90 matches found
EUVD-2026-16417
Lychee is a free, open-source photo-management tool. Prior to version 7.5.3, the photo description field is stored without HTML sanitization and rendered using !! $item-summary !! Blade unescaped output in the RSS, Atom, and JSON feed templates. The /feed endpoint is publicly accessible without...
CVE-2026-33301
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, users with the Notes - my encounters role can fill Eye Exam forms in patient encounters. The answers to the form can be printed out in PDF form. An arbitrary file read...
Filament 安全漏洞
Filament is a set of open-source full-stack components developed by Filament, designed to accelerate Laravel development. Versions 4.0.0 to 4.8.4, as well as 5.0.0 to 5.3.4, have security vulnerabilities. These vulnerabilities stem from two Filament Table summarizers not being escaped HTML...
CVE-2026-33321
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, users with the Notes - my encounters role can fill Eye Exam forms in patient encounters. The answers to the form can be printed out in PDF form. An Out-of-Band Server-Side...
CVE-2026-33321 OpenEMR has Out-of-Band Server-Side Request Forgery (OOB SSRF)
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, users with the Notes - my encounters role can fill Eye Exam forms in patient encounters. The answers to the form can be printed out in PDF form. An Out-of-Band Server-Side...
CVE-2026-33301 OpenEMR has arbitrary image file read via PDF generator
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, users with the Notes - my encounters role can fill Eye Exam forms in patient encounters. The answers to the form can be printed out in PDF form. An arbitrary file read...
PT-2026-25826
Name of the Vulnerable Software and Affected Versions SiYuan versions 3.6.0 and below SiYuan versions prior to 3.6.1 Description SiYuan is a personal knowledge management system. The mobile file tree component MobileFiles.ts renders notebook names using innerHTML without proper HTML escaping when...
ha-mcp has XSS via Unescaped HTML in OAuth Consent Form
Summary The ha-mcp OAuth consent form renders user-controlled parameters via Python f-strings with no HTML escaping. An attacker who can reach the OAuth endpoint and convince the server operator to follow a crafted authorization URL could execute JavaScript in the operator's browser. This affects...
CVE-2026-32112 ha-mcp has XSS via Unescaped HTML in OAuth Consent Form
ha-mcp is a Home Assistant MCP Server. Prior to 7.0.0, the ha-mcp OAuth consent form renders user-controlled parameters via Python f-strings with no HTML escaping. An attacker who can reach the OAuth endpoint and convince the server operator to follow a crafted authorization URL could execute...
CVE-2026-32112
ha-mcp (Home Assistant MCP Server) is affected prior to 7.0.0 by an XSS vulnerability in the OAuth consent form. The issue arises because the consent form renders user-controlled parameters using Python f-strings without HTML escaping, allowing an attacker who can reach the OAuth endpoint and ind...
CVE-2026-32112 ha-mcp has XSS via Unescaped HTML in OAuth Consent Form
ha-mcp is a Home Assistant MCP Server. Prior to 7.0.0, the ha-mcp OAuth consent form renders user-controlled parameters via Python f-strings with no HTML escaping. An attacker who can reach the OAuth endpoint and convince the server operator to follow a crafted authorization URL could execute...
CVE-2026-30830
Summary of technical details (Defuddle CVE-2026-30830): The vulnerability arises in the findContentBySchemaText path of Defuddle (src/defuddle.ts) where image src and alt attributes are interpolated into HTML via a string template without escaping. If the image’s alt attribute contains a quotatio...
OpenClaw has stored XSS in exported session HTML viewer via markdown/raw-HTML rendering
Summary The exported session HTML viewer allowed stored XSS when untrusted session content included raw HTML markdown tokens or unescaped metadata fields. Impact Opening a crafted exported HTML session could execute attacker-controlled JavaScript in the viewer context. This can expose session...
EUVD-2026-9069
PMD Designer has Stored XSS in VBHTMLRenderer and YAHTMLRenderer via unescaped violation messages...
Cross-site Scripting (XSS)
Overview net.sourceforge.pmd:pmd-core is an extensible multilanguage static code analyzer. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the vbhtml or yahtml report formats, which include rule violation messages in HTML output, in renderFileViolations and...
CVE-2026-28338
PMD is an extensible multilanguage static code analyzer. Prior to version 7.22.0, PMD's vbhtml and yahtml report formats insert rule violation messages into HTML output without escaping. When PMD analyzes untrusted source code containing crafted string literals, the generated HTML report contains...
GHSA-M4G2-2Q66-VC9V Vikunja Vulnerable to XSS Via Task Preview
Summary The task preview component creates a unparented div. The div's innerHtml is set to the unescaped description of the task Details In the TaskGlanceTooltip.vue it temporarily creates a div and sets the innerHtml to the description here. Since there is no escaping on either the server or...
CVE-2025-66460 Lookyloo vulnerable to XSS due to lack of escaping in HTML elements passed to Datatables
Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other. Prior to 1.35.3, Lookyloo passed improperly escaped values to cells rendered in datatables using the orthogonal-data feature. It is definitely exploitable from the popu...
CVE-2025-66460 Lookyloo vulnerable to XSS due to lack of escaping in HTML elements passed to Datatables
Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other. Prior to 1.35.3, Lookyloo passed improperly escaped values to cells rendered in datatables using the orthogonal-data feature. It is definitely exploitable from the popu...
CVE-2025-64744
OpenObserve is a cloud-native observability platform. In versions up to and including 0.16.1, when creating or renaming an organization with HTML in the name, the markup is rendered inside the invitation email. This indicates that user-controlled input is inserted into the email template without...