81 matches found
From AI-Generated Content to Agentic Action: Security and Safety Threats in Generative AI
Generative AI systems are increasingly used not only to produce content but also to retrieve data, invoke tools, and execute actions. This work examines the security and safety implications of that shift across content-level, model-level, and agentic threats. We analyze how attacker access...
CVE-2026-38949
Cross-Site Scripting XSS vulnerability exists in HTMLy version 3.1.1 in the content creation functionality at the /add/content?type=image endpoint. The application fails to properly sanitize user input, allowing injection of arbitrary code...
CVE-2026-38949
Cross-Site Scripting XSS vulnerability exists in HTMLy version 3.1.1 in the content creation functionality at the /add/content?type=image endpoint. The application fails to properly sanitize user input, allowing injection of arbitrary code...
PT-2026-35748
Name of the Vulnerable Software and Affected Versions HTMLy version 3.1.1 Description A Cross-Site Scripting XSS issue exists in the content creation functionality at the '/add/content?type=image' endpoint. The application fails to properly sanitize user input, which allows the injection of...
CVE-2026-38949
Cross-Site Scripting XSS vulnerability exists in HTMLy version 3.1.1 in the content creation functionality at the /add/content?type=image endpoint. The application fails to properly sanitize user input, allowing injection of arbitrary code...
EUVD-2026-26069
Cross-Site Scripting XSS vulnerability exists in HTMLy version 3.1.1 in the content creation functionality at the /add/content?type=image endpoint. The application fails to properly sanitize user input, allowing injection of arbitrary code...
CVE-2026-38949
HTMLy 3.1.1 is affected by an XSS in the content creation flow at /add/content?type=image due to insufficient input sanitization. The CVE records an overall CVSSv3.1 base score of 8.9 (HIGH) with network attack vector, low attack complexity, user interaction required, and CHANGED scope; impacts t...
CVE-2025-69237
Raytha CMS is vulnerable to Stored XSS via FieldValues0.Value parameter in page creation functionality. Authenticated attacker with permissions to create content can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. This issue was fixed in versi...
CVE-2026-25759
Statmatic is a Laravel and Git powered content management system CMS. From 6.0.0 to before 6.2.3, a stored XSS vulnerability in content titles allows authenticated users with content creation permissions to inject malicious JavaScript that executes when viewed by higher-privileged users. Maliciou...
CVE-2026-25759
CVE-2026-25759 affects Statamic CMS (Laravel/Git-based). From version 6.0.0 up to, but not including, 6.2.3, there is a stored XSS in content titles. An authenticated user with content-creation permissions (and control-panel access) can inject JavaScript that executes for higher-privileged users,...
CVE-2026-25759 Statmatic affected by privilege escalation via stored cross-site scripting
Statmatic is a Laravel and Git powered content management system CMS. From 6.0.0 to before 6.2.3, a stored XSS vulnerability in content titles allows authenticated users with content creation permissions to inject malicious JavaScript that executes when viewed by higher-privileged users. Maliciou...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via stored cross-site scripting. An attacker can execute arbitrary JavaScript in the context of higher-privileged users by injecting malicious scripts, potentially leading to unauthorized privilege escalation...
GHSA-FF9R-WW9C-43X8 Statamic CMS vulnerable to privilege escalation via stored cross-site scripting
Impact Stored XSS vulnerability in content titles allow authenticated users with content creation permissions to inject malicious JavaScript that executes when viewed by higher-privileged users. Malicious user must have an account with control panel access and content creation permissions. This...
CVE-2024-39143
A stored cross-site scripting XSS vulnerability exists in ResidenceCMS 2.10.1 that allows a low-privilege user to create malicious property content with HTML inside which acts as a stored XSS payload...
CVE-2020-36923
Sony BRAVIA Digital Signage 1.7.8 contains an insecure direct object reference vulnerability that allows attackers to bypass authorization controls. Attackers can access hidden system resources like '//content-creation' by manipulating client-side access restrictions...
CVE-2020-36923
Affected product: Sony BRAVIA Digital Signage 1.7.8. Vulnerability: insecure direct object reference (IDOR) that bypasses authorization controls to access hidden system resources (e.g., '/#/content-creation') by manipulating client-side access restrictions. Root cause: insufficient authorization ...
CVE-2020-36923 Sony BRAVIA Digital Signage 1.7.8 Client-Side Protection Bypass via IDOR
Sony BRAVIA Digital Signage 1.7.8 contains an insecure direct object reference vulnerability that allows attackers to bypass authorization controls. Attackers can access hidden system resources like '//content-creation' by manipulating client-side access restrictions...
CVE-2020-36923 Sony BRAVIA Digital Signage 1.7.8 Client-Side Protection Bypass via IDOR
Sony BRAVIA Digital Signage 1.7.8 contains an insecure direct object reference vulnerability that allows attackers to bypass authorization controls. Attackers can access hidden system resources like '//content-creation' by manipulating client-side access restrictions...
WordPress RealPress plugin < 1.1.0 - Unauthenticated Content Creation/Email Sending via REST vulnerability
Unauthenticated Content Creation/Email Sending via REST vulnerability discovered by Khaled Alenazi Nxploited in WordPress Plugin RealPress versions 1.1.0...
CVE-2025-11191 RealPress < 1.1.0 - Unauthenticated Content Creation/Email Sending via REST
The RealPress WordPress plugin before 1.1.0 registers the REST routes without proper permission checks, allowing the creation of pages and sending of emails from the site...