3656 matches found
PT-2026-21571
Name of the Vulnerable Software and Affected Versions xingfuggz BaykeShop versions up to 1.3.20 Description A security issue exists in xingfuggz BaykeShop, specifically within the Article Sidebar Module. Manipulation of the sidebar.content argument in the file...
CVE-2026-2946 rymcu forest Article Content/Comments/Portfolio XssUtils.java XssUtils.replaceHtmlCode cross site scripting
A security vulnerability has been detected in rymcu forest up to 0.0.5. Affected by this issue is the function XssUtils.replaceHtmlCode of the file src/main/java/com/rymcu/forest/util/XssUtils.java of the component Article Content/Comments/Portfolio. The manipulation leads to cross site scripting...
CVE-2026-2946
A security vulnerability has been detected in rymcu forest up to 0.0.5. Affected by this issue is the function XssUtils.replaceHtmlCode of the file src/main/java/com/rymcu/forest/util/XssUtils.java of the component Article Content/Comments/Portfolio. The manipulation leads to cross site scripting...
CVE-2026-2825
A vulnerability has been found in rachelos WeRSS we-mp-rss up to 1.4.8. This impacts the function fixhtml of the file tools/fix.py of the component Article Module. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the...
CVE-2026-2735
Stored Cross-Site Scripting XSS in Alkacon's OpenCms v18.0, which occurs when user input is not properly validated when sending a POST request to ‘/blog/new-article/org.opencms.ugc.CmsUgcEditService.gwt’ using the ‘text’ parameter...
CVE-2026-2825
A vulnerability has been found in rachelos WeRSS we-mp-rss up to 1.4.8. This impacts the function fixhtml of the file tools/fix.py of the component Article Module. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the...
CVE-2026-2825 rachelos WeRSS we-mp-rss Article fix.py fix_html cross site scripting
A vulnerability has been found in rachelos WeRSS we-mp-rss up to 1.4.8. This impacts the function fixhtml of the file tools/fix.py of the component Article Module. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the...
CVE-2026-2825
A vulnerability has been found in rachelos WeRSS we-mp-rss up to 1.4.8. This impacts the function fixhtml of the file tools/fix.py of the component Article Module. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the...
CVE-2026-2825 rachelos WeRSS we-mp-rss Article fix.py fix_html cross site scripting
A vulnerability has been found in rachelos WeRSS we-mp-rss up to 1.4.8. This impacts the function fixhtml of the file tools/fix.py of the component Article Module. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the...
CVE-2026-2825
CVE-2026-2825 affects WeRSS we-mp-rss up to 1.4.8, specifically the Article Module’s tools/fix.py fix_html function. The vulnerability enables cross-site scripting (XSS) via manipulated input, with remote initiation possible. The exploit has been disclosed publicly. The provided documents do not ...
WeRSS 代码注入漏洞
WeRSS is a WeChat official account system developed by Rachel. Versions of WeRSS 1.4.8 and earlier had a code injection vulnerability. This vulnerability originated from a cross-site scripting issue in the fixhtml function within the Article Module component’s files in tools/fix.py...
PT-2026-21001
A vulnerability has been found in rachelos WeRSS we-mp-rss up to 1.4.8. This impacts the function fix html of the file tools/fix.py of the component Article Module. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to th...
Azure File Sync Agent v22.1 Release – February 2026 (KB5080681)
Update Rollup for Azure File Sync agent version 22.1.0.0. For more details, see the associated Microsoft Knowledge Base article...
Azure File Sync Agent v22.1 Release – February 2026 (KB5080681)
Update Rollup for Azure File Sync agent version 22.1.0.0. For more details, see the associated Microsoft Knowledge Base article...
UBUNTU-CVE-2025-71242
SPIP before 4.3.6, 4.2.17, and 4.1.20 allows unauthorized content disclosure in the private area. The application does not properly check authorization when displaying content of articles and sections rubriques in AJAX-loaded fragments, allowing an authenticated attacker to access restricted...
CVE-2026-2735 Stored Cross-Site Scripting (XSS) vulnerability in Alkacon's OpenCms
Stored Cross-Site Scripting XSS in Alkacon's OpenCms v18.0, which occurs when user input is not properly validated when sending a POST request to ‘/blog/new-article/org.opencms.ugc.CmsUgcEditService.gwt’ using the ‘text’ parameter...
CVE-2026-2735 Stored Cross-Site Scripting (XSS) vulnerability in Alkacon's OpenCms
Stored Cross-Site Scripting XSS in Alkacon's OpenCms v18.0, which occurs when user input is not properly validated when sending a POST request to ‘/blog/new-article/org.opencms.ugc.CmsUgcEditService.gwt’ using the ‘text’ parameter...
CVE-2026-2735
Stored Cross-Site Scripting XSS in Alkacon's OpenCms v18.0, which occurs when user input is not properly validated when sending a POST request to ‘/blog/new-article/org.opencms.ugc.CmsUgcEditService.gwt’ using the ‘text’ parameter...
CVE-2026-2622
A vulnerability was detected in Blossom up to 1.17.1. This vulnerability affects the function content of the file blossom-backend/backend/src/main/java/com/blossom/backend/server/article/draft/ArticleController.java of the component Article Title Handler. The manipulation results in cross site...
Alkacon OpenCMS 跨站脚本漏洞
Alkacon OpenCMS is a content management system developed by Alkacon Corporation. Version 18.0 of Alkacon OpenCMS contains a cross-site scripting vulnerability. This vulnerability arises from improper input validation of the text parameter when sending a POST request to...