EUVD-2024-16580

Malicious code in bioql PyPI...

CVE-2025-59948

FreshRSS is a free, self-hostable RSS aggregator. Versions 1.26.3 and below do not sanitize certain event handler attributes in feed content, so by finding a page that renders feed entries without CSP, it is possible to execute an XSS payload. The Allow API access authentication setting needs to ...

CVE-2025-59948

FreshRSS is a free, self-hostable RSS aggregator. Versions 1.26.3 and below do not sanitize certain event handler attributes in feed content, so by finding a page that renders feed entries without CSP, it is possible to execute an XSS payload. The Allow API access authentication setting needs to ...

PT-2025-39918

Name of the Vulnerable Software and Affected Versions FreshRSS versions 1.26.3 and below Description FreshRSS does not properly sanitize event handler attributes within feed content. This can lead to cross-site scripting XSS if a page renders feed entries without a Content Security Policy CSP. Th...

FreshRSS 跨站脚本漏洞

FreshRSS is a free, self-hosted RSS aggregator from FreshRSS Open Source. A cross-site scripting vulnerability exists in FreshRSS versions 1.26.3 and earlier, which stems from not cleaning certain event handler attributes in the feed content and could lead to a cross-site scripting attack...

PT-2024-19709 · Open Xchange Gmbh · Ox App Suite

Name of the Vulnerable Software and Affected Versions: No specific software name or affected versions are mentioned in the provided descriptions. Description: The issue concerns RSS feeds that contain malicious data attributes, which could be used to inject script code into a user's browser...

CVE-2024-0792

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 7.0.1 due to insufficient input sanitization and output escaping on RSS feed content. This makes it possible for...

CVE-2024-0792 WP Shortcodes Plugin — Shortcodes Ultimate <= 7.0.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 7.0.1 due to insufficient input sanitization and output escaping on RSS feed content. This makes it possible for...

WordPress Drip Feed Content Extended for Learndash Plugin <= 1.1 is vulnerable to Cross Site Scripting (XSS)

Software Drip Feed Content Extended for Learndash Type Plugin Vulnerable versions = 1.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID cab77cdefc15 Credits Rafie...

nagios: Command injection via curl in MagpieRSS

It was found that an attacker who could control the content of an RSS feed could execute code remotely using the Nagios web interface. This flaw could be used to gain access to the remote system and in some scenarios control over the system...