CVE-2026-42157

Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Prior to 1.2.3, a remote attacker can create a map node with a malicious label that contains arbitrary HTML. When the map tab is selected and a map node marker is...

CVE-2020-37148

P5 FNIP-8x16A/FNIP-4xSH versions 1.0.20 and 1.0.11 suffer from a stored cross-site scripting vulnerability. Input passed to several GET/POST parameters is not properly sanitized before being returned to the user, allowing attackers to execute arbitrary HTML and script code in a user's browser...

CVE-2020-28408

The server in Dundas BI through 8.0.0.1001 allows XSS via an HTML label when creating or editing a dashboard...

CVE-2020-28408

The server in Dundas BI through 8.0.0.1001 allows XSS via an HTML label when creating or editing a dashboard...

CVE-2020-28408

The server in Dundas BI through 8.0.0.1001 allows XSS via an HTML label when creating or editing a dashboard...

Cross site scripting

The server in Dundas BI through 8.0.0.1001 allows XSS via an HTML label when creating or editing a dashboard...

CVE-2020-28408

The server in Dundas BI through 8.0.0.1001 allows XSS via an HTML label when creating or editing a dashboard...

CVE-2020-28408

Dundas BI server (version 8.0.0.1001 and prior) is affected by CVE-2020-28408 due to cross-site scripting via an HTML label when creating or editing a dashboard. The vulnerability is caused by XSS in the server-side handling of dashboard labels; impact details are described as an HTML-label based...