CVE-2026-20976

Galaxy Store (Samsung) before version 4.6.02 suffers from improper input validation that allows a local attacker to execute arbitrary scripts. Affected product/version details are consistently reported across CVE entries and Red Hat/CIRCL/CNNVD mirrors indicate Galaxy Store prior to 4.6.02 is vul...

PT-2026-2057

Name of the Vulnerable Software and Affected Versions Samsung Galaxy Store versions prior to 4.6.02 Description A flaw exists in the Galaxy Store application where insufficient input validation can allow a local attacker to execute arbitrary script. The issue affects the Galaxy Store application...

SAMSUNG Galaxy Store 安全漏洞

SAMSUNG Galaxy Store is an application store by Samsung South Korea. A security vulnerability exists in SAMSUNG Galaxy Store versions prior to 4.6.02 that stems from improper input validation and could lead to the execution of arbitrary scripts...

CVE-2026-22028

A flaw was found in Preact, a lightweight web development framework. A security regression allows an attacker to bypass JSON serialization protection, leading to HTML injection. This vulnerability arises when applications process unsanitized data from external sources, allowing malicious JSON to ...

CVE-2019-25270

SOCA Access Control System 180612 is affected by a reflected XSS in the senddata POST parameter of logged_page.php (also referred to as logged page.php in PT-2026-1674). The root cause is improper handling/encoding of user-supplied data, allowing attackers to inject and execute arbitrary HTML/scr...

CVE-2022-27231

Cross-site scripting vulnerability exists in WP Statistics versions prior to 13.2.0 because it improperly processes a platform parameter. By exploiting this vulnerability, an arbitrary script may be executed on the web browser of the user who is logging in to the website using the product...

CVE-2022-27330

A cross-site scripting XSS vulnerability in /public/admin/index.php?addproduct of E-Commerce Website v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Title text field...

CVE-1999-0268

MetaInfo MetaWeb web server allows users to upload, execute, and read scripts...

phpMyFAQ XSS Vulnerability (GHSA-jv8r-hv7q-p6vc)

phpMyFAQ is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phpmyfaq:phpmyfaq"...

Malicious code in pycolorom (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 6babcee81c12759b66be4c0a8ba33c3f0272b052a47fda31227f4a6087ba8e5b The package, distinguished as a speed testing or typosquatted Telegram library, contains a Telegram bot to perform remote control of the computer --- Category:...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the variableSave function of the /admin/system/variableList.do endpoint when handling the Description argument. An attacker can inject and execute arbitrary scripts in the context of a user's browser by...

CVE-2026-21451 Bagisto has HTML Filter Bypass that Enables Stored XSS

Bagisto is an open source laravel eCommerce platform. A stored Cross-Site Scripting XSS vulnerability exists in Bagisto prior to version 2.3.10 within the CMS page editor. Although the platform normally attempts to sanitize tags, the filtering can be bypassed by manipulating the raw HTTP POST...

CVE-2025-45286

CVE-2025-45286 : A cross-site scripting (XSS) vulnerability affects the Go-based web framework/application mccutchen httpbin version 2.17.1 . The issue allows an attacker to inject arbitrary web scripts or HTML via a crafted payload. According to the CVE metadata, the attack vector is network-bas...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the /siteVar/save.do endpoint. An attacker can inject and execute arbitrary scripts by submitting crafted input to the Remark or Variable Value parameters. Details Cross-site scripting or XSS is a code...

Cross-site Scripting (XSS)

Overview trix is a Rich Text Editor. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to applying DOMPurify.isValidAttribute to data-trix-attachments before rendering them as anchor tags. An attacker can execute arbitrary JavaScript code within the user's session,...

Malicious code in telegreph (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 cca72e5a6a205d657e13d29aee3f5448061afd17f222f11db168ef8a20744992 The package, distinguished as a speed testing or typosquatted Telegram library, contains a Telegram bot to perform remote control of the computer --- Category:...

Malicious code in aiogrem (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2429ae6fbbf21c43b0bb5cc9a1ed320a2b7df0433adac380ec5902508727bc98 The package, distinguished as a speed testing or typosquatted Telegram library, contains a Telegram bot to perform remote control of the computer --- Category:...

CVE-2022-50802

ETAP Safety Manager 1.0.0.32 contains a cross-site scripting vulnerability in the 'action' GET parameter that allows unauthenticated attackers to inject malicious HTML and JavaScript. Attackers can craft specially formed requests to execute arbitrary scripts in victim browser sessions, potentiall...

PT-2025-54249

Name of the Vulnerable Software and Affected Versions ETAP Safety Manager version 1.0.0.32 Description ETAP Safety Manager version 1.0.0.32 contains a cross-site scripting issue in the action GET parameter. This allows unauthenticated attackers to inject malicious HTML and JavaScript. Attackers c...

PT-2025-54174

Name of the Vulnerable Software and Affected Versions sunhailin12315 product-review 商品评价系统 versions up to 91ead6890b4065bb45b7602d0d73348e75cb4639 Description A security flaw exists in the sunhailin12315 product-review 商品评价系统. The issue is related to cross site scripting, which can be triggered b...