CVE-2026-54412

LiamBindle MQTT-C through version 1.1.6 contains a heap-based out-of-bounds read and integer underflow in the mqttunpackpublishresponse function in src/mqtt.c that allows a remote unauthenticated attacker controlling an MQTT broker - or able to inject MQTT traffic into an unencrypted session - to...

Cross Site Scripting (XSS)

Agora is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper input handling of the topicName parameter in client/agora/public/js/editorManager.js, which allows an attacker to inject malicious scripts that execute in a user’s browser...

CVE-2025-55133

In Agora Foundation Agora fall23-Alpha1 before b087490, there is XSS via topicName in client/agora/public/js/editorManager.js...

agora 跨站脚本漏洞

agora is a cloud-based learning and research platform open-sourced by the Agora Foundation. A cross-site scripting vulnerability exists in versions prior to agora fall23-Alpha1 b087490, which stems from the topicName parameter in editorManager.js being susceptible to cross-site scripting attacks...

ntpd_driver 代码注入漏洞

ntpddriver is a library from Vladimir Ermakov's personal developer. Converts ROS TimeReference messages to ntpd shm format. A security vulnerability exists in ntpddriver versions prior to 1.3.0, 2.x series prior to 2.2.0, which stems from the fact that the topic nam depends on the timereftopic...

Liferay DXP 跨站脚本漏洞

Liferay DXP is a digital experience collaboration platform from Liferay, Inc. A security vulnerability exists in Liferay DXP version 7.3.10 SP3, Liferay Portal versions 7.3.0 through 7.4.0, which originates from a vulnerability that could allow a remote attacker to inject arbitrary JS script or...

activemq: remote XSS in web console diagram plugin

A flaw was found in activemq. A specifically crafted MQTT packet which has an XSS payload as client-id or topic name can exploit this vulnerability. The XSS payload is being injected into the admin console's browser. The XSS payload is triggered in the diagram plugin; queue node and the info...

PT-2020-13788

Name of the Vulnerable Software and Affected Versions Apache ActiveMQ Artemis versions 2.5.0 through 2.13.0 Description A specially crafted MQTT packet with an XSS payload as client-id or topic name can exploit this issue. The XSS payload is injected into the admin console's browser and is...

ALPINE-CVE-2019-11779

In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT client sends a SUBSCRIBE packet containing a topic that consists of approximately 65400 or more '/' characters, i.e. the topic hierarchy separator, then a stack overflow will occur...

CVE-2019-15137

The Access Control plugin in eProsima Fast RTPS through 1.9.0 allows fnmatch pattern matches with topic name strings instead of the permission expressions themselves, which can lead to unintended connections between participants in a Data Distribution Service DDS network...

Cross site scripting

Cross-site scripting XSS vulnerability in WiredRed e/pop Web Conferencing 4.1.0.755 allows remote authenticated users to inject arbitrary web script or HTML via the topic name of a conference...

CVE-2006-0124

Cross-site scripting XSS vulnerability in crear.php in ADN Forum 1.0b allows remote attackers to inject arbitrary web script or HTML via the titulo parameter, which is used by the "Topic name" field...

CVE-2006-0124

Cross-site scripting XSS vulnerability in crear.php in ADN Forum 1.0b allows remote attackers to inject arbitrary web script or HTML via the titulo parameter, which is used by the "Topic name" field...