326 matches found
Notesnook 跨站脚本漏洞
Notesnook is an end-to-end encrypted note application developed by Streetwriters. Versions of Notesnook for Web/Desktop prior to 3.3.15, as well as versions for iOS/Android prior to 3.3.20, had a cross-site scripting vulnerability. This vulnerability stemmed from the lack of HTML escaping for...
WordPress plugin Elementor Website Builder 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
JeeSite 跨站脚本漏洞
JeeSite is a Java rapid development platform open-sourced by Zhuo Yuan thinkgem in Jinan, China. Version JeeSite 5.15.1 contains a cross-site scripting vulnerability. This vulnerability stems from a storage-type cross-site scripting present in the /msg/msgInner/save endpoint, which may allow...
FreeBSD : Mozilla -- Other issue in the Storage: IndexedDB component (1a442c0b-4307-11f1-a627-b42e991fc52e)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 1a442c0b-4307-11f1-a627-b42e991fc52e advisory. https://bugzilla.mozilla.org/showbug.cgi?id=2024220 reports: Other issue in the Storage: IndexedDB...
AnythingLLM 跨站脚本漏洞
AnythingLLM is an integrated AI application developed by Mintplex. Versions of AnythingLLM prior to 1.12.1 contained a cross-site scripting vulnerability. This vulnerability stemmed from the markdown renderer in the chart component not encoding the alt text as HTML, which could lead to storage-ty...
Security Bulletin: Multiple vulnerabilities in IBM Aspera Orchestrator
Summary Multiple vulnerabilities were addressed in IBM Aspera Orchestrator 4.1.4 Vulnerability Details CVEID:CVE-2026-33173 DESCRIPTION: Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, DirectUploadsController...
Prometheus 安全漏洞
Prometheus is an open-source software developed in the Go language, used to create real-time metric databases built using the HTTP pull model. Versions 3.0 to 3.5.1 and 3.6.0 to 3.11.1 of Prometheus contain security vulnerabilities. These vulnerabilities stem from a storage-side cross-site...
EUVD-2026-22325
A storing passwords in a recoverable format vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.4, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.4, FortiSOAR on-premise 7.5.0 through 7.5.2,...
CVE-2026-22574
CVE-2026-22574 affects Fortinet FortiSOAR PaaS (versions 7.6.0–7.6.4, 7.5.0–7.5.2, 7.4 all, 7.3 all) and FortiSOAR on‑premise (7.6.0–7.6.4, 7.5.0–7.5.2, 7.4 all, 7.3 all). The issue is a vulnerability where passwords are stored in a recoverable format, potentially allowing an authenticated remote...
WordPress plugin Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
WordPress plugin Webling 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...
WordPress plugin OSM – OpenStreetMap 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
WordPress plugin Experto Dashboard for WooCommerce 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
WordPress plugin Element Pack Addons for Elementor 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
CI4MS 跨站脚本漏洞
CI4MS is an open-source blog page management tool developed by Ci4MS. Versions of CI4MS prior to 31.0.0.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from the failure to properly clean user-controlled input when users updated their profile names, which could lead to...
FeehiCMS 安全漏洞
FeehiCMS is a PHP-based CMS website building system developed by Liufee’s individual developers. The FeehiCMS v2.1.1 version contains a security vulnerability. This vulnerability stems from a storage-side cross-site scripting issue in the Content field used for creating/editing modules, which may...
WordPress plugin Xpro Addons — 140+ Widgets for Elementor 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
CI4MS 跨站脚本漏洞
CI4MS is an open-source blog page management tool developed by Ci4MS. Versions of CI4MS prior to 0.31.0.0 contained a cross-site scripting vulnerability. This vulnerability occurred due to improper handling of user input when creating or editing blog articles, which could lead to storage-based...
CI4MS 跨站脚本漏洞
CI4MS is an open-source blog page management tool developed by Ci4MS. Versions of CI4MS prior to 0.31.0.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from improper cleaning of user input in the backend user management function, which could lead to storage-based...
WordPress plugin Kubio AI Page Builder 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...