3 matches found
CVE-2026-28436
Frappe is a full-stack web application framework. Prior to versions 16.11.0 and 15.102.0, an attacker can set a crafted image URL that results in XSS when the avatar is displayed, and it can be triggered for other users via website page comments. This issue has been patched in versions 16.11.0 an...
CVE-2025-25908
CVE-2025-25908 affects tianti v2.3 with a stored XSS in the coverImageURL parameter at /article/ajax/save. Root cause: unsanitized input in the coverImageURL field leading to arbitrary web scripts/HTML execution. Impact: potential exposure of user data due to crafted payloads; CVSS 3.1 base score...
Snitz Forums 2000 vulnerable to cross-site scripting via crafted IMG tag
Overview Snitz Forums 2000 does not adequately check "IMG" tag "SRC" attributes and thus contains cross-site scripting vulnerability. Description Snitz Forums is an automated bulletin-board program for web sites. Snitz Forums allows users to submit images by specifying the URL of the image. In...