4 matches found
malla: Stored XSS via Meshtastic node names in multiple frontend pages
Node names longname, shortname received via MQTT are stored in SQLite without sanitization and rendered into the DOM without escaping. Any participant on a public Meshtastic MQTT broker can set a malicious node name that executes JavaScript in the browser of every Malla dashboard visitor. Affecte...
CVE-2026-0913
The User Submitted Posts – Enable Users to Submit Posts from the Front End plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'uspaccess' shortcode in all versions up to, and including, 20260110 due to insufficient input sanitization and output escaping on user...
SmarterMail Remote Code Execution Vulnerability
SmarterMail is the award-winning email, collaboration and group chat server that easily meets the needs of businesses of any size, from individual business owners to large corporations and enterprise organizations. With lower hardware requirements, superior stability and lower maintenance costs,...
Logic Flaw Vulnerability in Songcms Front-End Pages
SongCMS is a PHP MySQL, ASP Access/SQL Server based development, enterprise-oriented, multi-language support, free, open source CMS to help business users to quickly build and deploy enterprise-level portals. A logic vulnerability exists in the front-end page of SongCMS. An attacker can exploit...