Adobe Connect Cross-Site Scripting Vulnerability (CNVD-2026-19445)

Adobe Connect is a software for creating meeting environments from the American company Audobee Adobe. Adobe Connect suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute malicious JavaScript in the context of the victim's browser by manipulating the DO...

PT-2026-28298

Name of the Vulnerable Software and Affected Versions HCL Aftermarket DPC affected versions not specified Description HCL Aftermarket DPC is susceptible to a Cross Domain Script Include issue. An attacker can use external scripts to manipulate the Document Object Model DOM, potentially changing t...

OpenProject 跨站脚本漏洞

OpenProject is an open-source web-based project management software. Versions of OpenProject prior to 17.2.0 had a cross-site scripting vulnerability. This vulnerability stemmed from improper Markdown rendering validation in OpenProject, especially in the handling of hyperlinks. It could allow...

CVE-2026-31822

Sylius (PHP/Symfony eCommerce framework) has an XSS vulnerability in the shop checkout login form handled by ApiLoginController. When a login fails, AuthenticationFailureHandler returns a JSON message that is rendered into the DOM via innerHTML, allowing injected HTML/JS in the message to execute...

GitHub Enterprise Server 安全漏洞

GitHub Enterprise Server is an open-source application developed by GitHub in the United States. It provides a scalable and easy-to-manage platform by allowing users to set their GitHub instances as virtual devices. Prior to version 3.20 of GitHub Enterprise Server, there was a security...

CVE-2026-25230 FileRise affected by HTML Injection using color property in file tags

FileRise is a self-hosted web file manager / WebDAV server. Prior to 3.3.0, an HTML Injection vulnerability allows an authenticated user to modify the DOM and add e.g. form elements that call certain endpoints or link elements that redirect the user on active interaction. This vulnerability is...

davids-xss-lab

XSS Attack & Defense EXPERIMENT 1: Stored XSS Attack aler...

davids-xss-attack-defense

XSS Attack & Defense EXPERIMENT 1: Stored XSS Attack aler...

CVE-2025-10878

A SQL injection vulnerability exists in the login functionality of Fikir Odalari AdminPando 1.0.1 before 2026-01-26. The username and password parameters are vulnerable to SQL injection, allowing unauthenticated attackers to bypass authentication completely. Successful exploitation grants full...

CVE-2025-10878

The CVE-2025-10878 entry describes a SQL injection in the login for Fikir Odalari AdminPando 1.0.1 (pre-2026-01-26) that allows unauthenticated bypass of authentication and full admin access, including HTML/DOM content manipulation. Connected advisories confirm the issue affects AdminPando prior ...

MiracleLinux 9 : tbb-2020.3-8.el9_5.1 (AXSA:2025-9628:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9628:01 advisory. jquery: Untrusted code execution via tag in HTML passed to DOM manipulation methods CVE-2020-11023 Tenable has extracted the preceding description block...

MiracleLinux 9 : doxygen-1.9.1-12.el9_5 (AXSA:2025-9657:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9657:01 advisory. jquery: Untrusted code execution via tag in HTML passed to DOM manipulation methods CVE-2020-11023 Tenable has extracted the preceding description block...

MiracleLinux 9 : gcc-11.5.0-5.el9_5.ML.1 (AXSA:2025-9691:09)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9691:09 advisory. jquery: Untrusted code execution via tag in HTML passed to DOM manipulation methods CVE-2020-11023 Tenable has extracted the preceding description block...

MiracleLinux 7 : gcc-4.8.5-44.0.1.el7.AXS7 (AXSA:2025-9920:15)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9920:15 advisory. CVE-2020-11023: sanitize HTML content passed to DOM manipulation methods to prevent execution of untrusted code CVEs: CVE-2020-11023 In jQuery versions great...

Tuta Mail has DOM attribute and CSS injection in its Contact Viewer feature

Impact Users importing contacts from untrusted sources. Specifically crafted contact data can lead to some of DOM modifications for the link button next to the field e.g. the link address can be overriden. CSS can be manipulated to give the button arbitrary look and change it's size so that any...

CVE-2025-13537

The Live Composer – Free WordPress Website Builder plugin for WordPress is vulnerable to multiple Stored Cross-Site Scripting vulnerabilities via DOM manipulation in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping on user-supplied attributes. Th...

CVE-2025-13537

The Live Composer – Free WordPress Website Builder plugin for WordPress is vulnerable to multiple Stored Cross-Site Scripting vulnerabilities via DOM manipulation in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping on user-supplied attributes. Th...

CVE-2025-13537 Live Composer – Free WordPress Website Builder <= 2.0.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting

The Live Composer – Free WordPress Website Builder plugin for WordPress is vulnerable to multiple Stored Cross-Site Scripting vulnerabilities via DOM manipulation in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping on user-supplied attributes. Th...

PT-2025-51860

The Live Composer – Free WordPress Website Builder plugin for WordPress is vulnerable to multiple Stored Cross-Site Scripting vulnerabilities via DOM manipulation in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping on user-supplied attributes. Th...

EUVD-2013-6262

Malware in sbrugna...