3860 matches found
WeKan 安全漏洞
WeKan is a Kanban application from WeKan open source. WeKan suffers from a security vulnerability that can be exploited by an attacker to spoof the author of a recorded comment by providing another user's identifier...
CVE-2019-25301
Millhouse-Project 1.414 contains a persistent cross-site scripting vulnerability in the comment submission functionality that allows attackers to inject malicious scripts. Attackers can post comments with embedded JavaScript through the 'content' parameter in addcommentsql.php to execute arbitrar...
CVE-2019-25301
Millhouse-Project 1.414 contains a persistent cross-site scripting vulnerability in the comment submission functionality that allows attackers to inject malicious scripts. Attackers can post comments with embedded JavaScript through the 'content' parameter in addcommentsql.php to execute arbitrar...
CVE-2019-25301 thrsrossi Millhouse-Project 1.414 - 'content' Persistent Cross-Site Scripting
Millhouse-Project 1.414 contains a persistent cross-site scripting vulnerability in the comment submission functionality that allows attackers to inject malicious scripts. Attackers can post comments with embedded JavaScript through the 'content' parameter in addcommentsql.php to execute arbitrar...
CVE-2019-25301
CVE-2019-25301 describes a persistent cross-site scripting vulnerability in Millhouse-Project 1.414. The issue occurs in the comment submission functionality, where malicious scripts can be injected through the content parameter handled by the file add_comment_sql.php , allowing arbitrary scripts...
EUVD-2019-19399
Millhouse-Project 1.414 contains a persistent cross-site scripting vulnerability in the comment submission functionality that allows attackers to inject malicious scripts. Attackers can post comments with embedded JavaScript through the 'content' parameter in addcommentsql.php to execute arbitrar...
CVE-2026-25578
Navidrome is an open source web-based music collection server and streamer. Prior to version 0.60.0, a cross-site scripting vulnerability in the frontend allows a malicious attacker to inject code through the comment metadata of a song to exfiltrate user credentials. This issue has been patched i...
PT-2026-6740
Millhouse-Project 1.414 contains a persistent cross-site scripting vulnerability in the comment submission functionality that allows attackers to inject malicious scripts. Attackers can post comments with embedded JavaScript through the 'content' parameter in add comment sql.php to execute...
Millhouse-Project 跨站脚本漏洞
Millhouse-Project is a blog page developed by Thérèse Scott Rossi as an individual project. Version 1.414 of Millhouse-Project has a cross-site scripting vulnerability. This vulnerability stems from a storage-based cross-site scripting feature in the comment submission function, which may allow...
CVE-2026-21393
Movable Type contains a stored cross-site scripting vulnerability in Edit Comment. If crafted input is stored by an attacker, arbitrary script may be executed on a logged-in user's web browser. Note that Movable Type 7 series and 8.4 series, which are End-of-Life EOL, are affected by the...
AZL-78937 CVE-2025-61732 affecting package golang 1.25.7-1
A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary...
CVE-2025-61732
A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary...
AZL-76688 CVE-2025-61732 affecting package golang 1.26.0-1
A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary...
DEBIAN-CVE-2025-61732
A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary...
AZL-76743 CVE-2025-61732 affecting package msft-golang 1.24.13-1
A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary...
CVE-2025-61732 Potential code smuggling via doc comments in cmd/cgo
A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary...
CVE-2025-61732
A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary...
CVE-2025-61732
CVE-2025-61732 involves a discrepancy in how Go and C/C++ comments are parsed, enabling code smuggling into the resulting cgo binary. Multiple connected sources confirm the issue affects Go/cgo workflows and documents the vulnerability with a CVSSv3.1 base score of 8.6 (HIGH) and local attack vec...
EUVD-2025-206866
A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary...
CVE-2025-61732
A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary...