CVE-2026-22256

Salvo is a Rust web backend framework. Prior to version 0.88.1, the function listhtml generate an file view of a folder which include a render of the current path, in which its inserted in the HTML without proper sanitation, this leads to reflected XSS using the fact that request path is decoded...

CVE-2026-22257 Salvo is vulnerable to stored XSS in the list_html function by uploading files with malicious names

Salvo is a Rust web backend framework. Prior to version 0.88.1, the function listhtml generates a file view of a folder without sanitizing the files or folders names, this may potentially lead to XSS in cases where a website allow the access to public files using this feature and anyone can uploa...

CVE-2026-22257

CVE-2026-22257 (Salvo) : The Rust web framework Salvo is vulnerable prior to 0.88.1 due to the list_html function in the serve-static directory not sanitizing file/folder names when generating a folder view. This can enable stored cross-site scripting (XSS) when a site serves public files and use...

CVE-2026-22256 Salvo is vulnerable to reflected XSS in the list_html function

Salvo is a Rust web backend framework. Prior to version 0.88.1, the function listhtml generate an file view of a folder which include a render of the current path, in which its inserted in the HTML without proper sanitation, this leads to reflected XSS using the fact that request path is decoded...

CVE-2026-22256 Salvo is vulnerable to reflected XSS in the list_html function

Salvo is a Rust web backend framework. Prior to version 0.88.1, the function listhtml generate an file view of a folder which include a render of the current path, in which its inserted in the HTML without proper sanitation, this leads to reflected XSS using the fact that request path is decoded...

CVE-2026-22256

CVE-2026-22256 (Salvo) : A reflected XSS vulnerability exists in Salvo before version 0.88.1, arising from the list_html function in the directory listing view. The code inserts the rendered current.path into an HTML title (and page content) without proper sanitization, while the request path is ...

CVE-2026-22256 Salvo is vulnerable to reflected XSS in the list_html function

Salvo is a Rust web backend framework. Prior to version 0.88.1, the function listhtml generate an file view of a folder which include a render of the current path, in which its inserted in the HTML without proper sanitation, this leads to reflected XSS using the fact that request path is decoded...

PT-2026-2187

Name of the Vulnerable Software and Affected Versions Salvo versions prior to 0.88.1 Description Salvo is a Rust web backend framework. The list html function generates a file view of a folder without sanitizing file or folder names. This can lead to Cross-Site Scripting XSS if a website allows...

PT-2026-2186

Name of the Vulnerable Software and Affected Versions Salvo versions prior to 0.88.1 Description Salvo is a Rust web backend framework. Prior to version 0.88.1, the list html function generates a file view of a folder, including a render of the current path. This path is inserted into the HTML...

Debian debian-goodies 注入漏洞

debian Debian GUN/Linux is a Linux operating system from the Debian community in the United States. The system has faster and easier memory management, open source software support, good system security, and high stability. A security vulnerability exists in debian-goodies version 0.88.1, which...

PT-2023-1670

Name of the Vulnerable Software and Affected Versions debian-goodies version 0.88.1 Description The issue is related to the debmany function in the debian-goodies package, which allows attackers to execute arbitrary shell commands due to an eval call. This can be achieved via a crafted .deb file...

DEBIAN-CVE-2006-1630

The clibitsetset function in libclamav/others.c in Clam AntiVirus ClamAV before 0.88.1 allows remote attackers to cause a denial of service via unspecified vectors that trigger an "invalid memory access."...