10 matches found
EUVD-2026-25233
A critical XSS vulnerability affected hackage-server and hackage.haskell.org. HTML and JavaScript files provided in source packages or via the documentation upload facility were served as-is on the main hackage.haskell.org domain. As a consequence, when a user with latent HTTP credentials browses...
CVE-2026-40470
A critical XSS vulnerability affected hackage-server and hackage.haskell.org. HTML and JavaScript files provided in source packages or via the documentation upload facility were served as-is on the main hackage.haskell.org domain. As a consequence, when a user with latent HTTP credentials browses...
CVE-2026-40470 Hackage package and doc upload stored XSS vulnerability
A critical XSS vulnerability affected hackage-server and hackage.haskell.org. HTML and JavaScript files provided in source packages or via the documentation upload facility were served as-is on the main hackage.haskell.org domain. As a consequence, when a user with latent HTTP credentials browses...
CVE-2026-40470 Hackage package and doc upload stored XSS vulnerability
A critical XSS vulnerability affected hackage-server and hackage.haskell.org. HTML and JavaScript files provided in source packages or via the documentation upload facility were served as-is on the main hackage.haskell.org domain. As a consequence, when a user with latent HTTP credentials browses...
CVE-2026-40470
A critical XSS vulnerability (CVE-2026-40470) affected hackage-server and hackage.haskell.org . HTML/JavaScript from source packages or documentation uploads were served directly on the main domain, enabling an attacker with malicious upload to hijack latent HTTP credentials and perform actions t...
CVE-2024-55239
A reflected Cross-Site Scripting vulnerability in the standard documentation upload functionality in Portabilis i-Educar 2.9 allows attacker to craft malicious urls with arbitrary javascript in the 'titulodocumento' parameter...
CVE-2024-55239
A reflected Cross-Site Scripting vulnerability in the standard documentation upload functionality in Portabilis i-Educar 2.9 allows attacker to craft malicious urls with arbitrary javascript in the 'titulodocumento' parameter...
CVE-2024-55239
A reflected Cross-Site Scripting vulnerability in the standard documentation upload functionality in Portabilis i-Educar 2.9 allows attacker to craft malicious urls with arbitrary javascript in the 'titulodocumento' parameter...
PT-2024-36499 · Portabilis · Portabilis I-Educar
Name of the Vulnerable Software and Affected Versions: Portabilis i-Educar version 2.9 Description: A reflected Cross-Site Scripting issue exists in the standard documentation upload functionality, allowing an attacker to craft malicious URLs with arbitrary javascript in the titulo documento...
CVE-2024-55239
Portabilis i-Educar 2.9 is affected by a reflected XSS in the standard documentation upload functionality, exploitable via the titulo_documento parameter to craft malicious URLs with arbitrary JavaScript. CVE-2024-55239 is rated CVSS v3.1 base 5.4 (Medium). Exploitation details are not described ...