2 matches found
CVE-2026-6740
CVE-2026-6740 affects the Nexter Blocks – Gutenberg Blocks, Page Builder & AI Website Builder plugin for WordPress. The vulnerability is a Stored XSS via the ‘commentIcon’ block attribute, caused by insufficient input sanitization and output escaping. It affects all versions up to and including 4...
CVE-2026-6493
A flaw has been found in lukevella rallly up to 4.7.4. This affects an unknown function of the file apps/web/src/app/locale/auth/reset-password/components/reset-password-form.tsx of the component Reset Password Handler. Executing a manipulation of the argument redirectTo can lead to cross site...