Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the user name field. An attacker can execute arbitrary code in the context of any user who passively visits a comment page by injecting malicious scripts. Details Cross-site scripting or XSS is a code...

CVE-2026-23891

Decidim is a participatory democracy framework. In versions below 0.30.5 and 0.31.0.rc1 through 0.31.0, a stored code execution vulnerability in the user name field allows a low-privileged attacker to execute arbitrary code in the context of any user who passively visits a comment page, resulting...

CVE-2026-23891

Summary (CVE-2026-23891, Decidim) : A stored code execution vulnerability exists in the user name field for Decidim versions

Decidim has a cross-site scripting (XSS) in user name

Impact A stored code execution vulnerability in the user name field allows a low-privileged attacker to execute arbitrary code in the context of any user who passively visits a comment page, resulting in high confidentiality and integrity impact across security boundaries. Patches N/A Workarounds...

PT-2026-32446

Name of the Vulnerable Software and Affected Versions Decidim versions prior to 0.30.5 Decidim versions 0.31.0.rc1 through 0.31.0 Description A stored code execution issue in the user name field allows a low-privileged attacker to execute arbitrary code in the context of any user who passively...

CVE-2025-60859

Cross Site Scripting XSS vulnerability in Gnuboard 5.6.15 allows authenticated attackers to execute arbitrary code via crafted cid parameter in bbs/viewcomment.php...

EUVD-2025-28128

Malicious code in bioql PyPI...

bismilhaber.com XSS vulnerability

Vulnerable URL: http://www.bismilhaber.com/xcommentpage.php?jsoncallback=prompt/OPENBUGBOUNTY/...

ilkehaber.com XSS vulnerability

Vulnerable URL: http://www.ilkehaber.com/xcommentpage.php?jsoncallback=prompt/OPENBUGBOUNTY/...

SQL Injection Vulnerability in hdwiki comment.php Page

Interactive Wiki open source system HDwiki is a Chinese wiki Wiki system with independent intellectual property rights. A SQL injection vulnerability exists in the hdwiki comment.php page. An attacker can exploit the vulnerability to directly manipulate the website database...

phpcms 2 0 0 8 sp4 comment. php page SQL injection vulnerability analysis-vulnerability warning-the black bar safety net

phpcms 2 0 0 8 sp4 comment. the php pageSQL injectionvulnerability analysis Published date: 2010-08. 1 4 Published date: 2010-08. 1 4 Publishing author: failure Aberdeen Affected versions: phpcms 2 0 0 8 sp4 Official address: www.phpcms.cn Vulnerability description: The...

OZJournal v1.5 - XSS

OZJournal v1.5 Homepage: http://ozjournals.awardspace.com/index.php Affected files: search input box index.php viewing archives show comment page ---------------------------------------- XSS vulnerability via search input box: Data isn't properly sanatized before being displayed. For a PoC in the...