CVE-2026-3218

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Responsive Favicons allows Cross-Site Scripting XSS.This issue affects Responsive Favicons: from 0.0.0 before 2.0.2...

EUVD-2026-15479

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Responsive Favicons allows Cross-Site Scripting XSS.This issue affects Responsive Favicons: from 0.0.0 before 2.0.2...

CVE-2026-3218

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Responsive Favicons allows Cross-Site Scripting XSS.This issue affects Responsive Favicons: from 0.0.0 before 2.0.2...

CVE-2026-3218 Responsive Favicons - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-019

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Responsive Favicons allows Cross-Site Scripting XSS.This issue affects Responsive Favicons: from 0.0.0 before 2.0.2...

CVE-2026-3218

CVE-2026-3218: Drupal Responsive Favicons contains an XSS due to improper filtering of administrator-entered text. Affects versions prior to 2.0.2. Exploitation requires the attacker to have the permission administering responsive favicons. Remediation: update to 2.0.2 or later (as noted in the l...

CVE-2026-3218 Responsive Favicons - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-019

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Responsive Favicons allows Cross-Site Scripting XSS.This issue affects Responsive Favicons: from 0.0.0 before 2.0.2...

Drupal Responsive Favicons 安全漏洞

Drupal Responsive Favicons is an extension for the Drupal content management system that is designed to generate and adapt favicon icons for multiple devices and browsers. Versions of Drupal Responsive Favicons prior to 2.0.2 contained a security vulnerability caused by improper input handling,...

DRUPAL-CONTRIB-2026-019

This module adds the favicons generated by realfavicongenerator.net to your Drupal site. The module does not filter administrator-entered text, leading to a persistent Cross-site scripting XSS vulnerability. This vulnerability is mitigated by the fact that an attacker must have a role with the...

PT-2026-22090

Name of the Vulnerable Software and Affected Versions Drupal Responsive Favicons versions prior to 2.0.2 Description A flaw exists in the Drupal Responsive Favicons module where administrator-entered text is not properly filtered, leading to a Cross-Site Scripting XSS issue. An attacker must...

CVE-2025-66939

Cross Site Scripting vulnerability in 66biolinks by AltumCode v.61.0.1 allows an attacker to execute arbitrary code via a crafted favicon file...

EUVD-2025-16906

Malicious code in bioql PyPI...

CVE-2025-31136

FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, it's possible to run arbitrary JavaScript on the feeds page. This occurs by combining a cross-site scripting XSS issue that occurs in f.php when SVG favicons are downloaded from an attacker-controlled feed containing...

CVE-2025-31136

FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, it's possible to run arbitrary JavaScript on the feeds page. This occurs by combining a cross-site scripting XSS issue that occurs in f.php when SVG favicons are downloaded from an attacker-controlled feed containing tags...

CVE-2025-31136

FreshRSS before 1.26.2 is vulnerable to a cross-site scripting (XSS) issue in f.php triggered by SVG favicons downloaded from attacker-controlled feeds. The XSS occurs when the favicon contains unsanitized [removed] tags and the page lacks a Content Security Policy; an attacker can embed a malici...

Malicious code in test-vite-favicons-inject (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1d3449494a57328246d3ca9d479084793084fb98a35c45e40ed4a82320f60a5b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2025-23508

Cross-Site Request Forgery CSRF vulnerability in OrigoThemes Extra Options – Favicons extra-options-favicons allows Stored XSS.This issue affects Extra Options – Favicons: from n/a through = 1.1.0...

CVE-2025-23508 WordPress Extra Options – Favicons plugin <= 1.1.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in EdesaC Extra Options – Favicons allows Stored XSS.This issue affects Extra Options – Favicons: from n/a through 1.1.0...

CVE-2025-23508 WordPress Extra Options – Favicons plugin <= 1.1.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in OrigoThemes Extra Options – Favicons extra-options-favicons allows Stored XSS.This issue affects Extra Options – Favicons: from n/a through = 1.1.0...

WordPress Extra Options – Favicons plugin <= 1.1.0 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by SOPROBRO in WordPress Plugin Extra Options – Favicons versions = 1.1.0...

WordPress plugin Extra Options – Favicons 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...