Remote Code Execution (RCE)

LiteLLM is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe rendering of user-supplied prompt templates in the POST /prompts/test endpoint without sandboxing, allowing authenticated users to execute arbitrary code within the LiteLLM Proxy process and potentially access...

WordPress plugin Sky Addons 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

netbox-data-flows has stored XSS in ObjectAlias names rendered inside DataFlow tables

Summary An authenticated user who can create or edit ObjectAlias objects can store arbitrary HTML/JavaScript in an alias name. That payload is later rendered unescaped in DataFlow table views, causing a stored XSS when another user views the affected page. Details The issue is caused by unsafe HT...

GHSA-F5P7-2C9Q-8896 phpMyFAQ has Stored XSS in FAQ Question/Answer via Encode-Decode Bypass of removeAttributes() Sanitization

Summary The FAQ creation and update endpoints in phpMyFAQ apply FILTERSANITIZESPECIALCHARS which HTML-encodes input, then immediately call htmlentitydecode which reverses the encoding, followed by Filter::removeAttributes which only strips HTML attributes — not tags. This allows , , , and tags to...

CVE-2026-41241 pretalx: Stored cross-site scripting in organiser search typeahead

pretalx is a conference planning tool. Prior to 2026.1.0, The organiser search in the pretalx backend rendered submission titles, speaker display names, and user names/emails into the result dropdown using innerHTML string interpolation. Any user who controls one of those fields which includes an...

Remote Code Execution (RCE)

Giskard is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe rendering of user-controlled input using Jinja2 Template without validation, which allows an attacker to execute arbitrary code through crafted rule definitions...

CVE-2026-33436

Stirling-PDF (a local web app for PDF operations) is vulnerable in versions prior to 2.0.0 where file upload endpoints render user-supplied filenames directly into HTML with unsafe methods (e.g., innerHTML) without sanitization. An attacker can supply a filename containing JavaScript, triggering ...

PT-2026-33300

Stored XSS via Unescaped License Attribution Fields Summary The AbstractLicenseModel.attribution link property in wger/utils/models.py constructs HTML strings by directly interpolating user-controlled fields license author, license title, license object url, license author url, license derivative...

PT-2026-30012

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. affected versions not specified Description The application does not properly sanitize user-controlled input when updating profile names, allowing an attacker to inject a malicious JavaScript payload. Thi...

Budibase 跨站脚本漏洞

Budibase is an open-source platform developed by Budibase in the UK. It allows for the creation of internal applications, workflows, and management panels within minutes. Versions of Budibase prior to 3.32.5 contained a cross-site scripting vulnerability. This vulnerability stemmed from the use o...

Cross-site Scripting (XSS)

Overview ci4-cms-erp/ci4ms is a composer create-project ci4-cms-erp/ci4ms Affected versions of this package are vulnerable to Cross-site Scripting XSS via the backup filename field during backup upload and processing. An attacker can execute arbitrary JavaScript in the browsers of privileged user...

GHSA-R4V5-RWR2-Q7R4 CI4MS: Logs Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS

Summary Vulnerability: Stored DOM Blind XSS via Logs Interface Rendering Administrative Context Execution - Stored Cross-Site Scripting Blind XSS via Unsafe Rendering of User-Controlled Logged Data Description The application renders user-controlled input unsafely within the logs interface. If an...

CVE-2026-33664

Kestra is an open-source, event-driven orchestration platform Versions up to and including 1.3.3 render user-supplied flow YAML metadata fields — description, inputs.displayName, inputs.description — through the Markdown.vue component instantiated with html: true. The resulting HTML is injected...

EUVD-2026-12085

JumpServer is an open source bastion host and an operation and maintenance security audit system. a Server-Side Template Injection SSTI vulnerability exists in JumpServer's Applet and VirtualApp upload functionality. This vulnerability can only be exploited by users with administrative privileges...

GHSA-VGVF-M4FW-938J Gogs: Stored XSS in branch and wiki views through author and committer names

Summary Stored XSS is still possible through unsafe template rendering that mixes user input with safe plus permissive sanitizer handling of data URLs. Details safe still turns off escaping: - internal/template/template.go - func saferaw string template.HTML return template.HTMLraw Branch pages...

MobSF has Stored XSS via Manifest Analysis - Dialer Code Host Field

Summary A Stored Cross-site Scripting XSS vulnerability in MobSF's Android manifest analysis allows an attacker to execute arbitrary JavaScript in the context of a victim's browser session by uploading a malicious APK. The android:host attribute from elements is rendered in HTML reports without...

PT-2026-4843

Name of the Vulnerable Software and Affected Versions MobSF versions prior to 4.4.5 Description MobSF, a mobile application security testing tool, contains a Stored Cross-site Scripting XSS vulnerability in its Android manifest analysis feature. This flaw allows an attacker to execute arbitrary...

CVE-2025-70458

A DOM-based Cross-Site Scripting XSS vulnerability exists in the DomainCheckerApp class within domain/script.js of Sourcecodester Domain Availability Checker v1.0. The vulnerability occurs because the application improperly handles user-supplied data in the createResultElement method by using the...

CVE-2026-23630

Docmost is open-source collaborative wiki and documentation software. In versions 0.3.0 through 0.23.2, Mermaid code block rendering is vulnerable to stored Cross-Site Scripting XSS. The frontend can render attacker-controlled Mermaid diagrams using mermaid.render, then inject the returned SVG/HT...

CVE-2026-23630

Docmost is open-source collaborative wiki and documentation software. In versions 0.3.0 through 0.23.2, Mermaid code block rendering is vulnerable to stored Cross-Site Scripting XSS. The frontend can render attacker-controlled Mermaid diagrams using mermaid.render, then inject the returned SVG/HT...