936 matches found
CVE-2026-1513
billboard.js before 3.18.0 allows an attacker to execute malicious JavaScript due to improper sanitization during chart option binding...
CVE-2026-1513
CVE-2026-1513 affects billboard.js prior to 3.18.0, enabling cross-site scripting via improper sanitization during chart option binding. Multiple sources (Red Hat, OSV, Snyk) confirm an XSS risk in the affected library. Remediation: upgrade billboard.js to 3.18.0-next.2 or higher (per OSV/Snyk gu...
PT-2026-5054
billboard.js before 3.18.0 allows an attacker to execute malicious JavaScript due to improper sanitization during chart option binding...
Relative Path Traversal
Overview @vltpkg/tar is an An extremely limited and very fast tar extractor Affected versions of this package are vulnerable to Relative Path Traversal via improper sanitization of file paths during the extraction process. An attacker can overwrite arbitrary files on the filesystem by crafting ta...
CVE-2025-14316
The AhaChat Messenger Marketing WordPress plugin through 1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2025-9289
A Cross-Site Scripting XSS vulnerability was identified in a parameter in Omada Controllers due to improper input sanitization. Exploitation requires advanced conditions, such as network positioning or emulating a trusted entity, and user interaction by an authenticated administrator. If...
CVE-2025-69045
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in FooEvents FooEvents for WooCommerce fooevents allows SQL Injection.This issue affects FooEvents for WooCommerce: from n/a through = 1.20.4...
Cross-site Scripting (XSS)
october/system is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper input sanitization in backend configuration stylesheet fields, which allows an attacker with backend customization privileges to inject malicious HTML or JavaScript and execute arbitrary scripts across...
CVE-2026-23769
lucy-xss-filter before commit e5826c0 allows an attacker to execute malicious JavaScript due to improper sanitization caused by misconfigured default superset rule files...
CVE-2026-23769
lucy-xss-filter before commit e5826c0 allows an attacker to execute malicious JavaScript due to improper sanitization caused by misconfigured default superset rule files...
CVE-2026-23769
lucy-xss-filter before commit e5826c0 allows an attacker to execute malicious JavaScript due to improper sanitization caused by misconfigured default superset rule files...
CVE-2026-23769
lucy-xss-filter before commit e5826c0 allows an attacker to execute malicious JavaScript due to improper sanitization caused by misconfigured default superset rule files...
CVE-2026-23769
CVE-2026-23769 affects lucy-xss-filter. The issue arises from improper sanitization due to misconfigured default superset rule files, enabling an attacker to execute malicious JavaScript. The noted vulnerable state involves versions prior to commit e5826c0. Red Hat and other sources confirm impac...
CVE-2026-23769
lucy-xss-filter before commit e5826c0 allows an attacker to execute malicious JavaScript due to improper sanitization caused by misconfigured default superset rule files...
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Overview quill is a modern rich text editor built for compatibility and extensibility. Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' due to the improper sanitazation in the getHTML function. An...
PT-2026-1747
Name of the Vulnerable Software and Affected Versions The Quiz Maker WordPress plugin versions prior to 6.7.0.89 Description The software does not properly sanitize and escape certain settings, potentially allowing users with high privileges, such as administrators, to carry out Stored Cross-Site...
CVE-2022-0255
The Database Backup for WordPress plugin before 2.5.1 does not properly sanitise and escape the fragment parameter before using it in a SQL statement in the admin dashboard, leading to a SQL injection issue...
CVE-2024-39123
In janeczku Calibre-Web 0.6.0 to 0.6.21, the editbookcomments function is vulnerable to Cross Site Scripting XSS due to improper sanitization performed by the cleanstring function. The vulnerability arises from the way the cleanstring function handles HTML sanitization...
CVE-2025-23039
Caido is a web security auditing toolkit. A Cross-Site Scripting XSS vulnerability was identified in Caido v0.45.0 due to improper sanitization in the URL decoding tooltip of HTTP request and response editors. This issue could allow an attacker to execute arbitrary scripts, potentially leading to...
CVE-2021-33886
An improper sanitization of input vulnerability in B. Braun SpaceCom2 prior to 012U000062 allows a remote unauthenticated attacker to gain user-level command-line access by passing a raw external string straight through to printf statements. The attacker is required to be on the same network as t...