Gitroom Postiz 跨站脚本漏洞

Gitroom Postiz is an open-source social media scheduling tool developed by Gitroom. Versions of Gitroom Postiz from 2.21.6 to 2.21.7 contained a cross-site scripting vulnerability. This vulnerability allowed any authenticated user to store arbitrary HTML in post content by manipulating saved...

CVE-2026-5468

A security flaw has been discovered in Casdoor 2.356.0. This affects the function dangerouslySetInnerHTML. Performing a manipulation of the argument formCss/formCssMobile/formSideHtml results in cross site scripting. The attack can be initiated remotely. The exploit has been released to the publi...

Casdoor vulnerable to Stored XSS via Application formCss / formSideHtml

A security flaw has been discovered in Casdoor 2.356.0. This affects the function dangerouslySetInnerHTML. Performing a manipulation of the argument formCss/formCssMobile/formSideHtml results in cross site scripting. The attack can be initiated remotely. The exploit has been released to the publi...

EUVD-2026-18655

A security flaw has been discovered in Casdoor 2.356.0. This affects the function dangerouslySetInnerHTML. Performing a manipulation of the argument formCss/formCssMobile/formSideHtml results in cross site scripting. The attack can be initiated remotely. The exploit has been released to the publi...

CVE-2026-5468

CVE-2026-5468 affects Casdoor 2.356.0; the dangerouslySetInnerHTML handling in the code path for formCss/formCssMobile/formSideHtml is susceptible to cross-site scripting. The vulnerability can be triggered remotely and has a public exploit (PoC). AVAILABILITY and INTEGRITY impacts are noted as n...

CVE-2026-5468

A security flaw has been discovered in Casdoor 2.356.0. This affects the function dangerouslySetInnerHTML. Performing a manipulation of the argument formCss/formCssMobile/formSideHtml results in cross site scripting. The attack can be initiated remotely. The exploit has been released to the publi...

CVE-2026-5468 Casdoor dangerouslySetInnerHTML cross site scripting

A security flaw has been discovered in Casdoor 2.356.0. This affects the function dangerouslySetInnerHTML. Performing a manipulation of the argument formCss/formCssMobile/formSideHtml results in cross site scripting. The attack can be initiated remotely. The exploit has been released to the publi...

PT-2026-30043

A security flaw has been discovered in Casdoor 2.356.0. This affects the function dangerouslySetInnerHTML. Performing a manipulation of the argument formCss/formCssMobile/formSideHtml results in cross site scripting. The attack can be initiated remotely. The exploit has been released to the publi...

PT-2026-28579

Name of the Vulnerable Software and Affected Versions Notesnook versions prior to 3.3.11 Description Notesnook is a note-taking app with a cross-site scripting issue present in the note history comparison viewer on Web/Desktop platforms. This issue can lead to remote code execution in the desktop...

EUVD-2021-2417

Malware in sbrugna...

EUVD-2020-4429

Malware in sbrugna...

EUVD-2025-25632

Malicious code in bioql PyPI...

Lobe Chat 跨站脚本漏洞

Lobe Chat is an open source, high-performance chatbot framework open sourced from LobeHub. A cross-site scripting vulnerability exists in Lobe Chat versions prior to 1.129.4 that stems from the SVGRender component's use of dangerouslySetInnerHTML to process SVG content, which could lead to...

CVE-2024-27103

Querybook is a Big Data Querying UI. When a user searches for their queries, datadocs, tables and lists, the search result is marked and highlighted, and this feature uses dangerouslySetInnerHTML which means that if the highlighted result has an XSS payload it will trigger. While the input to...

Unauthenticated Stored XSS via dangerouslySetInnerHTML

An UNAUTHENTICATED attacker can achieve stored cross-site scripting XSS by injecting malicious JavaScript the v1/runs/ingest if he adds an empty citations field to trigger a code path where dangerouslySetInnerHTML is used to render the attacker controlled text. This vulnerability allows the...

PT-2025-6012 · React +1 · React +1

Name of the Vulnerable Software and Affected Versions: Joplin versions prior to 3.1.24 Description: This issue is caused by Joplin adding note titles to the document using React's dangerouslySetInnerHTML, without first escaping HTML entities. Joplin lacks a Content-Security-Policy with a...

Cross-site Scripting (XSS)

aim is vulnerable to Cross-site Scripting XSS. The vulnerability is due to its us of dangerouslySetInnerHTML in the textbox component of the web UI. An attacker can inject scripts which will be executed when a user accesses the text explorer feature...

CVE-2024-8863

A vulnerability, which was classified as problematic, was found in aimhubio aim up to 3.24. Affected is the function dangerouslySetInnerHTML of the file textbox.tsx of the component Text Explorer. The manipulation of the argument query leads to cross site scripting. It is possible to launch the...

CVE-2024-8863 aimhubio aim Text Explorer textbox.tsx dangerouslySetInnerHTML cross site scripting

A vulnerability, which was classified as problematic, was found in aimhubio aim up to 3.24. Affected is the function dangerouslySetInnerHTML of the file textbox.tsx of the component Text Explorer. The manipulation of the argument query leads to cross site scripting. It is possible to launch the...

CVE-2024-8863 aimhubio aim Text Explorer textbox.tsx dangerouslySetInnerHTML cross site scripting

A vulnerability, which was classified as problematic, was found in aimhubio aim up to 3.24. Affected is the function dangerouslySetInnerHTML of the file textbox.tsx of the component Text Explorer. The manipulation of the argument query leads to cross site scripting. It is possible to launch the...