15 matches found
PT-2026-47194
Name of the Vulnerable Software and Affected Versions Cordova Plugin InAppBrowser versions 3.1.0 through 6.0.0 Description The iOS implementation of the InAppBrowser plugin fails to validate the id field from a WKScriptMessage body before passing it to the commandDelegate...
Cross-site Scripting (XSS)
Overview org.webjars.npm:trix is a Rich Text Editor. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the StringPiece.fromJSON function. An attacker can execute arbitrary JavaScript in the context of the victim's browser by tricking a user into dragging and droppin...
EUVD-2026-8831
Audiobookshelf is a self-hosted audiobook and podcast server. A cross-site scripting XSS vulnerability exists in versions prior to 0.12.0-beta of the Audiobookshelf mobile application that allows arbitrary JavaScript execution through malicious library metadata. Attackers with library modificatio...
PT-2026-22119
Name of the Vulnerable Software and Affected Versions Audiobookshelf versions prior to 0.12.0-beta Description Audiobookshelf is a self-hosted audiobook and podcast server. A cross-site scripting XSS issue exists in versions of the Audiobookshelf mobile application prior to version 0.12.0-beta...
CVE-2025-65791
ZoneMinder v1.36.34 is vulnerable to Command Injection in web/views/image.php. The application passes unsanitized user input directly to the exec function. NOTE: this is disputed by the Supplier because there is no unsanitized user input to web/views/image.php...
CVE-2026-21618 Cross-site scripting (XSS) in OAuth Device Authorization screen
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in hexpm hexpm/hexpm 'Elixir.HexpmWeb.SharedAuthorizationView' modules allows Cross-Site Scripting XSS. This vulnerability is associated with program files...
CVE-2025-32413
Vulnerability-Lookup before 2.7.1 allows stored XSS via a user bio in website/web/views/user.py...
GHSA-8QWH-RM6C-JV96 Oxidized Web vulnerable to Cross-site Scripting
A vulnerability was found in ytti Oxidized Web. It has been classified as problematic. Affected is an unknown function of the file lib/oxidized/web/views/confsearch.haml. The manipulation of the argument toresearch leads to cross site scripting. It is possible to launch the attack remotely. The...
CVE-2019-14449
An issue was discovered in Cloudera Manager 5.x before 5.16.2, 6.0.x before 6.0.2, and 6.1.x before 6.1.1. Malicious impala queries can result in Cross Site Scripting XSS when viewed within this product...
CVE-2019-7325
Reflected Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, as multiple views under web/skins/classic/views insecurely utilize $REQUEST'PHPSELF', without applying any proper filtration...
DEBIAN-CVE-2019-7325
Reflected Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, as multiple views under web/skins/classic/views insecurely utilize $REQUEST'PHPSELF', without applying any proper filtration...
Fedora 28 : webkit2gtk3 (2018-509fc4a5c8)
This update addresses the following vulnerability : - CVE-2018-4345 This update brings the following changes : - Many improvements and fixes for video playback with media source extensions MSE, which improve the user experience across the board, and in particular for playback of WebM videos. - Fi...
ZoneMinder 'web/views/file.php' local file inclusion vulnerability
Zoneminder is an open source web application on a centralized server that, in versions 1.0-1.30.0, allows authenticated attackers to read the local file system e.g., /etc/passwd...
CVE-2016-1780
WebKit in Apple iOS before 9.3 does not prevent hidden web views from reading orientation and motion data, which allows remote attackers to obtain sensitive information about a device's physical environment via a crafted web site...
UBUNTU-CVE-2016-1780
WebKit in Apple iOS before 9.3 does not prevent hidden web views from reading orientation and motion data, which allows remote attackers to obtain sensitive information about a device's physical environment via a crafted web site...