Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

125 matches found

Veracode
Veracodeadded 2026/04/18 5:27 a.m.3 views

October CMS Has Stored XSS In Backend Editor Markup Classes

A stored cross-site scripting XSS vulnerability was identified in the Backend Editor Settings. The Markup Classes fields used for paragraph styles, inline styles, table styles, etc. did not sanitize input to valid CSS class name characters. Malicious values were rendered unsanitized in Froala...

5.4CVSS5.7AI score0.00012EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVEadded 2026/04/16 7:22 p.m.1 views

CVE-2026-24906

October is a Content Management System CMS and web platform. Versions prior to 3.7.14 and 4.1.10 contain a Stored Cross-Site Scripting XSS vulnerability in the Backend Editor Settings. The Markup Classes fields used for paragraph styles, inline styles, table styles, etc. did not sanitize input to...

5.4CVSS5.9AI score0.00012EPSS
Exploits0References1
Snyk
Snykadded 2026/04/14 8:2 p.m.1 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the processing of the Markup Classes fields within the backend editor settings. An attacker can execute arbitrary JavaScript code in the context of users who open a RichEditor by injecting malicious values th...

6.1CVSS5.8AI score0.00012EPSS
Exploits0References2
Github Security Blog
Github Security Blogadded 2026/04/14 8:2 p.m.5 views

October CMS has Stored XSS in Backend Editor Markup Classes

A stored cross-site scripting XSS vulnerability was identified in the Backend Editor Settings. The Markup Classes fields used for paragraph styles, inline styles, table styles, etc. did not sanitize input to valid CSS class name characters. Malicious values were rendered unsanitized in Froala...

5.4CVSS5.8AI score0.00012EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichmentadded 2026/04/14 5:23 p.m.2 views

CVE-2026-24906 October CMS has Stored XSS in its Backend Editor Markup Classes

October is a Content Management System CMS and web platform. Versions prior to 3.7.14 and 4.1.10 contain a Stored Cross-Site Scripting XSS vulnerability in the Backend Editor Settings. The Markup Classes fields used for paragraph styles, inline styles, table styles, etc. did not sanitize input to...

5.1CVSS5.9AI score0.00012EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/04/14 5:23 p.m.0 views

CVE-2026-24906

October is a Content Management System CMS and web platform. Versions prior to 3.7.14 and 4.1.10 contain a Stored Cross-Site Scripting XSS vulnerability in the Backend Editor Settings. The Markup Classes fields used for paragraph styles, inline styles, table styles, etc. did not sanitize input to...

5.1CVSS5.9AI score0.00012EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologiesadded 2026/04/14 12:0 a.m.1 views

PT-2026-32726

A stored cross-site scripting XSS vulnerability was identified in the Backend Editor Settings. The Markup Classes fields used for paragraph styles, inline styles, table styles, etc. did not sanitize input to valid CSS class name characters. Malicious values were rendered unsanitized in Froala...

5.3CVSS5.8AI score0.00012EPSS
Exploits0References5
RedhatCVE
RedhatCVEadded 2026/01/09 12:40 p.m.5 views

CVE-2023-43263

A Cross-site scripting XSS vulnerability in Froala Editor v.4.1.1 allows attackers to execute arbitrary code via the Markdown component...

6.1CVSS6.5AI score0.00956EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2026/01/09 11:25 a.m.2 views

CVE-2021-28114

Froala WYSIWYG Editor 3.2.6-1 is affected by XSS due to a namespace confusion during parsing...

5.4CVSS6AI score0.0057EPSS
Exploits0References1
EUVD
EUVDadded 2025/10/07 12:30 a.m.1 views

EUVD-2021-2182

Malware in sbrugna...

6.1CVSS6.1AI score0.00358EPSS
Exploits1References8
EUVD
EUVDadded 2025/10/07 12:30 a.m.2 views

EUVD-2021-2190

Malware in sbrugna...

6.1CVSS6.2AI score0.0031EPSS
Exploits0References5
EUVD
EUVDadded 2025/10/07 12:30 a.m.2 views

EUVD-2021-1491

Malware in sbrugna...

5.4CVSS5.4AI score0.0057EPSS
Exploits0References5
EUVD
EUVDadded 2025/10/07 12:30 a.m.1 views

EUVD-2020-0531

Malware in sbrugna...

5.4CVSS5.4AI score0.00309EPSS
Exploits1References6
EUVD
EUVDadded 2025/10/03 8:7 p.m.2 views

EUVD-2023-46878

Malicious code in bioql PyPI...

6.1CVSS6.4AI score0.00487EPSS
Exploits1References3
EUVD
EUVDadded 2025/10/03 8:7 p.m.2 views

EUVD-2023-2529

Malicious code in bioql PyPI...

5.4CVSS5.5AI score0.02234EPSS
Exploits1References10
EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2022-5026

Malicious code in bioql PyPI...

6.1CVSS6.4AI score0.00359EPSS
Exploits0References4
EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2022-1026

Malicious code in bioql PyPI...

6.1CVSS6.2AI score0.02161EPSS
Exploits3References10
EUVD
EUVDadded 2025/10/03 8:7 p.m.2 views

EUVD-2023-47682

Malicious code in bioql PyPI...

6.1CVSS6.4AI score0.00956EPSS
Exploits1References2
RedhatCVE
RedhatCVEadded 2025/05/23 6:24 a.m.4 views

CVE-2024-51434

Inconsistent tag parsing allows for XSS in Froala WYSIWYG editor 4.3.0 and earlier...

6.1CVSS6.1AI score0.005EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/05/23 4:19 a.m.6 views

CVE-2023-42426

Cross-site scripting XSS vulnerability in Froala Froala Editor v.4.1.1 allows remote attackers to execute arbitrary code via the 'Insert link' parameter in the 'Insert Image' component...

6.1CVSS6.6AI score0.00487EPSS
Exploits1
Rows per page
Query Builder