Lucene search
K

4 matches found

Cvelist
Cvelist
added yesterday33 views

CVE-2026-55660 TinaCMS: Cross-origin postMessage handlers and rich-text URL-sanitization bypass enable stored XSS and session takeover

Tina is a headless content management system. In versions prior to @tinacms/app 2.5.6 and tinacms 3.9.3, cross-origin postMessage handlers and a rich-text URL-sanitization bypass enable stored XSS and session takeover. The library registers window message listeners — the useTina overlay handler,...

7.6CVSS
Exploits0References2
Patchstack
Patchstack
added 2026/06/19 9:15 p.m.6 views

NPM: TinaCMS: Cross-origin postMessage handlers and rich-text URL-sanitization bypass enable stored XSS and session takeover

NPM: TinaCMS: Cross-origin postMessage handlers and rich-text URL-sanitization bypass enable stored XSS and session takeover vulnerability discovered by ? in WordPress Npm tinacms versions 3.9.3...

7.6CVSS5.8AI score
Exploits0References3Affected Software1
SonarSource Blog
SonarSource Blog
added 2021/08/31 12:0 a.m.38 views

Ghost CMS 4.3.2 - Cross-Origin Admin Takeover

Ghost is one of the most popular Node.js-based Content Management Systems CMS. According to the vendor, there are currently more than 2.5 million installs of it and the project has more than 38k stars on GitHub. During our research on open-source applications, we analyzed the code and found a...

4.3CVSS6.9AI score0.07935EPSS
Exploits1
The Hacker News
The Hacker News
added 2019/10/17 5:48 p.m.5 views

Chrome for Android Enables Site Isolation Security Feature for All Sites with Login

After enabling 'Site Isolation' security feature in Chrome for desktops last year, Google has now finally introduced 'the extra line of defence' for Android smartphone users surfing the Internet over the Chrome web browser. In brief, Site Isolation is a security feature that adds an additional...

5.6AI score
Exploits0
Rows per page
Query Builder