Mailcow < 2026-03b - Href Link Injection

mailcow 2026-03b reflects raw REQUESTURI into JavaScript and href links on the login page, allowing attackers to inject parameters that break JS logic and enable phishing. id: CVE-2026-40878 info: name: Mailcow 2026-03b - Href Link Injection author: ritikchaddha severity: low description: | mailc...

CVE-2026-44429

The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. Prior to 1.7.7, the public catalogue UI served at GET / file internal/api/handlers/v0/uiindex.html is vulnerable to stored cross-site scripting via the server.websiteUrl field of any published...

PT-2026-46865

Unauthenticated Reflected XSS via $ GET'search' in AVideo YouTubeAPI Gallery Pagination Summary A reflected Cross-Site Scripting vulnerability CWE-79 in the AVideo YouTubeAPI plugin allows any unauthenticated attacker to execute arbitrary JavaScript in a victim's browser session when the victim...

PT-2026-39263

Name of the Vulnerable Software and Affected Versions MCP Registry versions prior to 1.7.7 Description The public catalogue UI served at the 'GET /' endpoint is subject to stored cross-site scripting. This occurs via the server.websiteUrl field of published server.json files. The server-side...

CVE-2026-40565

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, FreeScout's linkify function in app/Misc/Helper.php converts plain-text URLs in email bodies into HTML anchor tags without escaping double-quote characters " in the URL. HTMLPurifier called first via...

EUVD-2026-24141

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, FreeScout's linkify function in app/Misc/Helper.php converts plain-text URLs in email bodies into HTML anchor tags without escaping double-quote characters " in the URL. HTMLPurifier called first via...

PT-2026-33996

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, FreeScout's linkify function in app/Misc/Helper.php converts plain-text URLs in email bodies into HTML anchor tags without escaping double-quote characters " in the URL. HTMLPurifier called first via...

Cross-site Scripting (XSS)

Overview i18nextify is an enables localization of any page with zero effort Affected versions of this package are vulnerable to Cross-site Scripting XSS via replaceInside, used by the translateProps function in src/localize.js when untrusted translation values containing dangerous URL schemes suc...

Emissary has Stored XSS via Navigation Template Link Injection

Summary Mustache navigation templates interpolated configuration-controlled link values directly into href attributes without URL scheme validation. An administrator who could modify the navItems configuration could inject javascript: URIs, enabling stored cross-site scripting XSS against other...

CVE-2026-30882

Chamilo LMS is a learning management system. Chamilo LMS version 1.11.34 and prior contains a Reflected Cross-Site Scripting XSS vulnerability in the session category listing page. The keyword parameter from $REQUEST is echoed directly into an HTML href attribute without any encoding or...

CVE-2026-30882

Chamilo LMS is a learning management system. Chamilo LMS version 1.11.34 and prior contains a Reflected Cross-Site Scripting XSS vulnerability in the session category listing page. The keyword parameter from $REQUEST is echoed directly into an HTML href attribute without any encoding or...

CVE-2026-31859 Craft has Reflective XSS via incomplete return URL sanitization

Craft is a content management system CMS. The fix for CVE-2025-35939 in craftcms/cms introduced a striptags call in src/web/User.php to sanitize return URLs before they are stored in the session. However, striptags only removes HTML tags angle brackets -- it does not inspect or filter URL schemes...

CVE-2025-58353

Promptcraft Forge Studio is affected by CVE-2025-58353 due to its input sanitization using a regex blacklist (e.g., replace(/javascript:/gi, '')). The issue arises because the sanitizer operates on multi-character tokens and applies each replacement only once, which can create new dangerous token...

PT-2025-36092

Name of the Vulnerable Software and Affected Versions: Promptcraft Forge Studio affected versions not specified Description: Promptcraft Forge Studio is a toolkit for evaluating, optimizing, and maintaining LLM-powered applications. The software’s input sanitization process, which utilizes regex...

Incomplete Filtering of Special Elements

Overview org.webjars:angular-sanitize is an AngularJS module for sanitizing HTML Affected versions of this package are vulnerable to Incomplete Filtering of Special Elements through the ngSanitize module. An attacker can manipulate image sources and perform content spoofing by injecting malicious...