, allowing attackers to bypass sanitization. Authenticated users with FAQ EDIT permission can upload malicious SVG files with deeply...

5.4CVSS5.9AI score0.00153EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/11 9:42 p.m.41 views

CVE-2026-43900 DeepChat: Persistent DOM XSS via HTML Entity Encoding in `<antArtifact>` SVG Rendering (Bypass of `svgSanitizer.ts`)

DeepChat is an open-source artificial intelligence agent platform that unifies models, tools, and agents. Prior to v1.0.4-beta.1, a Cross-Site Scripting XSS vulnerability exists due to a discrepancy between the backend validation layer and the frontend browser rendering engine. The SVGSanitizer...

9.3CVSS0.00306EPSS
Exploits0References1
CVE
CVE
added 2026/05/11 9:42 p.m.11 views

CVE-2026-43900

DeepChat vuln CVE-2026-43900 affects the SvgArtifact rendering path. The sanitizer in src/main/lib/svgSanitizer.ts scrubs javascript: protocols with plain-text regex but fails to account for HTML entity decoding before Vue’s v-html insertion in SvgArtifact.vue. Crafting an SVG artifact with obfus...

9.3CVSS6AI score0.00306EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.10 views

DeepChat 跨站脚本漏洞

DeepChat is an intelligent assistant developed by ThinkInAIXYZ as open source. Versions of DeepChat prior to v1.0.4-beta.1 contained a cross-site scripting vulnerability. This vulnerability stemmed from the discrepancy between the backend validation layer and the front-end browser rendering engin...

9.3CVSS5.9AI score0.00306EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/20 7:23 p.m.8 views

CVE-2026-40301

DOMSanitizer is a DOM/SVG/MathML Sanitizer for PHP 7.3+. Prior to version 1.0.10, DOMSanitizer::sanitize allows...

4.7CVSS5.7AI score0.00271EPSS
Exploits0References1
NVD
NVD
added 2026/04/02 3:16 p.m.6 views

CVE-2026-34974

phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, the regex-based SVG sanitizer in phpMyFAQ SvgSanitizer.php can be bypassed using HTML entity encoding in javascript: URLs within SVG attributes. Any user with editfaq permission can upload a malicious SVG that executes...

5.4CVSS0.00176EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/04/02 2:48 p.m.19 views

CVE-2026-34974 phpMyFAQ: SVG Sanitizer Bypass via HTML Entity Encoding leads to Stored XSS and Privilege Escalation

phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, the regex-based SVG sanitizer in phpMyFAQ SvgSanitizer.php can be bypassed using HTML entity encoding in javascript: URLs within SVG attributes. Any user with editfaq permission can upload a malicious SVG that executes...

5.4CVSS0.00176EPSS
Exploits1References2
OSV
OSV
added 2026/04/01 11:42 p.m.6 views

GHSA-5CRX-PFHQ-4HGG phpMyFAQ: SVG Sanitizer Bypass via HTML Entity Encoding Leads to Stored XSS and Privilege Escalation

Summary The regex-based SVG sanitizer in phpMyFAQ SvgSanitizer.php can be bypassed using HTML entity encoding in javascript: URLs within SVG attributes. Any user with editfaq permission can upload a malicious SVG that executes arbitrary JavaScript when viewed, enabling privilege escalation from...

5.4CVSS6.1AI score0.00176EPSS
Exploits1References4
Snyk
Snyk
added 2026/04/01 11:42 p.m.5 views

Cross-site Scripting (XSS)

Overview thorsten/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Cross-site Scripting XSS in the isSafe function of the SVG sanitizer process. An attacker can execute arbitrary JavaScript in the context of an...

5.4CVSS6AI score0.00176EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/03/26 3:7 p.m.4 views

CVE-2026-31809

SiYuan is a personal knowledge management system. Prior to 3.5.10, SiYuan's SVG sanitizer SanitizeSVG checks href attributes for the javascript: prefix using strings.HasPrefix. However, inserting ASCII tab , newline , or carriage return characters inside the javascript: string bypasses this prefi...

9.3CVSS5.8AI score0.00625EPSS
Exploits2References1
SUSE CVE
SUSE CVE
added 2026/03/25 12:24 a.m.7 views

SUSE CVE-2026-31807

SiYuan is a personal knowledge management system. Prior to 3.5.10, SiYuan's SVG sanitizer SanitizeSVG blocks dangerous elements , , and removes on event handlers and javascript: in href attributes. However, it does NOT block SVG animation elements , which can dynamically set attributes to dangero...

6.4CVSS5.9AI score0.00445EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/03/25 12:24 a.m.4 views

SUSE CVE-2026-31809

SiYuan is a personal knowledge management system. Prior to 3.5.10, SiYuan's SVG sanitizer SanitizeSVG checks href attributes for the javascript: prefix using strings.HasPrefix. However, inserting ASCII tab , newline , or carriage return characters inside the javascript: string bypasses this prefi...

6.4CVSS5.9AI score0.00505EPSS
Exploits1References3
OSV
OSV
added 2026/03/12 8:57 p.m.9 views

GO-2026-4669 SiYuan has a SVG Sanitizer Bypass via Whitespace in `javascript:` URI — Unauthenticated XSS in github.com/siyuan-note/siyuan/kernel

SiYuan has a SVG Sanitizer Bypass via Whitespace in javascript: URI — Unauthenticated XSS in github.com/siyuan-note/siyuan/kernel...

6.4CVSS5.8AI score0.00505EPSS
Exploits1References3
Rows per page
Query Builder