CVE-2026-27013 Fabric.js Affected by Stored XSS via SVG Export

Fabric.js is a Javascript HTML5 canvas library. Prior to version 7.2.0, Fabric.js applies escapeXml to text content during SVG export src/shapes/Text/TextSVGExportMixin.ts:186 but fails to apply it to other user-controlled string values that are interpolated into SVG attribute markup. When...

SUSE CVE-2019-0221

The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a...

Querybook 跨站脚本漏洞

Querybook is an open source big data query UI for Pinterest. Querybook suffers from a cross-site scripting vulnerability that stems from not escaping fields in user-supplied data. An attacker exploits this vulnerability to execute a cross-site scripting exploit...

PeTeReport 跨站脚本漏洞

PeTeReport is an open source application vulnerability reporting tool. Designed to assist penetration testing/red team efforts by simplifying the task of report writing and generation, PeTeReport version 0.5 contains a cross-site scripting vulnerability that stems from the software's lack of...