GHSA-6WXC-8MGQ-W26M Weblate: Stored HTML injection in editor search preview

Impact Weblate's live search preview renders unit source and context as HTML without escaping. Any contributor whose content reaches those fields stores HTML and CSS that runs inside the authenticated editor of every user who runs a matching search. Patches...

Cross-site Scripting (XSS)

Overview weblate is an A web-based continuous localization system with tight version control integration Affected versions of this package are vulnerable to Cross-site Scripting XSS in the search preview process. An attacker can execute arbitrary HTML or CSS in the authenticated editor interface ...

HumHub 跨站脚本漏洞

HumHub is the HumHub open source suite of open source social networking software written on the Yii PHP framework. A cross-site scripting vulnerability exists in HumHub versions prior to 1.17.4, which stems from a cross-site scripting vulnerability in the Meta-Search functionality that could caus...

cmsms102-xss.txt

/|| \ | || \ / ||\ / || |\| || / || \ \ || | \ || |/| || / ||| ||| |||/ http://www.nanoy.org Hacker.: NanoyMaster CMS....: CMS Made Simple Version: 1.0.2 --------exploits---------- 1 Search XSS non-permanent 2 preview XSS non-permanent 3 Admin login XSS non-permanent 4 Outro...