3 matches found
CVE-2026-59710 showdown - Stored XSS via Unescaped Table Header ID Attribute Injection
showdown contains a stored cross-site scripting vulnerability in the parseHeaders function of src/subParsers/makehtml/tables.js that fails to properly escape table header ID attributes. Attackers can inject arbitrary HTML and script-executing SVG elements through double-quote characters in markdo...
CVE-2025-67724 Tornado vulnerable to Header Injection and XSS via reason argument
Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, the supplied reason phrase is used unescaped in HTTP headers where it could be used for header injection or in HTML in the default error page where it could be used for XSS and can be exploited by...
WordPress Activity Log Plugin Cross-Site Scripting Vulnerability
WordPress is the WordPress Software Foundation of a set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers set up a personal blog site. activity Log plugin is used in one of the log plugin. A cross-site scripting vulnerability exists in WordPress...