Lucene search
K

560 matches found

ATTACKERKB
ATTACKERKB
added 4 days ago6 views

CVE-2026-53987

The Tag plugin for GLPI 11 before 2.14.4 stores the tag name without HTML sanitization and renders it into the Kanban badge markup via PluginTagTag::preKanbanContent without output escaping, resulting in stored cross-site scripting. An authenticated user with TAG MANAGEMENT create or update right...

7.3CVSS5.6AI score0.00341EPSS
Exploits0References5Affected Software1
OSV
OSV
added last week3 views

DEBIAN-CVE-2026-50133

Hugo is a static site generator. Prior to 0.162.0, Hugo accepts content files in several markup formats. Files mapped to the text/html media type typically .html files under /content, or pages produced by a content adapter that sets content.mediaType = "text/html" had their body emitted verbatim...

6.1CVSS5.4AI score0.00187EPSS
Exploits0References1
CVE
CVE
added last week21 views

CVE-2026-50133

CVE-2026-50133 affects Hugo, a static site generator. The issue: before v0.162.0, content files mapped to text/html (e.g., HTML under /content or via adapters setting content.mediaType = "text/html") had their body emitted verbatim, enabling stored cross-site scripting if untrusted HTML content i...

6.1CVSS5.4AI score0.00187EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added last week5 views

CVE-2026-50133

Hugo is a static site generator. Prior to 0.162.0, Hugo accepts content files in several markup formats. Files mapped to the text/html media type typically .html files under /content, or pages produced by a content adapter that sets content.mediaType = "text/html" had their body emitted verbatim...

5.1CVSS5.4AI score0.00187EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/07/02 7:9 p.m.3 views

GHSA-3VCG-PV95-PQ54 SFTPGo has stored XSS via inline parameter on public shares and user file download

Summary The inline query parameter on the browsable-share file download and on the authenticated user file download suppressed Content-Disposition: attachment, so an HTML file stored in a share or home directory could be served as text/html and execute in SFTPGo's web origin stored XSS. Impact Lo...

3.7CVSS5.8AI score0.00028EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/01 7:27 p.m.8 views

EUVD-2026-41130

Ladybird contains a dangling-reference memory-safety flaw in its WebAssembly ESM-integration module loader. When a JavaScript function is imported into a WebAssembly module via the ESM path, WebAssemblyModule.cpp passes a stack-local Wasm::FunctionType by reference to createhostfunction, whose ho...

8.9CVSS6.4AI score0.00311EPSS
Exploits0References3
NVD
NVD
added 2026/06/25 3:16 p.m.10 views

CVE-2026-57535

Content injected to PDF rendering contexts could, in many places, include HTML content including tags. If the src attribute of these images pointed to an URL, the PDF rendering engine would download the image from that place and display it, thereby leaking information about the rendering server a...

2.1CVSS0.00308EPSS
Exploits0References1
NVD
NVD
added 2026/06/25 3:16 p.m.14 views

CVE-2026-13314

Malicious HTML content could be injected into the content rendered by the pretix-digital plugin...

2CVSS0.0033EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 2:29 p.m.11 views

CVE-2026-57535

CVE-2026-57535 describes a vulnerability in PDF rendering contexts where HTML content (including tags) can be injected. If an tag src points to a URL, the rendering engine may fetch the image, potentially leaking information about the rendering server and enabling an SSRF-like vector in the loc...

2.1CVSS5.9AI score0.00308EPSS
Exploits0References1
CVE
CVE
added 2026/06/23 7:44 p.m.17 views

CVE-2026-53929

NocoDB (pre-2026.05.1) is affected by a Stored Cross-Site Scripting vulnerability when NC_SECURE_ATTACHMENTS=true. An authenticated uploader could deliver .html or .svg attachments that the browser renders inline from the NocoDB origin due to a header-key casing mismatch (ResponseContentDispositi...

