18 matches found
CVE-2026-32124
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, the dynamic code picker AJAX endpoint returns code descriptions codetext that are rendered in the front end e.g. DataTables without HTML escaping. If an administrator or user...
CVE-2026-32124 OpenEMR: Dynamic Code Picker Renders Unescaped Descriptions (Stored XSS)
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, the dynamic code picker AJAX endpoint returns code descriptions codetext that are rendered in the front end e.g. DataTables without HTML escaping. If an administrator or user...
CVE-2026-32124 OpenEMR: Dynamic Code Picker Renders Unescaped Descriptions (Stored XSS)
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, the dynamic code picker AJAX endpoint returns code descriptions codetext that are rendered in the front end e.g. DataTables without HTML escaping. If an administrator or user...
CVE-2026-32124
OpenEMR’s dynamic code picker (AJAX) endpoint returns code_text without HTML escaping prior to version 8.0.0.1, allowing stored XSS via a malicious description entered by an admin or a user with code management rights. The vulnerability affects the rendering in front-end components (e.g., DataTab...
OpenEMR 跨站脚本漏洞
OpenEMR is a set of open-source medical management systems developed by the OpenEMR community. This system can be used for medical practice management, electronic medical records, prescription writing, and medical billing applications. Versions of OpenEMR prior to 8.0.0.1 contained a cross-site...
SUSE CVE-2026-25935
Vikunja is a todo-app to organize your life. Prior to 1.1.0, TaskGlanceTooltip.vue temporarily creates a div and sets the innerHtml to the description. Since there is no escaping on either the server or client side, a malicious user can share a project, create a malicious task, and cause an XSS o...
EUVD-2026-9110
wpForo Forum 2.4.14 contains a stored cross-site scripting vulnerability that allows administrators to inject persistent JavaScript via forum description fields echoed without output escaping across multiple theme template files. On multisite installations or with a compromised admin account,...
CVE-2026-28561 wpForo Forum 2.4.14 Stored XSS via Unescaped Forum Description in Templates
wpForo Forum 2.4.14 contains a stored cross-site scripting vulnerability that allows administrators to inject persistent JavaScript via forum description fields echoed without output escaping across multiple theme template files. On multisite installations or with a compromised admin account,...
CVE-2026-28561
CVE-2026-28561 affects wpForo Forum 2.4.14 and is a stored cross-site scripting vulnerability. The issue arises from forum description fields being echoed without output escaping across multiple theme template files, allowing an attacker with-admin access or in multisite contexts to set a descrip...
CVE-2026-28561 wpForo Forum 2.4.14 Stored XSS via Unescaped Forum Description in Templates
wpForo Forum 2.4.14 contains a stored cross-site scripting vulnerability that allows administrators to inject persistent JavaScript via forum description fields echoed without output escaping across multiple theme template files. On multisite installations or with a compromised admin account,...
PT-2024-32814 · Unknown · Wikidiscover
Name of the Vulnerable Software and Affected Versions: WikiDiscover affected versions not specified Description: The issue concerns WikiDiscover, an extension for displaying wikis on a CreateWiki managed farm. A special page, Special:WikiDiscover, lists all wikis but fails to escape wiki names an...
CVE-2022-34778
Jenkins TestNG Results Plugin 554.va4a552116332 and earlier renders the unescaped test descriptions and exception messages provided in test results if certain job-level options are set, resulting in a cross-site scripting XSS vulnerability exploitable by attackers able to configure jobs or contro...
CVE-2022-34778
Jenkins TestNG Results Plugin 554.va4a552116332 and earlier renders the unescaped test descriptions and exception messages provided in test results if certain job-level options are set, resulting in a cross-site scripting XSS vulnerability exploitable by attackers able to configure jobs or contro...
PT-2022-22329 · Jenkins · Jenkins Testng Results Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins TestNG Results Plugin versions 554.va4a552116332 and earlier Description: The issue is related to a cross-site scripting XSS vulnerability. It occurs when the Jenkins TestNG Results Plugin renders unescaped test descriptions and...
credentials: Stored XSS vulnerabilities in jenkins plugin
A flaw was found in the Jenkins credentials plugin. The Jenkins credentials plugin does not escape the name and description of Credentials parameters on views displaying parameters. This issue results in a stored Cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure...
credentials: Stored XSS vulnerabilities in jenkins plugin
A flaw was found in the Jenkins credentials plugin. The Jenkins credentials plugin does not escape the name and description of Credentials parameters on views displaying parameters. This issue results in a stored Cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure...
PT-2022-20422 · Jenkins · Jenkins Random String Parameter Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Random String Parameter Plugin versions 1.0 and earlier Description: The issue results in a stored cross-site scripting XSS vulnerability. This occurs because the name and description of Random String parameters are not escaped on vie...
PT-2021-14665 · Jenkins · Jenkins Artifact Repository Parameter Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Artifact Repository Parameter Plugin versions 1.0.0 and earlier Description: The issue results in a stored cross-site scripting XSS vulnerability because parameter names and descriptions are not escaped. This vulnerability is...