CVE-2026-33758

OpenBao is an open source identity-based secrets management system. Prior to version 2.5.2, OpenBao installations that have an OIDC/JWT authentication method enabled and a role with callbackmode=direct configured are vulnerable to XSS via the errordescription parameter on the page for a failed...

CVE-2025-10044

A flaw was found in Keycloak. Keycloak’s account console and other pages accept arbitrary text in the errordescription query parameter. This text is directly rendered in error pages without validation or sanitization. While HTML encoding prevents XSS, an attacker can craft URLs with misleading...

CVE-2024-44794

A cross-site scripting XSS vulnerability in the component /master/auth/OnedriveRedirect.php of PicUploader commit fcf82ea allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the errordescription parameter...

PicUploader 安全漏洞

PicUploader is a graphic bed tool written in php by Bruce's personal developer. It helps you to quickly upload your images to a cloud image bed and automatically return a Markdown formatted link to the clipboard. PicUploader has a security vulnerability that stems from a cross-site scripting...

The vulnerability of the ovirt-engine manager, a tool for managing virtual infrastructure, allows attackers to perform cross-site scripting attacks.

The vulnerability of the ovirt-engine manager, a tool for managing virtual infrastructure, is related to the lack of protection for the web page structure during the processing of the errordescription parameter. Exploiting this vulnerability allows an attacker operating remotely to perform...

GHSA-GCV6-2V9C-RJ48 Cosenary Instagram-PHP-API contains reflected XSS vulnerability

cosenary Instagram-PHP-API aka Instagram PHP API V2, used in the UserPro plugin through 4.9.32 for WordPress, is vulnerable to cross-site scripting via the example/success.php errordescription parameter. Vulnerable code: php if isset$GET'error' echo 'An error occurred: ' . $GET'errordescription';...