Ampps Advanced Guestbook 跨站脚本漏洞

Ampps Advanced Guestbook is a web messaging system provided by the Indian company Ampps, which offers features for posting and managing guest messages. Version 2.4.4 of Ampps Advanced Guestbook contains a cross-site scripting vulnerability. This vulnerability stems from a persistent cross-site...

CVE-2026-25581

SCEditor is a lightweight WYSIWYG BBCode and XHTML editor. Prior to 3.2.1, if an attacker has the ability control configuration options passed to sceditor.create, like emoticons, charset, etc. then it's possible for them to trigger an XSS attack due to lack of sanitisation of configuration option...

CVE-2026-25581

SCEditor is a lightweight WYSIWYG BBCode and XHTML editor. Prior to 3.2.1, if an attacker has the ability control configuration options passed to sceditor.create, like emoticons, charset, etc. then it's possible for them to trigger an XSS attack due to lack of sanitisation of configuration option...

CVE-2026-25581 SCEditor affected by DOM XSS via emoticon URL/HTML injection

SCEditor is a lightweight WYSIWYG BBCode and XHTML editor. Prior to 3.2.1, if an attacker has the ability control configuration options passed to sceditor.create, like emoticons, charset, etc. then it's possible for them to trigger an XSS attack due to lack of sanitisation of configuration option...

CVE-2026-25581 SCEditor affected by DOM XSS via emoticon URL/HTML injection

SCEditor is a lightweight WYSIWYG BBCode and XHTML editor. Prior to 3.2.1, if an attacker has the ability control configuration options passed to sceditor.create, like emoticons, charset, etc. then it's possible for them to trigger an XSS attack due to lack of sanitisation of configuration option...

CVE-2026-25581

SCEditor has a DOM XSS vulnerability pre-3.2.1 when configuration options passed to sceditor.create() (e.g., emoticons, charset) are not sanitised. An attacker who can control these options can inject malicious payloads, as demonstrated by the provided PoC where an onerror handler is injected via...

GHSA-25FQ-6QGG-QPJ8 SCEditor has DOM XSS via emoticon URL/HTML injection

If an attacker has the ability control configuration options passed to sceditor.create, like emoticons, charset, etc. then it's possible for them to trigger an XSS attack due to lack of sanitisation of configuration options. Proof of concept: js sceditor.createtextarea, emoticons: dropdown: ':':...

Cross-site Scripting (XSS)

Overview org.webjars.npm:sceditor is a lightweight WYSIWYG BBCode and XHTML editor. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the sceditor.create process. An attacker can execute arbitrary scripts in the context of the user's browser by injecting malicious...

PT-2026-6797

Name of the Vulnerable Software and Affected Versions SCEditor versions prior to 3.2.1 Description SCEditor is a lightweight WYSIWYG BBCode and XHTML editor. A lack of sanitisation of configuration options passed to the sceditor.create function allows an attacker who can control these options—suc...

PT-2026-6845

If an attacker has the ability control configuration options passed to sceditor.create, like emoticons, charset, etc. then it's possible for them to trigger an XSS attack due to lack of sanitisation of configuration options. Proof of concept: js sceditor.createtextarea, emoticons: dropdown: ':':...

EUVD-2014-7089

Malware in sbrugna...

EUVD-2002-2307

Malware in sbrugna...

CVE-2015-9549

A reflected Cross-site Scripting XSS vulnerability exists in OcPortal 9.0.20 via the OCFEMOTICONCELL.tpl FIELDNAME field to data/emoticons.php...

CVE-2002-2329

ICQ client 2001b, 2002a and 2002b allows remote attackers to cause a denial of service CPU consumption or crash via a message with a large number of emoticons...

Mattermost Resource Management Error Vulnerability (CNVD-2024-09865)

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a resource management error vulnerability that stems from an inability to check for the presence of custom emoticons when sending it to a post or to limit the number of custom...

Mattermost 资源管理错误漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a resource management error vulnerability that stems from an inability to check for the presence of custom emoticons when sending it to a post or to limit the number of custom...

Rocket.Chat SQL Injection Vulnerability (CNVD-2023-43234)

Rocket.Chat is an open source team chat software. A NoSQL injection vulnerability exists in the Rocket.Chat listEmojiCustom method, which can be exploited by a remote attacker to submit a special request that allows custom emoticons to be uploaded to a Rocket.Chat instance, resulting in a delayed...

Rocket.Chat SQL注入漏洞

Rocket.Chat is an open source team chat software. A NoSQL injection vulnerability exists in the Rocket.Chat listEmojiCustom method, which can be exploited by a remote attacker to submit a special request that allows custom emoticons to be uploaded to a Rocket.Chat instance, resulting in a delayed...

Cross-Site Request Forgery (CSRF) in e107inc/e107

✍️ Description Attacker or malicious user is able to change emoticons activation status if a logged in user visits attacker website. 🕵️‍♂️ Proof of Concept 1.when you logged in open this POC.html in a browser 2.you can check unintentionally emoticons deactivated //POC.html history.pushState'', '',...

CVE-2015-9549

A reflected Cross-site Scripting XSS vulnerability exists in OcPortal 9.0.20 via the OCFEMOTICONCELL.tpl FIELDNAME field to data/emoticons.php...