CVE-2026-47387

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the shared form-view submit handler packages/nc-gui/composables/useSharedFormViewStore.ts in NocoDB writes the form's redirecturl to window.location.href after a same-host check that does not validate the URL scheme. A...

CVE-2026-47383

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, an authenticated commenter could store HTML in row comments that executed as script when other users hovered over the comment in the expanded form view. The comment write paths persisted the raw comment body with no...

NocoDB: Stored Cross-Site Scripting via Form View Redirect URL

Summary The shared form-view submit handler in NocoDB writes the form's redirecturl to window.location.href after a same-host check that does not validate the URL scheme. A user with editor role or above on any base can plant a javascript: URL in the form's redirecturl; when an authenticated view...

GHSA-HJ85-PH9Q-78JG NocoDB: Stored Cross-Site Scripting via Form View Redirect URL

Summary The shared form-view submit handler in NocoDB writes the form's redirecturl to window.location.href after a same-host check that does not validate the URL scheme. A user with editor role or above on any base can plant a javascript: URL in the form's redirecturl; when an authenticated view...

PT-2026-47085

Name of the Vulnerable Software and Affected Versions NocoDB versions prior to 2026.05.1 Description The shared form-view submit handler in packages/nc-gui/composables/useSharedFormViewStore.ts fails to validate the URL scheme when writing the redirect url to window.location.href. While a same-ho...

EUVD-2022-55979

WordPress Plugin Jetpack 9.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the postid parameter. Attackers can craft URLs to the grunion-form-view.php endpoint with script payloads in the postid parameter ...

CVE-2022-50958

WordPress Plugin Jetpack 9.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the postid parameter. Attackers can craft URLs to the grunion-form-view.php endpoint with script payloads in the postid parameter ...

CVE-2022-50958

WordPress Plugin Jetpack 9.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the postid parameter. Attackers can craft URLs to the grunion-form-view.php endpoint with script payloads in the postid parameter ...

CVE-2022-50958 WordPress Plugin Jetpack 9.1 Cross Site Scripting via grunion-form-view.php

WordPress Plugin Jetpack 9.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the postid parameter. Attackers can craft URLs to the grunion-form-view.php endpoint with script payloads in the postid parameter ...

CVE-2022-50958

WordPress Plugin Jetpack 9.1 contains a reflected cross-site scripting (XSS) vulnerability in grunion-form-view.php via the post_id parameter. Unauthenticated attackers can craft URLs with script payloads in post_id to execute arbitrary JavaScript in victims’ browsers. A public exploit exists per...

CVE-2022-50958 WordPress Plugin Jetpack 9.1 Cross Site Scripting via grunion-form-view.php

WordPress Plugin Jetpack 9.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the postid parameter. Attackers can craft URLs to the grunion-form-view.php endpoint with script payloads in the postid parameter ...

WordPress plugin Jetpack 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

PT-2026-39483

WordPress Plugin Jetpack 9.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the post id parameter. Attackers can craft URLs to the grunion-form-view.php endpoint with script payloads in the post id paramete...

EUVD-2025-37000

A SQL injection vulnerability exists in CSZ-CMS =1.3.0 in the Form Builder view functionality. The vulnerability is located in the field parameter of the form viewing feature, allowing authenticated administrators to execute arbitrary SQL queries...

CSZ-CMS 安全漏洞

CSZ-CMS is a PHP-based open source content management system CMS from CSZ-CMS Open Source. A security vulnerability exists in CSZ-CMS 1.3.0 and prior versions, which stems from an unvalidated field parameter in the form view function, which could lead to an SQL injection attack...

Path Traversal in django-s3file

Impact It was possible to traverse the entire AWS S3 bucket and in most cases to access or delete files. The issue was discovered by the maintainer. There were no reports of the vulnerability being known to or exploited by a third party, before the release of the patch. If the AWSLOCATION setting...

GHSA-4W8F-HJM9-XWGF Path Traversal in django-s3file

Impact It was possible to traverse the entire AWS S3 bucket and in most cases to access or delete files. The issue was discovered by the maintainer. There were no reports of the vulnerability being known to or exploited by a third party, before the release of the patch. If the AWSLOCATION setting...

Liferay Portal 跨站脚本漏洞

Liferay Portal is a J2EE-based portal solution from Liferay, Inc. The solution uses technologies such as EJB as well as JMS, and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, and more. A security vulnerability exists in Liferay Portal...

Foxit Reader and Foxit PhantomPDF for Windows Resource Management Error Vulnerability (CNVD-2019-13814)

Foxit Reader and Foxit PhantomPDF are both Chinese Foxit Foxit company a PDF document reader. A resource management error vulnerability exists in the XFA CXFAFFDocView object in Foxit Reader 9.4.1.16828 and earlier versions, Foxit PhantomPDF 8.3.9.41099 and earlier versions, and Foxit PhantomPDF...

PT-2019-18321 · Foxit · Foxit Reader

Name of the Vulnerable Software and Affected Versions: Foxit Reader version 9.4.0.16811 Description: This issue allows remote attackers to execute arbitrary code on vulnerable installations. User interaction is required, where the target must visit a malicious page or open a malicious file. The...