14 matches found
CVE-2026-56383
Craft CMS contains a stored cross-site scripting XSS vulnerability in the editableTable.twig component when using the 'Row Heading' column type. The application fails to sanitize input within row heading default values, allowing an attacker with an administrator account with allowAdminChanges...
CVE-2026-56383
CVE-2026-56383 : Craft CMS contains a stored XSS in the editableTable.twig component via the Row Heading column type. The vulnerability arises from unsanitized input in row heading default values, enabling an attacker with an administrator account (when allowAdminChanges is enabled) to inject arb...
EUVD-2026-38177
Craft CMS contains a stored cross-site scripting XSS vulnerability in the editableTable.twig component when using the 'Row Heading' column type. The application fails to sanitize input within row heading default values, allowing an attacker with an administrator account with allowAdminChanges...
CVE-2026-56383 Craft CMS - Stored XSS in Table Field via Row Heading Column Type
Craft CMS contains a stored cross-site scripting XSS vulnerability in the editableTable.twig component when using the 'Row Heading' column type. The application fails to sanitize input within row heading default values, allowing an attacker with an administrator account with allowAdminChanges...
CVE-2026-56383
Craft CMS contains a stored cross-site scripting XSS vulnerability in the editableTable.twig component when using the 'Row Heading' column type. The application fails to sanitize input within row heading default values, allowing an attacker with an administrator account with allowAdminChanges...
Cross-site Scripting (XSS)
Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the editableTable.twig component when processing the Row Heading column type. An attacker can execute arbitrary JavaScript in the context of another user's sessio...
CVE-2026-27126
Craft is a content management system CMS. In versions 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22, a stored Cross-site Scripting XSS vulnerability exists in the editableTable.twig component when using the html column type. The application fails to sanitize the input, allowing an attack...
CVE-2026-27126
Craft CMS has a stored XSS vulnerability in the editableTable.twig component when using the html column type. Affects versions 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22. The issue is due to inadequate sanitization of the html column input, enabling arbitrary JavaScript execution when...
CVE-2026-27126 Craft CMS has Stored XSS in Table Field via "HTML" Column Type
Craft is a content management system CMS. In versions 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22, a stored Cross-site Scripting XSS vulnerability exists in the editableTable.twig component when using the html column type. The application fails to sanitize the input, allowing an attack...
CVE-2026-27126 Craft CMS has Stored XSS in Table Field via "HTML" Column Type
Craft is a content management system CMS. In versions 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22, a stored Cross-site Scripting XSS vulnerability exists in the editableTable.twig component when using the html column type. The application fails to sanitize the input, allowing an attack...
EUVD-2026-7406
Craft is a content management system CMS. In versions 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22, a stored Cross-site Scripting XSS vulnerability exists in the editableTable.twig component when using the html column type. The application fails to sanitize the input, allowing an attack...
Cross-site Scripting (XSS)
Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the editableTable.twig component when the html column type is used. An attacker can execute arbitrary JavaScript in the context of another user's session by...
CVE-2021-24898
The EditableTable WordPress plugin through 0.1.4 does not sanitise and escape any of the Table and Column fields, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
WordPress Editable Table plugin <= 0.1.4 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Vaibhav Koli in WordPress Editable Table plugin versions = 0.1.4. Solution Deactivate and delete. This plugin has been closed as of October 25, 2021 and is not available for download. Reason: Security Issue...