EUVD-2026-37732

Plane CE 1.3.1 allows a low-privileged project member to submit arbitrary HTML/JS in the descriptionhtml field when creating an intake work item through the API v1 intake endpoint...

CVE-2026-10850 Plane 1.3.1 - Stored XSS in intake issue description_html

Plane CE 1.3.1 allows a low-privileged project member to submit arbitrary HTML/JS in the descriptionhtml field when creating an intake work item through the API v1 intake endpoint...

CVE-2026-9549

Stored cross-site scripting in the service discovery active check output in Checkmk 2.5.0p5, 2.4.0p31, 2.3.0p48, and all 2.2.0 versions allows an administrator who can configure active or custom checks to inject malicious HTML or JavaScript into check output that executes in the browser of an adm...

CVE-2026-33386

QuickCMS is vulnerable to Cross-Site Scripting XSS through its insecure HTTP-based plugin‑fetching mechanism. A malicious attacker can perform a Man‑in‑the‑Middle MITM attack by impersonating the opensolution.org server and serving arbitrary HTML or JavaScript at the plugin list endpoint. When a...

CVE-2026-31018

In Dolibarr ERP & CRM = 22.0.4, PHP code detection and editing permission enforcement in the Website module is not applied consistently to all input parameters, allowing an authenticated user restricted to HTML/JavaScript editing to inject PHP code through unprotected inputs during website page...

PT-2026-46949

Name of the Vulnerable Software and Affected Versions Lyrion Music Server version 9.2.0 Description An unauthenticated reflected cross-site scripting issue exists in the 'server.log' endpoint. This allows attackers to inject arbitrary HTML and JavaScript code via the search parameter. By crafting...

ERPNext 安全漏洞

ERPNext is a set of open-source enterprise resource planning solutions developed by the Indian company ERPNext. Version 16.16.0 of ERPNext contains a security vulnerability. This vulnerability allows authenticated users to persist arbitrary HTML/JavaScript in customer records’ email or mobile...

ERPNext 跨站脚本漏洞

ERPNext is a set of open-source enterprise resource planning solutions developed by the Indian company ERPNext. Version 16.16.0 of ERPNext contains a cross-site scripting vulnerability. This vulnerability arises from users with project record editing privileges being able to persist arbitrary...

PT-2026-46044

Name of the Vulnerable Software and Affected Versions ERPNext version 16.16.0 Description An authenticated user can persist arbitrary HTML or JavaScript within the email id or mobile no fields of a Customer record. This leads to unescaped rendering in the Point of Sale POS interface for any...

GHSA-R29H-37FJ-X2W6 Open WebUI Has Stored Cross-Site Scripting in SVG Renderer

Summary There is a Cross-Site Scripting vulnerability in Open WebUI SVG renderer implementation. Details It is possible permanently save any HTML/JavaScript code in the application, which can be then executed in the context of the application domain. This behaviour can be used to extract and stea...

PT-2026-41176

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.6.31 Description A Cross-Site Scripting issue exists in the SVG renderer implementation. This allows the permanent storage of HTML or JavaScript code within the application, which is then executed in the context ...

Cross-site Scripting (XSS)

Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the font family preference update process. An attacker can execute arbitrary HTML or JavaScript in the context of another user's session by injecting malicious...

PT-2026-35951

Name of the Vulnerable Software and Affected Versions Helpy version 2.8.0 Description A stored cross-site scripting issue exists in the knowledge base Doc rendering logic. An authenticated attacker with admin or agent editor privileges can persist arbitrary HTML or JavaScript in the body field of...

PT-2026-35522

A reflected cross-site scripting XSS vulnerability exists in WebFileSys version 2.31.1. User-controlled input is reflected into HTML and JavaScript contexts without proper output encoding, allowing arbitrary JavaScript execution in the victim's browser...

CVE-2026-31018

In Dolibarr ERP & CRM = 22.0.4, PHP code detection and editing permission enforcement in the Website module is not applied consistently to all input parameters, allowing an authenticated user restricted to HTML/JavaScript editing to inject PHP code through unprotected inputs during website page...

CVE-2026-26276

Gogs is an open source self-hosted Git service. Prior to version 0.14.2, an attacker can store an HTML/JavaScript payload in a repository’s Milestone name, and when another user selects that Milestone on the New Issue page /issues/new, a DOM-Based XSS is triggered. This issue has been patched in...

PT-2026-23488

Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.14.2 Description Gogs, a self-hosted Git service, is affected by a DOM-Based Cross-Site Scripting XSS issue. An attacker can inject an HTML/JavaScript payload into a repository’s Milestone name. When another user selec...

CVE-2026-23612 GFI MailEssentials AI < 22.4 Anti-Spam IP DNS Blocklist Domain Stored XSS

GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the IP DNS Blocklist configuration page. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pv1$TXBIPs parameter to...

CVE-2026-23611 GFI MailEssentials AI < 22.4 Anti-Spam IP Blocklist Description Stored XSS

GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the IP Blocklist management page. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pv1$txtIPDescription parameter to...

CVE-2026-23609

GFI MailEssentials AI (versions prior to 22.4) contains a stored cross-site scripting vulnerability in the Perimeter SMTP Servers configuration page. An authenticated user can submit HTML/JavaScript to ctl00$ContentPlaceHolder1$pv3$txtDescription on /MailEssentials/pages/MailSecurity/PerimeterSMT...