10 matches found
PT-2026-54000
Name of the Vulnerable Software and Affected Versions GitHub Enterprise Server versions prior to 3.21 Description A stored cross-site scripting issue exists where an authenticated attacker can execute arbitrary JavaScript in another user's browser. This occurs by injecting a crafted payload into...
TYPO3 CMS has Cross-Site Scripting in Indexed Search
Problem Editors with access to create or modify page content were able to include HTML markup in page titles that were stored in the search index without sanitization. When displayed in frontend search results via the Indexed Search plugin, these titles were rendered without proper output encodin...
CVE-2026-47348 TYPO3 CMS - Cross-Site Scripting in Indexed Search
Editors with access to create or modify page content were able to include HTML markup in page titles that were stored in the search index without sanitization. When displayed in frontend search results via the Indexed Search plugin, these titles were rendered without proper output encoding,...
CVE-2026-47348 TYPO3 CMS - Cross-Site Scripting in Indexed Search
Editors with access to create or modify page content were able to include HTML markup in page titles that were stored in the search index without sanitization. When displayed in frontend search results via the Indexed Search plugin, these titles were rendered without proper output encoding,...
PT-2026-26360
Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2026.3.0-latest.1 Discourse versions prior to 2026.2.1 Discourse versions prior to 2026.1.2 Description Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, t...
CVE-2025-3650 jQuery Colorbox <= 4.6.3 - Contributor+ Stored XSS
The jQuery Colorbox WordPress plugin through 4.6.3 uses the colorbox library, which does not sanitize title attributes on links before using them, allowing users with at least the contributor role to conduct XSS attacks against administrators...
CVE-2025-3650 jQuery Colorbox <= 4.6.3 - Contributor+ Stored XSS
The jQuery Colorbox WordPress plugin through 4.6.3 uses the colorbox library, which does not sanitize title attributes on links before using them, allowing users with at least the contributor role to conduct XSS attacks against administrators...
PYSEC-2025-236
Mezzanine CMS, in versions prior to 6.1.1, contains a Stored Cross-Site Scripting XSS vulnerability in the admin interface. The vulnerability exists in the "displayablelinksjs" function, which fails to properly sanitize blog post titles before including them in JSON responses served via...
PYSEC-2025-236
Mezzanine CMS, in versions prior to 6.1.1, contains a Stored Cross-Site Scripting XSS vulnerability in the admin interface. The vulnerability exists in the "displayablelinksjs" function, which fails to properly sanitize blog post titles before including them in JSON responses served via...
CVE-2021-24529
The Grid Gallery – Photo Image Grid Gallery WordPress plugin before 1.2.5 does not properly sanitize the title field for image galleries when adding them via the admin dashboard, resulting in an authenticated Stored Cross-Site Scripting vulnerability...