CVE-2026-46396 HAX CMS has a stored XSS via <iframe> that allows access to sensitive client-side data and account takeover

HAX CMS helps manage microsite universe with PHP or NodeJs backends. A stored cross-site scripting XSS vulnerability exists in versions prior to 26.0.0 due to improper sanitization of elements. The application allows javascript: URIs in the src attribute, which are executed when a malicious page ...

EUVD-2026-34891

HAX CMS helps manage microsite universe with PHP or NodeJs backends. A stored cross-site scripting XSS vulnerability exists in versions prior to 26.0.0 due to improper sanitization of elements. The application allows javascript: URIs in the src attribute, which are executed when a malicious page ...

CVE-2026-46511 HAXcms: Mass Token Exfiltration and Cross-Tenant Hijack

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, an attack chain utilizing Stored XSS alongside dynamic token exposure in the /system/api/connectionSettings endpoint allows an authenticated attacker to perform a complete cross-tenant account takeover...

CVE-2026-46511

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, an attack chain utilizing Stored XSS alongside dynamic token exposure in the /system/api/connectionSettings endpoint allows an authenticated attacker to perform a complete cross-tenant account takeover...

CVE-2026-46392 HAX CMS PHP Has a Stored XSS via Case-Sensitivity Mismatch in HTML Upload Validation

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0 of HAX CMS PHP, the saveFile endpoint validates upload extensions case-insensitively and writes the filename to disk verbatim, but the .htaccess rule that forces Content-Disposition: attachment on HTML...

CVE-2026-46392

HAX CMS (PHP, pre-26.0.0) has a case-sensitivity mismatch in HTML upload handling. The saveFile endpoint validates extensions case-insensitively but the .htaccess rule enforcing Content-Disposition: attachment for HTML is case-sensitive. As a result, an uploaded HTML file with an uppercase extens...

CVE-2026-46392 HAX CMS PHP Has a Stored XSS via Case-Sensitivity Mismatch in HTML Upload Validation

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0 of HAX CMS PHP, the saveFile endpoint validates upload extensions case-insensitively and writes the filename to disk verbatim, but the .htaccess rule that forces Content-Disposition: attachment on HTML...

CVE-2026-11338

A security vulnerability has been detected in SourceCodester Ship Ferry Ticket Reservation System 1.0. Impacted is an unknown function of the file /admin/?page=user/manageuser. The manipulation of the argument Username leads to cross site scripting. It is possible to initiate the attack remotely...

CVE-2026-11337

A vulnerability was found in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. Affected by this vulnerability is an unknown functionality of the file /dashboardpage/forms/fetch.php. The manipulation of the argument...

GHSA-HJ85-PH9Q-78JG NocoDB: Stored Cross-Site Scripting via Form View Redirect URL

Summary The shared form-view submit handler in NocoDB writes the form's redirecturl to window.location.href after a same-host check that does not validate the URL scheme. A user with editor role or above on any base can plant a javascript: URL in the form's redirecturl; when an authenticated view...

GHSA-JF3G-4GWG-4H66 NocoDB: Stored Cross-Site Scripting via Row Comments

Summary An authenticated commenter could store HTML in row comments that executed as script when other users hovered over the comment in the expanded form view. Details The comment write paths persisted the raw comment body with no server-side sanitisation; the expanded-form sidebar then rendered...

NocoDB: Stored Cross-Site Scripting via Row Comments

Summary An authenticated commenter could store HTML in row comments that executed as script when other users hovered over the comment in the expanded form view. Details The comment write paths persisted the raw comment body with no server-side sanitisation; the expanded-form sidebar then rendered...

Exploit for CVE-2024-21182

CVE-2024-21182 - Oracle WebLogic Server Unauthenticated Stored...

CVE-2026-11338

SourceCodester Ship Ferry Ticket Reservation System 1.0 contains a cross-site scripting vulnerability in the /admin/?page=user/manage_user handler, triggered by manipulating the Username parameter. The issue is exploitable remotely and has had exploits publicly disclosed. Affected component: the ...

EUVD-2026-34856

A security vulnerability has been detected in SourceCodester Ship Ferry Ticket Reservation System 1.0. Impacted is an unknown function of the file /admin/?page=user/manageuser. The manipulation of the argument Username leads to cross site scripting. It is possible to initiate the attack remotely...

CVE-2026-11338

A security vulnerability has been detected in SourceCodester Ship Ferry Ticket Reservation System 1.0. Impacted is an unknown function of the file /admin/?page=user/manageuser. The manipulation of the argument Username leads to cross site scripting. It is possible to initiate the attack remotely...

CVE-2026-11338 SourceCodester Ship Ferry Ticket Reservation System manage_user cross site scripting

A security vulnerability has been detected in SourceCodester Ship Ferry Ticket Reservation System 1.0. Impacted is an unknown function of the file /admin/?page=user/manageuser. The manipulation of the argument Username leads to cross site scripting. It is possible to initiate the attack remotely...

NocoDB: Reflected Cross-Site Scripting via Password Reset Token

Summary The password-reset page rendered the URL token directly into a JavaScript string literal in a server-rendered EJS template. EJS HTML-entity-encodes a fixed set of characters but does not escape single quotes or backslashes, so a crafted token could break out of the JS string context and...

GHSA-6XCX-7QMG-VJFQ NocoDB: Reflected Cross-Site Scripting via Password Reset Token

Summary The password-reset page rendered the URL token directly into a JavaScript string literal in a server-rendered EJS template. EJS HTML-entity-encodes a fixed set of characters but does not escape single quotes or backslashes, so a crafted token could break out of the JS string context and...

CVE-2026-11337 tittuvarghese CollegeManagementSystem fetch.php cross site scripting

A vulnerability was found in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. Affected by this vulnerability is an unknown functionality of the file /dashboardpage/forms/fetch.php. The manipulation of the argument...