8 matches found
UBUNTU-CVE-2026-7186
Stored cross-site scripting in the URL dashboard widget in Checkmk 2.5.0p5, 2.4.0p31, 2.3.0p48, and all 2.2.0 versions allows a user with dashboard editing permissions to store a URL with a dangerous URI scheme such as javascript: that executes scripts in other users' browsers when they view the...
CVE-2026-5160
Summary: CVE-2026-5160 affects the Go package github.com/yuin/goldmark/renderer/html prior to 1.7.17, where cross-site scripting (XSS) can occur due to the order of URL validation and entity resolution. The renderer checks destinations with IsDangerousURL before HTML entity decoding, allowing an ...
WEBIGniter 28.7.23 Cross Site Scripting
Title: WEBIGniter-28.7.23-XSS-Reflected Author: nu11secur1ty Date: 09/04/2023 Vendor: https://webigniter.net/ Software: https://webigniter.net/demo Reference: https://portswigger.net/web-security/cross-site-scripting Description: The value of the redirect request parameter is copied into the valu...
SPIP v4.1.10 - Spoofing Admin account Vulnerability
Exploit Title: spip v4.1.10 - Spoofing Admin account Author: nu11secur1ty Vendor: https://www.spip.net/enrubrique25.html Software: https://files.spip.net/spip/archives/spip-v4.1.10.zip Reference: https://www.crowdstrike.com/cybersecurity-101/spoofing-attacks/ Description: The malicious user can...
spip v4.1.10 - Spoofing Admin account
Exploit Title: spip v4.1.10 - Spoofing Admin account Author: nu11secur1ty Date: 06.29.2023 Vendor: https://www.spip.net/enrubrique25.html Software: https://files.spip.net/spip/archives/spip-v4.1.10.zip Reference: https://www.crowdstrike.com/cybersecurity-101/spoofing-attacks/ Description: The...
gitea -- Disallow dangerous URL schemes
The Gitea team reports: Disallow javascript, vbscript and data data uri images still work url schemes even if all other schemes are allowed...
Unfixed XSS vulnerability at forums.mirror.co.uk
Security researcher TreX, has submitted on 02/02/2008 a cross-site-scripting XSS vulnerability affecting forums.mirror.co.uk, which at the time of submission ranked 7506 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 16/03/2008. It is currentl...
simplicityRemote.txt
--------------Boundary-00=B6O8YHI1VA4000000000 Content-Type: Text/Plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable 26/07/2005 16.09.18=0D =0D Simplicity OF Upload 1.3 possibly prior versons remote code execution =0D & cross site scripting=0D =0D software: =0D author site:...