CVE-2026-30691

Cross-Site Scripting XSS vulnerability in @cyntler/react-doc-viewer v1.17.1 allows remote attackers to execute arbitrary JavaScript via a crafted .txt file. The TXTRenderer component fails to sanitize file content and explicitly casts raw data as a ReactNode...

Cross-site Scripting (XSS)

Overview next is a react framework. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the beforeInteractive process, when untrusted input is embedded without proper escaping. An attacker can execute arbitrary JavaScript in a user's browser by injecting malicious...

CVE-2026-41230

CVE-2026-41230 affects Froxlor prior to 2.3.6 through DomainZones::add(), where arbitrary DNS record types and newline-containing content are not sanitized. This allows an authenticated user to inject DNS records and BIND directives (e.g., $INCLUDE, $ORIGIN, $GENERATE) into zone files by submitti...

CVE-2026-41230

Froxlor is open source server administration software. Prior to version 2.3.6, DomainZones::add accepts arbitrary DNS record types without a whitelist and does not sanitize newline characters in the content field. When a DNS type not covered by the if/elseif validation chain is submitted e.g.,...

CI4MS has stored XSS in Pages Content Due to Missing html_purify Sanitization

Summary The Pages module does not apply the htmlpurify validation rule to content fields during create and update operations, while the Blog module does. Page content is stored unsanitized in the database and rendered as raw HTML on the public frontend via echo $pageInfo-content. An authenticated...

GHSA-FJPJ-6QCQ-6PW2 CI4MS has stored XSS in Pages Content Due to Missing html_purify Sanitization

Summary The Pages module does not apply the htmlpurify validation rule to content fields during create and update operations, while the Blog module does. Page content is stored unsanitized in the database and rendered as raw HTML on the public frontend via echo $pageInfo-content. An authenticated...

CVE-2026-39392 CI4MS has Stored XSS in Pages Content Due to Missing html_purify Sanitization

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.4.0, the Pages module does not apply the htmlpurify validation rule to content fields during create and update operations, while the Blog...

CVE-2026-39392

CI4MS is a CodeIgniter 4-based CMS skeleton. Prior to 0.31.4.0, the Pages module does not apply html_purify to content on create/update, so page content is stored unsanitized and rendered as raw HTML on the public frontend. An authenticated admin with page-editing privileges can inject arbitrary ...

Cross-site Scripting (XSS)

Overview ci4-cms-erp/ci4ms is a composer create-project ci4-cms-erp/ci4ms Affected versions of this package are vulnerable to Cross-site Scripting XSS via the blog post content handling process. An attacker can execute arbitrary JavaScript in the browsers of users who view the affected blog posts...

Ubuntu: Security Advisory (USN-8132-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2026-28740

The '/api/v1/files/images/flow id/file name' endpoint serves SVG files with the 'image/svg+xml' content type without sanitizing their content. Since SVG files can contain embedded JavaScript, an attacker can upload a malicious SVG that executes arbitrary JavaScript when viewed by other users,...

GHSA-3439-VQGJ-2GCF Mattermost allows attackers to manipulate administrator terminals via crafted messages containing ANSI and OSC escape sequences

Mattermost versions 11.2.x = 11.2.2, 10.11.x = 10.11.10, 11.4.x = 11.4.0, 11.3.x = 11.3.1 fail to sanitize user-controlled post content in the mmctl commands terminal output which allows attackers to manipulate administrator terminals via crafted messages containing ANSI and OSC escape sequences...

CVE-2026-3108

Mattermost: CVE-2026-3108 affects versions 11.2.x up to 11.2.2, 10.11.x up to 10.11.10, 11.4.x up to 11.4.0, and 11.3.x up to 11.3.1. The vulnerability arises from failure to sanitize user-controlled post content in mmctl commands terminal output, allowing crafted messages with ANSI/OSC escape se...

Vulnerabilities fixed in GitLab

GitLab has fixed vulnerabilities in versions 18.8.7, 18.9.3, and 18.10.1. The vulnerabilities included denial-of-service scenarios that could be triggered by authenticated users via specific Webhook configurations and continuous integration inputs. In addition, there were issues with improper...

PT-2026-25941

Name of the Vulnerable Software and Affected Versions CI4MS versions prior to 0.31.0.0 Fortinet FortiOS affected versions not specified Description CI4MS, a CodeIgniter 4-based CMS skeleton, is susceptible to stored cross-site scripting XSS due to improper sanitization of user-controlled input wh...

PT-2026-23504

Name of the Vulnerable Software and Affected Versions MarkUs versions prior to 2.9.1 Description MarkUs is a web application used for submitting and grading student assignments. Versions prior to 2.9.1 are susceptible to an issue where the application reads and renders the contents of...

SiYuan: Unauthenticated Reflected XSS via SVG Injection in /api/icon/getDynamicIcon Endpoint

Summary An unauthenticated reflected XSS vulnerability exists in the dynamic icon API endpoint: - GET /api/icon/getDynamicIcon When type=8, attacker-controlled content is embedded into SVG output without escaping. Because the endpoint is unauthenticated and returns image/svg+xml, a crafted URL ca...

TypiCMS Core has Stored Cross-Site Scripting (XSS) via SVG File Upload

I. Summary A Stored Cross-Site Scripting XSS vulnerability exists in the file upload module of TypiCMS. The application allows users with file upload permissions to upload SVG files. While there is a MIME type validation, the content of the SVG file is not sanitized. An attacker can upload a...

CVE-2026-27627

Karakeep is a elf-hostable bookmark-everything app. In version 0.30.0, when the Reddit metascraper plugin returns readableContentHtml, the HTML parsing subprocess uses it directly without running it through DOMPurify. Every other content source in the crawler goes through Readability + DOMPurify,...

next-mdx-remote affected by arbitrary code execution in React server-side rendering of untrusted MDX content

The serialize function used to compile MDX in next-mdx-remote is vulnerable to arbitrary code execution due to insufficient sanitization of MDX content...