CVE-2026-40986 Spring Web Flow JS RemotingHandler renders non-HTML Response as HTML

Spring Web Flow's JavaScript RemotingHandler renders the body of an error response as HTML even when the response is not "text/html", which can result in a scripting attack in the user's browser if the error response from the server contains error details with input reflected from an attacker...

CVE-2026-45315

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, the audio transcription upload endpoint takes the file extension from the user-supplied filename and saves the file under CACHEDIR/audio/transcriptions/.. The /cache/path route serve...

CVE-2026-40293

OpenFGA is an authorization/permission engine built for developers. In versions 0.1.4 through 1.13.1, when OpenFGA is configured to use preshared-key authentication with the built-in playground enabled, the local server includes the preshared API key in the HTML response of the /playground...

GHSA-68M9-983M-F3V5 OpenFGA: Unauthenticated playground endpoint discloses preshared API key in HTML response

Description When OpenFGA is configured to use preshared-key authentication with the built-in playground enabled, the local server includes the preshared API key in the HTML response of the /playground endpoint. The /playground endpoint is enabled by default and does not require authentication. It...

GHSA-8WHX-V8QQ-PQ64 changedetection.io has Reflected XSS in its RSS Tag Error Response

A reflected cross-site scripting XSS vulnerability was identified in the /rss/tag/ endpoint of changedetection.io. The taguuid path parameter is reflected directly in the HTTP response body without HTML escaping. Since Flask returns text/html by default for plain string responses, the browser...

CVE-2025-66845

TechStore 1.0 exposes a reflected XSS in the user_name endpoint: the id query parameter is echoed into HTML without output encoding or sanitization, allowing execution of arbitrary JavaScript in a victim’s browser. Root cause is lack of input encoding on reflection. CVE-2025-66845 is documented a...

EUVD-2018-4212

Malware in sbrugna...

EUVD-2025-22586

Malicious code in bioql PyPI...

CVE-2025-5301

ONLYOFFICE Docs (DocumentServer) <= 8.3.1 is affected by a reflected XSS when opening files via WOPI, caused by improper sanitization of crafted HTTP POST requests. The XSS can result in malicious scripts being reflected in the server’s HTML response. Affected product/version: ONLYOFFICE Docs ...

CVE-2024-50859

The ipimportaclcsv request in GestioIP v3.5.7 is vulnerable to Reflected XSS. When a user uploads an improperly formatted file, the content may be reflected in the HTML response, allowing the attacker to execute malicious scripts or exfiltrate data...

CVE-2024-50599

A reflected Cross-Site Scripting XSS vulnerability has been identified in Zimbra Collaboration Suite ZCS 8.8.15, affecting one of the webmail calendar endpoints. This arises from improper handling of user-supplied input, allowing an attacker to inject malicious code that is reflected back in the...

CVE-2024-50599

CVE-2024-50599 describes a reflected Cross-Site Scripting (XSS) vulnerability in Zimbra Collaboration Suite (ZCS) 8.8.15 , affecting a webmail calendar endpoint. The issue arises from improper handling of user-supplied input, allowing an attacker to inject malicious code that is reflected back in...

CVE-2024-43009

A reflected cross-site scripting XSS vulnerability exists in user/login.php at line 24 in ZZCMS 2023 and earlier. The application directly inserts the value of the HTTPREFERER header into the HTML response without proper sanitization. An attacker can exploit this vulnerability by tricking a user...

CVE-2024-43009

A reflected cross-site scripting XSS vulnerability exists in user/login.php at line 24 in ZZCMS 2023 and earlier. The application directly inserts the value of the HTTPREFERER header into the HTML response without proper sanitization. An attacker can exploit this vulnerability by tricking a user...

Hotel Management System Cross-Site Scripting Vulnerability

Hotel Management System is a hotel management system based MIS project by Prem Chand Saini, an individual developer in India. A cross-site scripting vulnerability exists in Hotel Management System v1.0, which originates when the checkoutdate parameter in reservation.php is copied in plain text...

ADC :13.0 :HTML respond policy

ADC :13.0 :HTML respond policy...

Liberapay: Email Address Exposure via Gratipay Migration Tool

Through the /migrate route, an attacker can input the username of any user on the site and retrieve their primary email address without any authorization required. Steps to reproduce: Note: This cannot be performed with hackerone-target, because that account seems to return a None as an email. 1...

CVE-2021-23050

On BIG-IP Advanced WAF and BIG-IP ASM version 16.0.x before 16.0.1.2 and 15.1.x before 15.1.3 and NGINX App Protect on all versions before 3.5.0, when a cross-site request forgery CSRF-enabled policy is configured on a virtual server, an undisclosed HTML response may cause the bd process to...

CVE-2021-23050

CVE-2021-23050 affects BIG-IP Advanced WAF and BIG-IP ASM (and related NGINX App Protect) when a CSRF-enabled policy on a virtual server is configured. The vulnerability can cause the bd process to terminate due to an undisclosed HTML response, leading to DoS as described in vendor advisories. Af...

CVE-2021-23050

On BIG-IP Advanced WAF and BIG-IP ASM version 16.0.x before 16.0.1.2 and 15.1.x before 15.1.3 and NGINX App Protect on all versions before 3.5.0, when a cross-site request forgery CSRF-enabled policy is configured on a virtual server, an undisclosed HTML response may cause the bd process to...