897 matches found
EUVD-2025-210428
The software accepts user-supplied input via a URL parameter without adequate output encoding before reflecting it back to the user's browser. This condition allows an attacker to inject malicious script content into pages served by the application. By leveraging this weakness, an attacker can...
CVE-2025-8591
The software accepts user-supplied input via a URL parameter without adequate output encoding before reflecting it back to the user's browser. This condition allows an attacker to inject malicious script content into pages served by the application. By leveraging this weakness, an attacker can...
CVE-2026-10054
In affected versions of Eclipse Theia 1.8.1 and later, the browser backend exposes privileged terminal RPC over WebSocket /services/shell-terminal, /services/terminals/:id without service-level authentication. WebSocket origin validation in @theia/core is fail-open: connections are accepted when...
Sensitive Cookie Without "HttpOnly" Flag
Overview Affected versions of this package are vulnerable to Sensitive Cookie Without "HttpOnly" Flag via missing HttpOnly and Secure attributes on the pinpointJwt session cookie. An attacker can access session tokens by exploiting stored or reflected cross-site scripting to exfiltrate the cookie...
CVE-2026-57948
Pinpoint through version 3.1.0 contains an insecure session management vulnerability that allows attackers to access the pinpointJwt session cookie due to missing HttpOnly and Secure attributes, enabling JavaScript access via document.cookie and cleartext transmission over HTTP. Attackers can...
Astra Linux – Vulnerability in Ceph
A flaw was discovered in Red Hat Ceph Storage 4, within the Dashboard component. In response to CVE-2020-27839, the JWT token was moved from localStorage to an httpOnly cookie. However, token cookies are used in the body of the HTTP response for documentation purposes, which again exposes them to...
CVE-2025-6024
The authentication endpoint fails to encode user-supplied input before rendering it in the web page, allowing for script injection. An attacker can leverage this by injecting malicious scripts into the authentication endpoint. This can result in the user's browser being redirected to a malicious...
CVE-2024-4867
The WSO2 API Manager developer portal accepts user-supplied input without enforcing expected validation constraints or proper output encoding. This deficiency allows a malicious actor to inject script content that is executed within the context of a user's browser. By leveraging this cross-site...
CVE-2026-41147
NukeViet CMS is a multi Content Management System. Versions 4.5.07 and prior contain a Stored Cross-Site Scripting XSS vulnerability caused by insufficient server-side input sanitization in the Request class. The application relies primarily on client-side filtering to sanitize HTML tags and...
CVE-2026-41147
CVE-2026-41147 (NukeViet CMS) is a stored XSS issue affecting NukeViet CMS versions up to 4.5.08, caused by insufficient server-side input sanitization in the Request class. The app relies on client-side filtering for user-submitted HTML, which can be bypassed by altering HTTP requests. Attackers...
Cross-site Scripting (XSS)
Overview nukeviet/nukeviet is a the first opensource CMS in Vietnam. Affected versions of this package are vulnerable to Cross-site Scripting XSS via insufficient server-side input sanitization in the Request class. An attacker can execute arbitrary scripts in the context of another user's browse...
CVE-2026-42239
Budibase is an open-source low-code platform. Prior to version 3.35.10, the budibase:auth cookie containing the JWT session token is set with httpOnly: false at packages/backend-core/src/utils/utils.ts:218. JavaScript can read this cookie via document.cookie. This means every XSS becomes a full...
EUVD-2026-28429
Budibase is an open-source low-code platform. Prior to version 3.35.10, the budibase:auth cookie containing the JWT session token is set with httpOnly: false at packages/backend-core/src/utils/utils.ts:218. JavaScript can read this cookie via document.cookie. This means every XSS becomes a full...
CVE-2026-42239
Budibase (backend-core, budibase:auth cookie) is affected prior to version 3.35.10. The issue is that the budibase:auth cookie is set HTTPOnly: false, lacks secure: true and sameSite, allowing access to the JWT session token via document.cookie. This enables any XSS to escalate to full account ta...
Sensitive Cookie Without "HttpOnly" Flag
Overview @budibase/backend-core is a Budibase backend core libraries used in server and worker Affected versions of this package are vulnerable to Sensitive Cookie Without "HttpOnly" Flag via the set function in the cookie handling process. An attacker can gain unauthorized access to user account...
Nginx-UI: Cross-Site WebSocket Hijacking (CSWSH) via missing origin validation on all WebSocket endpoints
All WebSocket endpoints in nginx-ui use a gorilla/websocket Upgrader with CheckOrigin unconditionally returning true, allowing Cross-Site WebSocket Hijacking CSWSH. Combined with the fact that authentication tokens are stored in browser cookies set via JavaScript without HttpOnly or explicit...
CVE-2026-34403
Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.5, all WebSocket endpoints in nginx-ui use a gorilla/websocket Upgrader with CheckOrigin unconditionally returning true, allowing Cross-Site WebSocket Hijacking CSWSH. Combined with the fact that authentication tokens...
CVE-2026-34403
Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.5, all WebSocket endpoints in nginx-ui use a gorilla/websocket Upgrader with CheckOrigin unconditionally returning true, allowing Cross-Site WebSocket Hijacking CSWSH. Combined with the fact that authentication tokens...
EUVD-2024-55547
The WSO2 API Manager developer portal accepts user-supplied input without enforcing expected validation constraints or proper output encoding. This deficiency allows a malicious actor to inject script content that is executed within the context of a user's browser. By leveraging this cross-site...
EUVD-2025-209497
The authentication endpoint fails to encode user-supplied input before rendering it in the web page, allowing for script injection. An attacker can leverage this by injecting malicious scripts into the authentication endpoint. This can result in the user's browser being redirected to a malicious...