1116476 matches found
CVE-2026-53427
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in leandrocp MDEx allows stored or reflected cross-site scripting via attacker-controlled Markdown. When syntax highlighting and full info-string forwarding render: fullinfostring: true are enabled, t...
CVE-2026-54889
Improper Neutralization of Input During Web Page Generation XSS vulnerability in leandrocp mdex allows cross-site scripting via unsanitized URL schemes in Quill Delta output. 'Elixir.MDEx':todelta/2 converts Markdown into a Quill Delta. 'Elixir.MDEx.DeltaConverter':defaultconvertnode/3 in...
CVE-2026-53427
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in leandrocp MDEx allows stored or reflected cross-site scripting via attacker-controlled Markdown. When syntax highlighting and full info-string forwarding render: fullinfostring: true are enabled, t...
CVE-2026-57958
Mixpost through 2.6.0 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript in authenticated users' browsers by crafting malicious OAuth callback URLs with unsanitized error query parameters. Attackers can exploit the OAuth...
CVE-2026-57948
Pinpoint through version 3.1.0 contains an insecure session management vulnerability that allows attackers to access the pinpointJwt session cookie due to missing HttpOnly and Secure attributes, enabling JavaScript access via document.cookie and cleartext transmission over HTTP. Attackers can...
CVE-2026-57958
Summary: Mixpost
EUVD-2026-40143
Mixpost through 2.6.0 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript in authenticated users' browsers by crafting malicious OAuth callback URLs with unsanitized error query parameters. Attackers can exploit the OAuth...
CVE-2026-57948
Pinpoint (through version 3.1.0) has an insecure session management vulnerability where the pinpointJwt cookie lacks HttpOnly and Secure attributes. This allows JavaScript access via document.cookie and cleartext transmission over HTTP, enabling potential exfiltration of the session token via sto...
EUVD-2026-40165
Pinpoint through version 3.1.0 contains an insecure session management vulnerability that allows attackers to access the pinpointJwt session cookie due to missing HttpOnly and Secure attributes, enabling JavaScript access via document.cookie and cleartext transmission over HTTP. Attackers can...
CVE-2026-57336
Unauthenticated Cross Site Scripting XSS in Jobify = 4.3.2 versions...
CVE-2026-57337
Unauthenticated Cross Site Scripting XSS in Landing Page Builder = 1.5.3.5 versions...
CVE-2026-57338
Unauthenticated Cross Site Scripting XSS in ARForms = 7.1.2 versions...
CVE-2026-57330
Subscriber Cross Site Scripting XSS in MasterStudy LMS = 3.7.27 versions...
CVE-2026-57333
Unauthenticated Cross Site Scripting XSS in Link Whisper Free = 0.9.4 versions...
CVE-2026-57329
Subscriber Cross Site Scripting XSS in WooCommerce Designer Pro = 1.9.34 versions...
CVE-2026-57326
Unauthenticated Cross Site Scripting XSS in Business Directory = 6.4.22 versions...
CVE-2026-57320
Unauthenticated Cross Site Scripting XSS in BEAR = 1.1.8 versions...
CVE-2026-13567
A security flaw has been discovered in code-projects Online Music Site 1.0. This affects an unknown part of the file /Frontend/Feedback.php of the component POST Request Handler. The manipulation of the argument fname/femail/faddress/fmessage results in cross site scripting. The attack may be...
CVE-2026-13570
A vulnerability was detected in SourceCodester Inventory Management System 1.0. Impacted is an unknown function of the file /api/usershandler.php of the component User Registration Endpoint. Performing a manipulation of the argument fullname results in cross site scripting. The attack is possible...
CVE-2026-57338
CVE-2026-57338 concerns the WordPress ARForms plugin, specifically versions <= 7.1.2, which are affected by an unauthenticated cross-site scripting (XSS) vulnerability. Multiple connected sources consistently describe this as an XSS flaw in ARForms