7 matches found
EUVD-2026-40923
The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'nodatamsg' Shortcode Attribute in all versions up to, and including, 3.3.60 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2026-44429 MCP Registry: Stored XSS in catalogue UI via attribute-quote breakout in publisher-controlled `websiteUrl`
The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. Prior to 1.7.7, the public catalogue UI served at GET / file internal/api/handlers/v0/uiindex.html is vulnerable to stored cross-site scripting via the server.websiteUrl field of any published...
VulnCheck KEV: CVE-2026-44742
Postorius through 1.3.13 does not escape HTML in the message subject when rendering it in the Held messages pop-up, as exploited in the wild in May 2026...
leafkit 安全漏洞
Leafkit is an open-source application developed by Vapor. It uses Swift to create modular server-side software. Versions of Leafkit prior to 1.14.2 contained a security vulnerability. This vulnerability stemmed from incorrect HTML escaping when printing collections using value, which could lead t...
Improper Neutralization of Equivalent Special Elements
Overview vapor/leaf-kit is an an expressive, performant, and extensible templating language built for Swift. Affected versions of this package are vulnerable to Improper Neutralization of Equivalent Special Elements in the htmlEscaped function. An attacker can inject malicious HTML or JavaScript...
Fortra Cobalt Strike 跨站脚本漏洞
Fortra Cobalt Strike is an application from Fortra, Inc. provides you with a post-development agent and covert channel to mimic a quiet, long-term embedded participant in a customer's network. A security vulnerability in Fortra Cobalt Strike version 4.7.1, which stems from the inability to proper...
w3m Vulnerability of Unauthorized Access to Files or Cookies
Overview w3m fails to properly escape HTML tags in the ALT attribute of an IMG tag, which could allow an attacker to access files or cookies. Impact An remote attacker could access files and cookies. Solution Please refer to the 'Vendor Information' section for official remediation and take...