1119115 matches found
CVE-2026-58077
CVE-2026-58077 affects the Joomla extension 4Analytics (weeblr.com) prior to version 5.0.2. It describes an unauthenticated stored XSS vulnerability, where a specially crafted unauthenticated request can lead to website takeover under certain conditions. The provided documents identify the vulner...
CVE-2026-57833
The CVE affects the Joomla extension 4Analytics for weeblr.com, with an unauthenticated stored XSS vulnerability in the AI analysis feature present in versions prior to 5.0.2. The underlying issue is a stored XSS in the AI analysis workflow, leading to high impact on confidentiality, integrity, a...
CVE-2026-47730
Twig: XSS in Twig\Profiler\Dumper\HtmlDumper allows attacker-controlled template/profile names to inject HTML in profiler output due to unescaped getTemplate()/getName() data. Affects Twig 3.0.0–3.26.0; fixed in 3.26.0 by escaping these values via htmlspecialchars(). No exploit details provided b...
EUVD-2026-44554
ColdFusion is affected by a reflected Cross-Site Scripting XSS vulnerability. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated access or control over the victim's account or session. Exploitation of this issue requires user...
CVE-2026-49978
CVE-2026-49978 affects DOMPurify, where IN_PLACE sanitization before version 3.4.7 could skip shadow contents inside a .content, allowing attacker-controlled markup (e.g., event handlers, JavaScript URLs, scripts) to survive during cloning and insertion of sanitized templates. The issue is fixed ...
CVE-2026-49459
CVE-2026-49459 affects DOMPurify prior to 3.4.6, where IN_PLACE mode could retain event-handler attributes on an attacker‑controlled root DOM due to _isClobbered logic and incomplete removal paths. Affected component: DOMPurify.sanitize(root, { IN_PLACE: true }) with a clobbered root form. Conseq...
CVE-2026-47999
CVE-2026-47999 describes a stored Cross-Site Scripting (XSS) flaw in Adobe Commerce . A high-privilege attacker can inject malicious scripts into vulnerable form fields, with JavaScript potentially executing in a victim’s browser when loading the page containing the affected field. The CVSS metri...
CVE-2026-47995
Technical details such as affected versions, vulnerable components, exploit methods, or remediation steps are not provided in the supplied documents. Monitor for updates from Adobe/NVD for concrete technical information.
CVE-2026-48371
Adobe Commerce is affected by a stored Cross-Site Scripting (XSS) vulnerability. The issue allows a low-privilege attacker to inject malicious scripts into vulnerable form fields, with malicious JavaScript potentially executing in a victim’s browser when visiting the page containing the vulnerabl...
CVE-2026-47994
Adobe Commerce is affected by a stored Cross-Site Scripting (XSS) vulnerability (CVE-2026-47994). The issue allows a low-privileged attacker to inject malicious scripts into vulnerable form fields, with malicious JavaScript potentially executing in a victim’s browser when visiting the page contai...
CVE-2026-48263
CVE-2026-48263 : Adobe Experience Manager is affected by a stored Cross-Site Scripting (XSS) vulnerability in vulnerable form fields. The issue allows a low-privileged attacker to inject malicious scripts, which may execute in a victim’s browser when visiting a page containing the vulnerable fiel...
CVE-2026-48260
Adobe Experience Manager is affected by a DOM-based XSS vulnerability (CVE-2026-48260). The issue allows an attacker to manipulate the DOM to execute malicious JavaScript in the victim’s browser. Exploitation requires user interaction (victim visits a crafted page). CVSS v3.1: AV:N/AC:L/PR:L/UI:R...
CVE-2026-48355
Adobe Experience Manager is affected by a stored XSS vulnerability (CVE-2026-48355) that allows a low-privileged attacker to inject JavaScript into vulnerable form fields, with victim browsers executing the script when visiting the affected page. The CVSS v3.1 base score is 5.4 (Medium) with netw...
CVE-2026-48261
Adobe Experience Manager is affected by a DOM-based XSS vulnerability. An attacker could manipulate the DOM to execute JavaScript in the victim’s browser, with user interaction required (victim visits a crafted page). The vulnerability is scope-changed; CVSS 3.1 base score 5.4 (MEDIUM) with NETWO...
CVE-2026-48253
CVE-2026-48253 affects Adobe Experience Manager and describes a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could cause malicious JavaScript to execute in the victim’s browser by manipulating the DOM; exploitation requires user interaction (the victim visits a crafted page). T...
CVE-2026-48255
CVE-2026-48255 affects Adobe Experience Manager with a DOM-based Cross-Site Scripting (XSS) vulnerability. The issue arises from manipulating the DOM to execute malicious JavaScript in the victim’s browser, requiring user interaction (victim visits a crafted webpage). CVSS 3.1 metrics indicate Ne...
CVE-2026-48257
CVE-2026-48257 : Adobe Experience Manager is affected by a DOM-based XSS vulnerability. An attacker could manipulate the DOM to run malicious JavaScript in the victim’s browser, with exploitation requiring the user to visit a crafted webpage. The CVSS v3.1 base score is 5.4 (Medium) with network ...
CVE-2026-48254
Technical details are not publicly available in the provided documents. Monitor for updates on CVE-2026-48254.
CVE-2026-57101
Improper neutralization of input during web page generation 'cross-site scripting' in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally...
CVE-2026-55126
Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...