5.1CVSS5.8AI score0.00288EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/06/16 7:22 p.m.9 views

Hugo: XSS via text/html content files

Commit: e41a06447d — Disallow HTML content by default Affected versions: all Hugo versions prior to v0.162.0. Fixed in: v0.162.0. Severity: Low to Medium, depending on threat model. Not an issue if you fully trust every file under /content and every content adapter you load. Description. Hugo...

6.1CVSS5.1AI score0.00187EPSS
Exploits0References4Affected Software1
Snyk
Snyk
added 2026/06/16 7:22 p.m.4 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the text/html content processing. An attacker can inject and execute arbitrary scripts in the context of the rendered page by supplying malicious HTML content files from untrusted sources. This is only...

5.4CVSS5.9AI score0.00187EPSS
Exploits0References2
OSV
OSV
added 2026/06/16 7:22 p.m.5 views

GHSA-C54G-XJWJ-8G82 Hugo: XSS via text/html content files

Commit: e41a06447d — Disallow HTML content by default Affected versions: all Hugo versions prior to v0.162.0. Fixed in: v0.162.0. Severity: Low to Medium, depending on threat model. Not an issue if you fully trust every file under /content and every content adapter you load. Description. Hugo...

5.1CVSS5.1AI score0.00187EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.12 views

PT-2026-50156

Name of the Vulnerable Software and Affected Versions Hugo versions prior to 0.162.0 Description Hugo accepts content files in various markup formats. Files mapped to the text/html media type, such as .html files located under /content or pages generated by a content adapter where content.mediaTy...

6.1CVSS5.7AI score0.00187EPSS
Exploits0References13
Cvelist
Cvelist
added 2026/06/09 7:49 a.m.39 views

CVE-2026-8599 MailerPress <= 2.0.4 - Authenticated (Author+) Stored Cross-Site Scripting via Campaign HTML Content Field

The MailerPress – Email Marketing, Newsletter, Email Automation & WooCommerce Emails plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Campaign HTML Content Field in all versions up to, and including, 2.0.4 due to insufficient input sanitization and output escaping. This makes...

6.4CVSS0.00234EPSS
Exploits0References11
EUVD
EUVD
added 2026/06/09 7:49 a.m.14 views

EUVD-2026-35377

The MailerPress – Email Marketing, Newsletter, Email Automation & WooCommerce Emails plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Campaign HTML Content Field in all versions up to, and including, 2.0.4 due to insufficient input sanitization and output escaping. This makes...

6.4CVSS5.7AI score0.00234EPSS
Exploits0References11
CVE
CVE
added 2026/06/09 7:35 a.m.29 views

CVE-2026-34033

CVE-2026-34033 affects Apache Answer up to version 2.0.0. The issue is an HTML content injection (basic XSS) where user-supplied content included in notification emails was not properly escaped, allowing authenticated users to inject arbitrary HTML into emails sent to other users. The CVSS vector...

5.4CVSS5.5AI score0.00372EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.18 views

PT-2026-47724

Name of the Vulnerable Software and Affected Versions MailerPress – Email Marketing, Newsletter, Email Automation & WooCommerce Emails versions prior to 2.0.5 Description Insufficient input sanitization and output escaping allow authenticated attackers with author-level access or higher to perfor...

6.4CVSS5.7AI score0.00234EPSS
Exploits0References15
RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.9 views

CVE-2026-30615

A prompt injection vulnerability in Windsurf 1.9544.26 allows remote attackers to execute arbitrary commands on a victim system. When Windsurf processes attacker-controlled HTML content, malicious instructions can cause unauthorized modification of the local MCP configuration and automatic...

8CVSS6.4AI score0.0026EPSS
Exploits0References1
NVD
NVD
added 2026/06/05 7:16 p.m.13 views

CVE-2026-46392

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0 of HAX CMS PHP, the saveFile endpoint validates upload extensions case-insensitively and writes the filename to disk verbatim, but the .htaccess rule that forces Content-Disposition: attachment on HTML...

8.7CVSS0.00223EPSS
Exploits0References1
Rows per page
Query Builder