Lucene search
K

5 matches found

OSV
OSV
added 2026/05/19 10:16 p.m.7 views

DEBIAN-CVE-2026-5090

Template::Plugin::HTML versions through 3.102 for Perl allows HTML and JavaScript to be injected. The htmlfilter function did not escape single quotes. HTML attributes inside of single quotes could be have code injected. For example, the variable "var" in would not be properly escaped. An attacke...

6.1CVSS6AI score0.00282EPSS
Exploits0References1
CVE
CVE
added 2026/05/19 9:30 p.m.64 views

CVE-2026-5090

The CVE concerns Template::Plugin::HTML for Perl, affecting versions up to and including 3.102. The root cause is that html_filter fails to escape single quotes, allowing HTML attributes delimited by single quotes to be injected with limited HTML/JavaScript. For example, in , a value like var = "...

6.1CVSS6AI score0.00282EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.14 views

PT-2026-42022

Name of the Vulnerable Software and Affected Versions Template::Plugin::HTML versions prior to 3.103 Description Template::Plugin::HTML for Perl allows the injection of HTML and JavaScript. The html filter function fails to escape single quotes, which enables code injection within HTML attributes...

6.1CVSS6.1AI score0.00282EPSS
Exploits0References16
Github Security Blog
Github Security Blog
added 2026/04/01 10:31 p.m.6 views

phpMyFAQ: Stored XSS via Regex Bypass in Filter::removeAttributes()

Summary The sanitization pipeline for FAQ content is: 1. Filter::filterVar$input, FILTERSANITIZESPECIALCHARS — encodes , ", ', & to HTML entities 2. htmlentitydecode$input, ENTQUOTES | ENTHTML5 — decodes entities back to characters 3. Filter::removeAttributes$input — removes dangerous HTML...

6.1CVSS5.9AI score0.00241EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.4 views

PT-2026-29670

Summary The sanitization pipeline for FAQ content is: 1. Filter::filterVar$input, FILTER SANITIZE SPECIAL CHARS — encodes , ", ', & to HTML entities 2. html entity decode$input, ENT QUOTES | ENT HTML5 — decodes entities back to characters 3. Filter::removeAttributes$input — removes dangerous HTML...

6.1CVSS5.9AI score0.00241EPSS
Exploits1References5
Rows per page
Query Builder