CVE-2025-62779

Frappe Learning is a learning system that helps users structure their content. In Frappe Learning 2.39.1 and earlier, users were able to add HTML through input fields in the Job Form...

EUVD-2020-5981

Malware in sbrugna...

EUVD-2024-0683

Malicious code in bioql PyPI...

tarteaucitron-wp WordPress Plugin Vulnerable to Stored Cross-Site Scripting

The tarteaucitron-wp WordPress plugin before 0.3.0 allows author level and above users to add HTML into a post/page, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

USN-6674-2 python-django vulnerability

USN-6674-1 fixed a vulnerability in Django. This update provides the corresponding update for Ubuntu 18.04 LTS. Original advisory details: Seokchan Yoon discovered that the Django Truncator function incorrectly handled very long HTML input. A remote attacker could possibly use this issue to cause...

CVE-2021-32671

CVE-2021-32671 concerns Flarum’s translation system, which allowed string inputs to be rendered as HTML DOM nodes, enabling cross-site scripting in certain user inputs (notably the forum search box). The vulnerability affects Flarum v1.0.0/v1.0.1 and is due to rendering user-provided markup witho...