EUVD-2026-33311

WWBN AVideo is an open source video platform. In 29.0 and earlier, there is a stored cross-site scripting vulnerability. The Live plugin's "YouTube-style" view renders the live transmission's stream key into an HTML class attribute by raw echo, without htmlspecialchars. A canStream user can persi...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper input sanitization of the generateRowparameter in the \Writer\Html class. Remediation There is no fixed version for phpoffice/phpexcel. References - GitHub Commit Credit: Aleksey Solovev...

SUSE CVE-2015-2933

Cross-site scripting XSS vulnerability in the Html class in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via a LanguageConverter substitution string when using a language variant...

sysPass Cross-Site Scripting Vulnerability

sysPass is a PHP-based Web password manager. A cross-site scripting vulnerability exists in the inc/SP/Html/Html.class.php file in sysPass version 2.1.9. A remote attacker can exploit this vulnerability to bypass the cross-site scripting filter...

CVE-2017-9306

inc/SP/Html/Html.class.php in sysPass 2.1.9 allows remote attackers to bypass the XSS filter, as demonstrated by use of an "svg/onload=" substring instead of an "svg onload=" substring...

CVE-2017-9306

The vulnerability described across multiple sources affects sysPass 2.1.9, specifically the file inc/SP/Html/Html.class.php. It enables remote attackers to bypass the XSS filter by manipulating an SVG onload payload (demonstrated with a "<svg/onload=" substring in place of a proper "<svg on...

MediaWiki cross-site scripting vulnerability (CNVD-2015-02416)

MediaWiki is a Wiki program. A cross-site scripting vulnerability exists in the Html class of MediaWiki. When the program uses a language variant, a remote attacker can exploit the vulnerability by replacing strings with LanguageConverter to inject arbitrary web script or HTML...

CVE-2015-2933

Cross-site scripting XSS vulnerability in the Html class in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via a LanguageConverter substitution string when using a language variant...

CVE-2015-2933

Cross-site scripting XSS vulnerability in the Html class in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via a LanguageConverter substitution string when using a language variant...

DEBIAN-CVE-2015-2933

Cross-site scripting XSS vulnerability in the Html class in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via a LanguageConverter substitution string when using a language variant...

CVE-2015-2933

Cross-site scripting XSS vulnerability in the Html class in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via a LanguageConverter substitution string when using a language variant...

CVE-2015-2933

Cross-site scripting XSS vulnerability in the Html class in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via a LanguageConverter substitution string when using a language variant...