45 matches found
DRUPAL-CONTRIB-2026-039
This module configures default editorial workflows for LocalGov Drupal content types. It provides a Drupal content moderation workflow, a content approvals dashboard, content scheduling and content preview. The module doesn't sufficiently restrict access to a view of Service Contacts at which...
PT-2026-46079
This module configures default editorial workflows for LocalGov Drupal content types. It provides a Drupal content moderation workflow, a content approvals dashboard, content scheduling and content preview. The module doesn't sufficiently restrict access to a view of Service Contacts at which...
LocalGov Workflows - Moderately critical - Information disclosure - SA-CONTRIB-2026-039
This module configures default editorial workflows for LocalGov Drupal content types. It provides a Drupal content moderation workflow, a content approvals dashboard, content scheduling and content preview. The module doesn't sufficiently restrict access to a view of Service Contacts at which...
PT-2026-46112
This module configures default editorial workflows for LocalGov Drupal content types. It provides a Drupal content moderation workflow, a content approvals dashboard, content scheduling and content preview. The module doesn't sufficiently restrict access to a view of Service Contacts at which...
CVE-2026-45046 Gryph Agents Payload Filter Fails to Strip Tool Payload for Sensitive Content
Gryph provides a security layer for AI coding agents. Prior to 0.7.0, Gryph implements logging levels that determine what content is logged to a local sqlite database. The README incorrectly mentions that the default log level is minimal while it is standard. Source code review shows sensitive...
EUVD-2026-32624
Gryph provides a security layer for AI coding agents. Prior to 0.7.0, Gryph implements logging levels that determine what content is logged to a local sqlite database. The README incorrectly mentions that the default log level is minimal while it is standard. Source code review shows sensitive...
CVE-2026-28405
MarkUs (web-based submission and grading system) is affected by CVE-2026-28405 through the submissions/html_content route, where content from a student-submitted file is rendered without sanitization prior to version 2.9.1. The root cause is lack of input sanitization in how submitted files are r...
CVE-2026-28405 MarkUs: Stored XSS in Submission HTML Preview Enables Instructor-Context Actions
MarkUs is a web application for the submission and grading of student assignments. Prior to version 2.9.1, the courses//assignments//submissions/htmlcontent route reads the contents of a student-submitted file and renders them without sanitization. This issue has been patched in version 2.9.1...
CVE-2026-28405 MarkUs: Stored XSS in Submission HTML Preview Enables Instructor-Context Actions
MarkUs is a web application for the submission and grading of student assignments. Prior to version 2.9.1, the courses//assignments//submissions/htmlcontent route reads the contents of a student-submitted file and renders them without sanitization. This issue has been patched in version 2.9.1...
CVE-2023-43649
baserCMS is a website development framework. Prior to version 4.8.0, there is a cross site request forgery vulnerability in the content preview feature of baserCMS. Version 4.8.0 contains a patch for this issue...
EUVD-2023-2734
Malicious code in bioql PyPI...
EUVD-2025-27594
Malicious code in bioql PyPI...
CVE-2025-57520
A Cross Site Scripting XSS vulnerability exists in Decap CMS thru 3.8.3. Input fields such as body, tags, title, and description are not properly sanitized before being rendered in the content preview pane. This enables an attacker to inject arbitrary JavaScript which executes whenever a user vie...
Decap CMS Cross Site Scripting (XSS) vulnerability
Decap CMS through 3.8.3 is vulnerable to stored Cross-Site Scripting XSS in the admin preview pane. User-controlled fields e.g., title, description, tags, and body are rendered in the preview without sufficient sanitization/escaping. An attacker with low-privilege author/contributor access can...
Cross-site Scripting (XSS)
Overview decap-cms is an An extensible, open source, Git-based, React CMS for static sites. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper sanitization of input fields such as body, tags, title, and description in the content preview pane. An attacker...
CVE-2025-57520
A Cross Site Scripting XSS vulnerability exists in Decap CMS thru 3.8.3. Input fields such as body, tags, title, and description are not properly sanitized before being rendered in the content preview pane. This enables an attacker to inject arbitrary JavaScript which executes whenever a user vie...
CVE-2025-57520
A Cross Site Scripting XSS vulnerability exists in Decap CMS thru 3.8.3. Input fields such as body, tags, title, and description are not properly sanitized before being rendered in the content preview pane. This enables an attacker to inject arbitrary JavaScript which executes whenever a user vie...
Exploit for CVE-2025-57520
PoC exploit for CVE-2025-57520, a stored cross-site scripting X...
PT-2025-37081
Name of the Vulnerable Software and Affected Versions: Decap CMS versions through 3.8.3 Description: A Cross Site Scripting XSS vulnerability exists in Decap CMS. Input fields, including body, tags, title, and description, are not properly sanitized before being rendered in the content preview...
CVE-2025-57520
A Cross Site Scripting XSS vulnerability exists in Decap CMS thru 3.8.3. Input fields such as body, tags, title, and description are not properly sanitized before being rendered in the content preview pane. This enables an attacker to inject arbitrary JavaScript which executes whenever a user vie...