1115892 matches found
CVE-2026-52846
Summary: CVE-2026-52846 affects Caddy's stripHTML template function, which cannot reliably strip certain malformed HTML (e.g., <img src=x onerror=alert()>). This can bypass tag-stripping and may enable client-side XSS when untrusted strings are rendered as HTML. The issue originates in func...
CVE-2026-53662 immich: One-click account takeover via XSS in login page continue redirect
immich is a high performance self-hosted photo and video management solution. From commit 4ffa26c9 until 4eb1003, a reflected cross-site scripting XSS vulnerability on the /auth/login page allows an attacker to fully compromise any authenticated user's account with a single link click. The contin...
CVE-2026-44960
A stored XSS can be exploited by leveraging the usernames as an attack vector. When an admin user viewed the audit log details for affected entries, any malicious JavaScript payload embedded in the username would be executed due to missing output sanitisation. Proper escaping has been added to th...
CVE-2026-54011 Open WebUI: Stored XSS in Mermaid Markdown Preview
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6,Open WebUI renders Mermaid blocks from Markdown files in the file preview panel and inserts the generated SVG into the DOM using innerHTML. Because Mermaid is configured with...
CVE-2026-54013
CVE-2026-54013 describes a stored XSS in Open WebUI where the model profile image URL could be a data:image/svg+xml;base64 payload. The root cause is missing input validation on ModelMeta.profile_image_url and missing output protections in the model image endpoint (no MIME allowlist, no nosniff, ...
CVE-2026-54303
n8n is an open source workflow automation platform. Prior to 2.24.0, an endpoint in the Meta and Microsoft Teams trigger nodes reflects a query parameter into the HTTP response without sanitization or Content-Security-Policy headers, enabling reflected XSS in the n8n origin when a logged-in user...
CVE-2026-44961
The XML‑RPC API addUser method has a validation bypass introduced in the fix for CVE‑2025‑55129. As a result, API users could create usernames that enabled impersonation or stored XSS attacks. Proper validation has been added where it was missing...
CVE-2026-44960
A stored XSS can be exploited by leveraging the usernames as an attack vector. When an admin user viewed the audit log details for affected entries, any malicious JavaScript payload embedded in the username would be executed due to missing output sanitisation. Proper escaping has been added to th...
CVE-2026-44956
Low‑privileged users could use their Full Name as a vector for a stored XSS attack. The name is included in system‑generated emails, whose content is stored in the details field of the userlog table. An admin user viewing the email content through userlog-details.php would have any malicious...
CVE-2026-44960
Vulnerability summary (CVE-2026-44960) : A stored XSS exists in Revive Adserver where malicious content placed in the username could be executed when an admin views audit log details, due to missing output sanitisation. The issue is triggered by usernames being displayed in the audit log details ...
CVE-2026-44961
The CVE-2026-44961 entry affects Revive Adserver’s XML‑RPC addUser API. The flaw is a validation bypass introduced in the fix for CVE-2025‑55129, enabling username-based impersonation or stored XSS unless proper validation is present. The available documents confirm that correct validation has no...
CVE-2026-44956
Revive Adserver (Revive Adserver) is affected by a stored XSS vector where an attacker’s Full Name, injected into system-generated emails stored in the userlog.details field, can execute JavaScript when an admin views the content via userlog-details.php. Root cause: missing output sanitisation in...
EUVD-2026-38508
Low‑privileged users could use their Full Name as a vector for a stored XSS attack. The name is included in system‑generated emails, whose content is stored in the details field of the userlog table. An admin user viewing the email content through userlog-details.php would have any malicious...
CVE-2026-54301
Summary: CVE-2026-54301 affects n8n prior to certain fixes. An authenticated user with workflow edit access could configure a Respond to Webhook node to serve binary content with an attacker-controlled Content-Type, bypassing the central Content-Security-Policy sandbox header. This allowed a publ...
CVE-2026-54303
Summary of CVE-2026-54303 (n8n): An endpoint in the Meta and Microsoft Teams trigger nodes reflects a query parameter into the HTTP response without sanitization or CSP headers, enabling reflected XSS in the n8n origin when a logged-in user visits a crafted URL. Affected component: n8n trigger no...
CVE-2026-11772 Reflected XSS in DRIMO CMS
DRIMO CMS is vulnerable to Reflected XSS via q parameter in searching functionality. An attacker can prepare an URL that, when opened, results in arbitrary JavaScript execution in the victim's browser. Product is in End Of Life phase and will not receive any updates. However, deleting info.php fi...
CVE-2026-11772
DRIMO CMS is affected by a Reflected XSS in the searching functionality, triggered via the q parameter. The vulnerability allows arbitrary JavaScript execution in the victim’s browser when a crafted URL is opened. The affected software is at end-of-life and no security updates are planned. Mitiga...
EUVD-2026-38450
DRIMO CMS is vulnerable to Reflected XSS via q parameter in searching functionality. An attacker can prepare an URL that, when opened, results in arbitrary JavaScript execution in the victim's browser. Product is in End Of Life phase and will not receive any updates. However, deleting info.php fi...
CVE-2026-56263
Crawl4AI before 0.8.7 contains a stored cross-site scripting vulnerability in the monitor dashboard that renders crawl URLs and error messages via innerHTML without escaping. An attacker can submit a crafted crawl request with malicious markup that executes in an operator's browser when viewing t...
CVE-2026-4610
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pmauthormessage' parameter in the pmsendmessagetoauthor function in all versions up to, and including, 5.9.9.2 due to insufficient input sanitization and output...