48 matches found
BIT-DISCOURSE-2026-27166 Discourse vulnerable to HTML injection via prohibited iframe URLs
Discourse is an open source discussion platform. Prior to versions 2026.3.0, 2026.2.1 and 2026.1.2, insufficient cleanup in the default Codepen allowed iframes value allows an attacker to trick a user into changing the URL of the main page. This issue has been fixed in versions 2026.3.0, 2026.2.1...
CVE-2026-27166
Discourse is an open source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1 and 2026.1.2, insufficient cleanup in the default Codepen allowed iframes value allows an attacker to trick a user into changing the URL of the main page. This issue has been fixed in versions...
CVE-2026-27166
Discourse is an open source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1 and 2026.1.2, insufficient cleanup in the default Codepen allowed iframes value allows an attacker to trick a user into changing the URL of the main page. This issue has been fixed in versions...
CVE-2026-27166 Discourse vulnerable to HTML injection via prohibited iframe URLs
Discourse is an open source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1 and 2026.1.2, insufficient cleanup in the default Codepen allowed iframes value allows an attacker to trick a user into changing the URL of the main page. This issue has been fixed in versions...
EUVD-2026-13187
Discourse is an open source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1 and 2026.1.2, insufficient cleanup in the default Codepen allowed iframes value allows an attacker to trick a user into changing the URL of the main page. This issue has been fixed in versions...
CVE-2026-27166
CVE-2026-27166 (Discourse) : Vulnerability in the default Codepen iframe handling where insufficient cleanup allowed an attacker to cause a user to change the main page URL. Affected software: Discourse before versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2. Root cause: improper filtering/clea...
CVE-2026-27166 Discourse vulnerable to HTML injection via prohibited iframe URLs
Discourse is an open source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1 and 2026.1.2, insufficient cleanup in the default Codepen allowed iframes value allows an attacker to trick a user into changing the URL of the main page. This issue has been fixed in versions...
CVE-2026-27166
Discourse is an open source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1 and 2026.1.2, insufficient cleanup in the default Codepen allowed iframes value allows an attacker to trick a user into changing the URL of the main page. This issue has been fixed in versions...
CVE-2026-27166 Discourse vulnerable to HTML injection via prohibited iframe URLs
Discourse is an open source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1 and 2026.1.2, insufficient cleanup in the default Codepen allowed iframes value allows an attacker to trick a user into changing the URL of the main page. This issue has been fixed in versions...
PT-2026-26341
Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2026.3.0-latest.1 Discourse versions prior to 2026.2.1 Discourse versions prior to 2026.1.2 Description Discourse is an open source discussion platform. Insufficient cleanup in the default Codepen allowed iframes...
EUVD-2025-17469
Malicious code in bioql PyPI...
EUVD-2024-44869
Malicious code in bioql PyPI...
EUVD-2025-18926
Malicious code in bioql PyPI...
EUVD-2024-36916
Malicious code in bioql PyPI...
WordPress CodePen Embed Block plugin cross-site scripting vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress CodePen Embed Block plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of...
CVE-2025-50023
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Chris Coyier CodePen Embed Block codepen-embed-block allows Stored XSS.This issue affects CodePen Embed Block: from n/a through = 1.2.0...
CVE-2025-50023
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Chris Coyier CodePen Embed Block codepen-embed-block allows Stored XSS.This issue affects CodePen Embed Block: from n/a through = 1.2.0...
CVE-2025-50023
CVE-2025-50023 refers to a stored XSS vulnerability in the WordPress CodePen Embed Block (CodePen Embed Block) caused by improper neutralization of input during web page generation. Affected version range is up to 1.1.1 (per NVD/related records). Targeted component: CodePen Embed Block; vulnerabi...
CVE-2025-50023 WordPress CodePen Embed Block plugin <= 1.2.0 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Chris Coyier CodePen Embed Block codepen-embed-block allows Stored XSS.This issue affects CodePen Embed Block: from n/a through = 1.2.0...
CVE-2025-50023 WordPress CodePen Embed Block plugin <= 1.2.0 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Chris Coyier CodePen Embed Block codepen-embed-block allows Stored XSS.This issue affects CodePen Embed Block: from n/a through = 1.2.0...