soundcloud-rpc 输入验证错误漏洞

soundcloud-rpc is a music client developed by Richard Habitzreuter, which supports Discord state synchronization and ad blocking. Versions of soundcloud-rpc prior to 0.1.8 had a vulnerability related to input validation errors. This vulnerability stemmed from the execution of song titles containi...

CVE-2026-41466

ProjeQtor versions 7.0 through 12.4.3 contain a stored cross-site scripting vulnerability in the checkValidHtmlText function within Security.php that fails to properly sanitize user input by only detecting specific patterns while returning unsanitized strings without output encoding. Attackers ca...

EUVD-2026-14014

The SurveyJS plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.5.3 via survey result submissions. This is due to insufficient input sanitization and output escaping. The public survey page exposes the nonce required for submission, allowing...

EUVD-2020-18837

Malware in sbrugna...

CVE-2025-55618

In Hyundai Navigation App STD5W.EUR.HMC.230516.afa908d, an attacker can inject HTML payloads in the profile name field in navigation app which then get rendered...

CVE-2025-45406

CodeIgniter4 v4.6.0 is affected by a stored XSS vulnerability in the debugbar_time parameter. The issue is described as enabling arbitrary web scripts or HTML, with a note that the supplier disputes exploitability since the value of debugbar_time may not be controllable and data is escaped by the...

CVE-2024-57774

A cross-site scripting XSS vulnerability in the getBusinessUploadListPage?busid interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

CVE-2023-27075

A cross-site scripting vulnerability XSS in the component microbin/src/pasta.rs of Microbin v1.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

CVE-2020-25422

A cross site scripting XSS vulnerability in menuedit.php of Mara CMS 7.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

WordPress Yoast SEO Plugin < 15.0 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:yoast:yoastseo"; if description...

CVE-2022-42112

A Cross-site scripting XSS vulnerability in the Portal Search module's Sort widget in Liferay Portal 7.2.0 through 7.4.3.24, and Liferay DXP 7.2 before fix pack 19, 7.3 before update 5, and DXP 7.4 before update 25 allows remote attackers to inject arbitrary web script or HTML via a crafted paylo...

Cross-Site Scripting (XSS)

microweber/microweber is vulnerable to cross-site scripting. The vulnerability exists in saveCommentEdit function of AdminCommentController.php because this allows HTML tags in the blog comments which allows a malicious attacker to inject and execute html payloads...

CVE-2020-26218

touchbase.ai before version 2.0 is vulnerable to Cross-Site Scripting. The vulnerability allows an attacker to inject HTML payloads which could result in defacement, user redirection to a malicious webpage/website etc. The issue is patched in version 2.0...