Lucene search
K

191 matches found

NVD
NVD
added 5 days ago7 views

CVE-2026-59833

SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, SiYuan renders note and package content to HTML through the Lute engine with sanitization enabled, but Lute's dangerous javascript scheme block does not check form action or SVG xlink:href attributes, allowing stored...

8.6CVSS0.00388EPSS
Exploits0References3
CVE
CVE
added 5 days ago10 views

CVE-2026-59833

SiYuan (open-source PIM) prior to 3.7.1 uses Lute with sanitization, but the per-attribute URL-scheme sanitizer fails to check form action and SVG xlink:href attributes. This allows stored XSS in document export-preview and Bazaar package README rendering paths, with potential to execute OS comma...

8.6CVSS5.9AI score0.00388EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 5 days ago6 views

CVE-2026-59833

SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, SiYuan renders note and package content to HTML through the Lute engine with sanitization enabled, but Lute's dangerous javascript scheme block does not check form action or SVG xlink:href attributes, allowing stored...

8.6CVSS5.9AI score0.00388EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 5 days ago31 views

CVE-2026-59833 SiYuan: Stored XSS to RCE in SiYuan via a per-attribute URL-scheme sanitizer gap in Lute (form action / SVG xlink:href)

SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, SiYuan renders note and package content to HTML through the Lute engine with sanitization enabled, but Lute's dangerous javascript scheme block does not check form action or SVG xlink:href attributes, allowing stored...

8.6CVSS0.00388EPSS
Exploits0References3
OSV
OSV
added 2026/07/02 2:13 p.m.3 views

PYSEC-2026-688 JupyterLab: XSS due to lack of sanitization of the action attribute of an html <form>

Impact Untrusted notebook can execute code on load. This is a remote code execution, but requires user action to open a notebook. Patches Patched in the following versions: 3.1.4, 3.0.17, 2.3.2, 2.2.10, 1.2.21. References OWASP Page on Restricting Form Submissions For more information If you have...

7.4CVSS6.3AI score0.02638EPSS
Exploits1References7
NVD
NVD
added 2026/07/01 5:16 p.m.8 views

CVE-2026-34097

Guardian language-system fails to sanitize the id GET parameter before inserting it into multiple HTML form action attributes in textfile.php lines 94, 101, 323, 403, 826, 852. An authenticated attacker can craft a URL that injects script tags executing in the victim's browser session...

4.8CVSS0.00147EPSS
Exploits0References2
NVD
NVD
added 2026/07/01 5:16 p.m.7 views

CVE-2026-34098

Guardian language-system fails to sanitize the id GET parameter before inserting it into HTML source and form action attributes in media.php lines 119, 129. An authenticated attacker can craft a URL that injects script tags executing in the victim's browser session...

4.8CVSS0.00147EPSS
Exploits0References2
NVD
NVD
added 2026/06/09 1:16 p.m.18 views

CVE-2017-20244

Wow Forms WordPress Plugin version 2.1 contains an SQL injection vulnerability that allows unauthenticated attackers to read arbitrary database information by exploiting an unescaped POST parameter. Attackers can inject SQL code through the 'mwpformid' parameter in requests to the admin-ajax.php...

8.8CVSS0.0027EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.22 views

PT-2026-47767

Wow Forms WordPress Plugin version 2.1 contains an SQL injection vulnerability that allows unauthenticated attackers to read arbitrary database information by exploiting an unescaped POST parameter. Attackers can inject SQL code through the 'mwpformid' parameter in requests to the admin-ajax.php...

8.8CVSS5.8AI score0.0027EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/05 7:14 p.m.10 views

CVE-2026-4803

The Royal Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'status' parameter in the wprupdateformactionmeta AJAX action in all versions up to, and including, 1.7.1056. This is due to insufficient input sanitization and output escaping, combined with a...

7.2CVSS5.7AI score0.00359EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/28 4:43 p.m.14 views

Symfony's HtmlSanitizer UrlAttributeSanitizer Omits action/formaction/poster/cite — `javascript`: URI Survives Sanitization (XSS)

Description symfony/html-sanitizer lets applications sanitise untrusted HTML. UrlAttributeSanitizer is the visitor responsible for validating URL-valued attributes and stripping dangerous schemes from them; it runs on every element regardless of configuration. Whether an attribute is kept is...

5.8AI score0.00082EPSS
Exploits0References6Affected Software2
OSV
OSV
added 2026/05/28 4:43 p.m.25 views

GHSA-HHG7-C65M-H7FF Symfony's HtmlSanitizer UrlAttributeSanitizer Omits action/formaction/poster/cite — `javascript`: URI Survives Sanitization (XSS)

Description symfony/html-sanitizer lets applications sanitise untrusted HTML. UrlAttributeSanitizer is the visitor responsible for validating URL-valued attributes and stripping dangerous schemes from them; it runs on every element regardless of configuration. Whether an attribute is kept is...

5.1CVSS5.8AI score0.00082EPSS
Exploits0References6
NVD
NVD
added 2026/05/21 6:16 p.m.14 views

CVE-2026-48227

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in patient.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the id and ticketid GET parameters directly into an HTML form action URL. Attackers can...

5.4CVSS0.00169EPSS
Exploits0References3
NVD
NVD
added 2026/05/21 6:16 p.m.12 views

CVE-2026-48217

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in deletemodule.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the multiple POST parameters modulechoice, flag, confirmation directly into render...

5.4CVSS0.00212EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/21 5:10 p.m.7 views

CVE-2026-48228 Open ISES Tickets < 3.44.2 Reflected XSS via patient_w.php id and ticket_id Parameters

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in patientw.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the id and ticketid GET parameters directly into an HTML form action URL. Attackers ca...

5.4CVSS5.8AI score0.00169EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/21 5:10 p.m.6 views

CVE-2026-48228

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in patientw.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the id and ticketid GET parameters directly into an HTML form action URL. Attackers ca...

5.4CVSS5.8AI score0.00169EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/21 5:10 p.m.13 views

EUVD-2026-31310

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in patientw.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the id and ticketid GET parameters directly into an HTML form action URL. Attackers ca...

5.4CVSS5.8AI score0.00169EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/21 5:10 p.m.11 views

EUVD-2026-31307

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in patient.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the id and ticketid GET parameters directly into an HTML form action URL. Attackers can...

5.4CVSS5.8AI score0.00169EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.14 views

PT-2026-42506

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in patient w.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the id and ticket id GET parameters directly into an HTML form action URL. Attackers...

5.4CVSS5.8AI score0.00169EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.21 views

PT-2026-44727

Name of the Vulnerable Software and Affected Versions symfony/html-sanitizer versions prior to 6.4 Description The UrlAttributeSanitizer visitor fails to validate the schemes of several URL-valued attributes because they are missing from the getSupportedAttributes list. Specifically, the action...

5.1CVSS5.2AI score0.00082EPSS
Exploits0References14
Rows per page
Query Builder