19 matches found
SUSE CVE-2026-39881
Vim is an open source, command line text editor. Prior to 9.2.0316, a command injection vulnerability in Vim's netbeans interface allows a malicious netbeans server to execute arbitrary Ex commands when Vim connects to it, via unsanitized strings in the defineAnnoType and specialKeys protocol...
CVE-2026-39881
Vim is an open source, command line text editor. Prior to 9.2.0316, a command injection vulnerability in Vim's netbeans interface allows a malicious netbeans server to execute arbitrary Ex commands when Vim connects to it, via unsanitized strings in the defineAnnoType and specialKeys protocol...
ALPINE-CVE-2026-39881
Vim is an open source, command line text editor. Prior to 9.2.0316, a command injection vulnerability in Vim's netbeans interface allows a malicious netbeans server to execute arbitrary Ex commands when Vim connects to it, via unsanitized strings in the defineAnnoType and specialKeys protocol...
CVE-2026-39881 Vim Ex command injection in Vims NetBeans integration
Vim is an open source, command line text editor. Prior to 9.2.0316, a command injection vulnerability in Vim's netbeans interface allows a malicious netbeans server to execute arbitrary Ex commands when Vim connects to it, via unsanitized strings in the defineAnnoType and specialKeys protocol...
CVE-2026-39881
Vim is an open source, command line text editor. Prior to 9.2.0316, a command injection vulnerability in Vim's netbeans interface allows a malicious netbeans server to execute arbitrary Ex commands when Vim connects to it, via unsanitized strings in the defineAnnoType and specialKeys protocol...
Linux Distros Unpatched Vulnerability : CVE-2026-39881
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vim is an open source, command line text editor. Prior to 9.2.0316, a command injection vulnerability in Vim's netbeans interface allows a malicious netbeans...
CVE-2025-53480 CheckUser: Reflected Cross-Site Scripting (XSS) in Special:Investigate (Account information tab) via unsanitized i18n messages
The CheckUser extension’s Special:Investigate page has a vulnerability in the Account information tab, where specific internationalized messages are rendered without proper escaping. Attackers can exploit this by appending ?uselang=x-xss to the URL, causing reflected XSS when the UI renders...
CVE-2025-53487 ApprovedRevs: Stored Cross-Site Scripting (XSS) via unsanitized system messages
The ApprovedRevs extension for MediaWiki is vulnerable to stored XSS in multiple locations where system messages are inserted into raw HTML without proper escaping. Attackers can exploit this by injecting JavaScript payloads via the uselang=x-xss language override, which causes crafted message ke...
CVE-2025-53487 ApprovedRevs: Stored Cross-Site Scripting (XSS) via unsanitized system messages
The ApprovedRevs extension for MediaWiki is vulnerable to stored XSS in multiple locations where system messages are inserted into raw HTML without proper escaping. Attackers can exploit this by injecting JavaScript payloads via the uselang=x-xss language override, which causes crafted message ke...
starcitizentools/citizen-skin allows stored XSS in preference menu heading messages
Summary Various preferences messages are inserted into raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. Details The innerHtml of the label div is set to the textContent of the label, essentially unsanitizing the system messages:...
CVE-2021-32607
An issue was discovered in Smartstore aka SmartStoreNET through 4.1.1. Views/PrivateMessages/View.cshtml does not call HtmlUtils.SanitizeHtml on a private message...
PT-2025-12262 · Vllm · Vllm
Name of the Vulnerable Software and Affected Versions: vllm-project vllm version 0.6.0 Description: The issue concerns a vulnerability in the AsyncEngineRPCServer RPC server entrypoints. The core functionality run server loop calls the function make handler coro, which directly uses...
CVE-2024-56527
An issue was discovered in TCPDF before 6.8.0. The Error function lacks an htmlspecialchars call for the error message...
CVE-2024-6243
The HTML Forms WordPress plugin before 1.3.33 does not sanitize and escape the form message inputs, allowing high-privilege users, such as administrators, to perform Stored Cross-Site Scripting XSS attacks even when the unfilteredhtml capability is disabled...
Cross site scripting
BigBlueButton is an open-source virtual classroom. Prior to versions 2.6.11 and 2.7.0-beta.3, Guest Lobby was vulnerable to cross-site scripting when users wait to enter the meeting due to inserting unsanitized messages to the element using unsafe innerHTML. Text sanitizing was added for lobby...
CVE-2023-43797 BigBlueButton Stored Cross-site Scripting vulnerability at Guest Lobby
BigBlueButton is an open-source virtual classroom. Prior to versions 2.6.11 and 2.7.0-beta.3, Guest Lobby was vulnerable to cross-site scripting when users wait to enter the meeting due to inserting unsanitized messages to the element using unsafe innerHTML. Text sanitizing was added for lobby...
PT-2023-28989 · Unknown · Bigbluebutton
Name of the Vulnerable Software and Affected Versions: BigBlueButton versions prior to 2.6.11 BigBlueButton versions prior to 2.7.0-beta.3 Description: The issue affects BigBlueButton, an open-source virtual classroom, where the Guest Lobby is vulnerable to cross-site scripting. This occurs when...
PT-2021-23483 · Mediawiki +1 · Mediawiki +1
Name of the Vulnerable Software and Affected Versions: MediaWiki versions through 1.36.2 Description: An issue was discovered in the Mentor dashboard in the GrowthExperiments extension where certain MediaWiki messages were not properly sanitized. This allowed for the injection and execution of HT...
CVE-2020-14225
HCL iNotes is susceptible to a Tabnabbing vulnerability caused by improper sanitization of message content. A remote unauthenticated attacker could use this vulnerability to trick the end user into entering sensitive information such as credentials, e.g. as part of a phishing attack...