15157 matches found
CVE-2026-29905
Kirby CMS up to version 5.1.4 is affected. An authenticated user with Editor permissions can trigger a persistent Denial of Service by uploading a malformed image. The issue stems from inadequate validation of the return value of PHP getimagesize() during processing for metadata or thumbnail gene...
PT-2026-28193
The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to PHP Object Injection via deserialization of the 'post content' of admin form posts in all versions up to, and including, 3.28.31. This is due to the use of WordPress's maybe unserialize function without class restrictions on...
PT-2026-28195
The ShortPixel Image Optimizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the attachment post title in all versions up to, and including, 6.4.3. This is due to insufficient output escaping in the getEditorPopup function and its corresponding media-popup.php template...
PT-2026-28321
Name of the Vulnerable Software and Affected Versions Grafana OSS affected versions not specified Description An authorization bypass exists in the provisioning contact points API. This allows users with the Editor role to modify protected webhook URLs without the necessary...
CVE-2026-33933 Reflected XSS via Unescaped contextName Parameter in Custom Template Editor
OpenEMR is a free and open source electronic health records and medical practice management application. Starting in version 7.0.2.1 and prior to version 8.0.0.3, a reflected cross-site scripting XSS vulnerability in the custom template editor allows an attacker to execute arbitrary JavaScript in...
CVE-2026-33933 Reflected XSS via Unescaped contextName Parameter in Custom Template Editor
OpenEMR is a free and open source electronic health records and medical practice management application. Starting in version 7.0.2.1 and prior to version 8.0.0.3, a reflected cross-site scripting XSS vulnerability in the custom template editor allows an attacker to execute arbitrary JavaScript in...
CVE-2026-33933
OpenEMR is a free and open source electronic health records and medical practice management application. Starting in version 7.0.2.1 and prior to version 8.0.0.3, a reflected cross-site scripting XSS vulnerability in the custom template editor allows an attacker to execute arbitrary JavaScript in...
CVE-2026-33933
OpenEMR CVE-2026-33933 affects versions 7.0.2.1 through 8.0.0.2 (up to but not including 8.0.0.3). A reflected XSS in the custom template editor arises from an unescaped contextName parameter, allowing an attacker to execute arbitrary JavaScript in an authenticated staff member’s browser session ...
CVE-2026-33933 Reflected XSS via Unescaped contextName Parameter in Custom Template Editor
OpenEMR is a free and open source electronic health records and medical practice management application. Starting in version 7.0.2.1 and prior to version 8.0.0.3, a reflected cross-site scripting XSS vulnerability in the custom template editor allows an attacker to execute arbitrary JavaScript in...
EUVD-2026-16040
OpenEMR is a free and open source electronic health records and medical practice management application. Starting in version 7.0.2.1 and prior to version 8.0.0.3, a reflected cross-site scripting XSS vulnerability in the custom template editor allows an attacker to execute arbitrary JavaScript in...
CVE-2026-30587
A flaw was found in Seafile Server and its Seadoc editor. This Stored Cross-Site Scripting XSS vulnerability allows authenticated remote attackers to inject malicious JavaScript code. The application fails to properly sanitize WebSocket messages during document structure updates. By exploiting...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS due to the handling of WebSocket messages for document structure updates in the Seadoc editor. An attacker can execute arbitrary JavaScript code in the context of other users by injecting malicious payloads...
@seafile/seafile-sdoc-editor (>=3.0.0 <=3.0.162) potentially affected by CVE-2026-30587 via @seafile/sdoc-editor (=3.0.162)
@seafile/sdoc-editor NPM version =3.0.162 is affected by a known vulnerability. The following packages have a transitive dependency on @seafile/sdoc-editor and may be impacted: - @seafile/seafile-sdoc-editor =3.0.0, =3.0.162 Source cves: CVE-2026-30587 Source advisory:...
EUVD-2026-15940
Multiple Stored XSS vulnerabilities exist in Seafile Server version 13.0.15,13.0.16-pro,12.0.14 and prior and fixed in 13.0.17, 13.0.17-pro, and 12.0.20-pro, via the Seadoc sdoc editor. The application fails to properly sanitize WebSocket messages regarding document structure updates. This allows...
@seafile/seafile-sdoc-editor (>=3.0.0 <=3.0.162) potentially affected by CVE-2026-30587 via @seafile/sdoc-editor (=3.0.162)
@seafile/sdoc-editor NPM version =3.0.162 is affected by a known vulnerability. The following packages have a transitive dependency on @seafile/sdoc-editor and may be impacted: - @seafile/seafile-sdoc-editor =3.0.0, =3.0.162 Source cves: CVE-2026-30587 Source advisory: OSV:GHSA-RQJ3-X344-QVXC...
GHSA-RQJ3-X344-QVXC Seafile Server has multiple stored XSS vulnerabilities
Multiple Stored XSS vulnerabilities exist in Seafile Server version 13.0.15,13.0.16-pro,12.0.14 and prior and fixed in 13.0.17, 13.0.17-pro, and 12.0.20-pro, via the Seadoc sdoc editor. The application fails to properly sanitize WebSocket messages regarding document structure updates. This allows...
Seafile Server has multiple stored XSS vulnerabilities
Multiple Stored XSS vulnerabilities exist in Seafile Server version 13.0.15,13.0.16-pro,12.0.14 and prior and fixed in 13.0.17, 13.0.17-pro, and 12.0.20-pro, via the Seadoc sdoc editor. The application fails to properly sanitize WebSocket messages regarding document structure updates. This allows...
@seafile/sdoc-editor (=0.2.13), @seafile/seafile-sdoc-editor (>=2.0.43-test-0.0.4 <=2.0.45-test-0.0.4) +1 more potentially affected by CVE-2026-30587 via @seafile/sdoc-editor (>=0.2.12 <=2.0.128-test-0.0.2)
@seafile/sdoc-editor NPM version =0.2.12, =2.0.43-test-0.0.4, =6.0.19, =6.0.33 Source cves: CVE-2026-30587 Source advisory: OSV:GHSA-RQJ3-X344-QVXC...
CVE-2026-30587
Multiple Stored XSS vulnerabilities exist in Seafile Server version 13.0.15,13.0.16-pro,12.0.14 and prior and fixed in 13.0.17, 13.0.17-pro, and 12.0.20-pro, via the Seadoc sdoc editor. The application fails to properly sanitize WebSocket messages regarding document structure updates. This allows...
Craft CMS 5.9.x < 5.9.11 Stored XSS (GHSA-3x4w-mxpf-fhqq)
The version of Craft CMS installed on the remote host is 5.9.x prior to 5.9.11. It is, therefore, affected by a cross-site scripting vulnerability: - The revision/draft context menu in the element editor renders the creator's fullName as raw HTML due to the use of Template::raw combined with...