Cross-site Scripting (XSS)

Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the editableTable.twig component when processing the Row Heading column type. An attacker can execute arbitrary JavaScript in the context of another user's sessio...

CVE-2026-27126

Craft is a content management system CMS. In versions 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22, a stored Cross-site Scripting XSS vulnerability exists in the editableTable.twig component when using the html column type. The application fails to sanitize the input, allowing an attack...

CVE-2026-27126 Craft CMS has Stored XSS in Table Field via "HTML" Column Type

Craft is a content management system CMS. In versions 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22, a stored Cross-site Scripting XSS vulnerability exists in the editableTable.twig component when using the html column type. The application fails to sanitize the input, allowing an attack...

EUVD-2026-7406

Craft is a content management system CMS. In versions 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22, a stored Cross-site Scripting XSS vulnerability exists in the editableTable.twig component when using the html column type. The application fails to sanitize the input, allowing an attack...

CVE-2026-27126

CVE-2026-27126 : Connected docs reveal a concrete vulnerability in Craft CMS: a stored XSS in the editableTable.twig component when using the HTML column type. The flaw allows an attacker to inject arbitrary JavaScript via a table field with Column Type HTML, exploiting it in normal viewing and w...

CVE-2026-27126 Craft CMS has Stored XSS in Table Field via "HTML" Column Type

Craft is a content management system CMS. In versions 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22, a stored Cross-site Scripting XSS vulnerability exists in the editableTable.twig component when using the html column type. The application fails to sanitize the input, allowing an attack...

Cross-site Scripting (XSS)

Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the editableTable.twig component when the html column type is used. An attacker can execute arbitrary JavaScript in the context of another user's session by...

CVE-2021-24898

The EditableTable WordPress plugin through 0.1.4 does not sanitise and escape any of the Table and Column fields, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

WordPress Editable Table plugin <= 0.1.4 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Vaibhav Koli in WordPress Editable Table plugin versions = 0.1.4. Solution Deactivate and delete. This plugin has been closed as of October 25, 2021 and is not available for download. Reason: Security Issue...