8202 matches found
EUVD-2025-206653
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation Vector. This vulnerability is associated with program files resources/skins.Vector.Js/stickyHeader.Js. This issue affects Vector: from before 1.43.4, 1.44.1...
CVE-2025-61657
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation Vector. This vulnerability is associated with program files resources/skins.Vector.Js/stickyHeader.Js. This issue affects Vector: from before 1.43.4, 1.44.1...
CVE-2025-61657
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation Vector. This vulnerability is associated with program files resources/skins.Vector.Js/stickyHeader.Js. This issue affects Vector: from before 1.43.4, 1.44.1...
CVE-2025-61657
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation Vector. This vulnerability is associated with program files resources/skins.Vector.Js/stickyHeader.Js. This issue affects Vector: from before 1.43.4, 1.44.1...
CVE-2025-61657
CVE-2025-61657 is an XSS vulnerability in the Wikimedia Foundation Vector UI skin, specifically related to resources/skins.Vector.Js/stickyHeader.Js. Affected: Vector prior to 1.43.4 and 1.44.1. Root cause: improper neutralization of input during web page generation. Impact and exploitability are...
Wikimedia Vector 安全漏洞
Wikimedia Vector is a desktop interface interface of the Wikimedia Foundation. Versions of Wikimedia Vector prior to 1.43.4 and 1.44.1 contained security vulnerabilities, which were due to improper input handling and could lead to cross-site scripting attacks...
WordPress plugin Form Maker by 10Web 代码问题漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
PT-2026-6503
SiYuan Has a Stored Cross-Site Scripting XSS Vulnerability via Unrestricted SVG File Upload in github.com/siyuan-note/siyuan/kernel...
CVE-2025-6596
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation Vector. This vulnerability is associated with program files resources/skins.Vector.Js/portlets.Js, resources/skins.Vector.Legacy.Js/portlets.Js. This issue affects Vecto...
UBUNTU-CVE-2025-6596
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation Vector. This vulnerability is associated with program files resources/skins.Vector.Js/portlets.Js, resources/skins.Vector.Legacy.Js/portlets.Js. This issue affects Vecto...
CVE-2025-6596
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation Vector. This vulnerability is associated with program files resources/skins.Vector.Js/portlets.Js, resources/skins.Vector.Legacy.Js/portlets.Js. This issue affects Vecto...
CVE-2025-6596 Vector inserts portlet labels as HTML, allowing for stored XSS through system messages
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation Vector. This vulnerability is associated with program files resources/skins.Vector.Js/portlets.Js, resources/skins.Vector.Legacy.Js/portlets.Js. This issue affects Vecto...
CVE-2025-6596
CVE-2025-6596 affects Wikimedia Foundation Vector (MediaWiki skin). The issue is an XSS vulnerability in Vector’s portlets.Js files (resources/skins.Vector.Js/portlets.Js and resources/skins.Vector.Legacy.Js/portlets.Js) that affects Vector versions 1.40.0 and later, up to but not including 1.42....
openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing
A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax CMS message with an oversized Initialization Vector IV when parsing AuthEnvelopedData structures that use Authenticated Encryption with Associated...
OSV-2026-176 Container-overflow in std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=479922666 Crash type: Container-overflow READ Crash state: std::1::vector, std:: void std::1::vector, fillcommonheader...
Wikimedia Vector 安全漏洞
Wikimedia Vector is a desktop interface interface of the Wikimedia Foundation. There is a security vulnerability in Wikimedia Vector, which stems from improper input during web page generation, potentially leading to cross-site scripting attacks. The following versions are affected: versions 1.40...
Fedora: Security Advisory (FEDORA-2026-b7ad50870e)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2026-24889
soroban-sdk is a Rust SDK for Soroban contracts. Arithmetic overflow can be triggered in the Bytes::slice, Vec::slice, and Prng::genrange for u64 methods in the soroban-sdk in versions up to and including 25.0.1, 23.5.1, and 25.0.2. Contracts that pass user-controlled or computed range bounds to...
Cross-site Scripting (XSS)
Overview FluentCMS.Web.Plugins.Admin is a plugin for an ASP.NET Core Blazor Content Management System CMS Affected versions of this package are vulnerable to Cross-site Scripting XSS in the File Management module. An admin user can upload malicious SVG files to execute scripts in the browser of...
CVE-2025-15549
FluentCMS 2026 contains a stored cross-site scripting vulnerability that allows authenticated administrators to upload SVG files with embedded JavaScript via the File Management module. Attackers can upload malicious SVG files that execute JavaScript in the browser of any user accessing the...