EUVD-2026-30990

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Colorbox Inline allows Cross-Site Scripting XSS. This issue affects Colorbox Inline: from 0.0.0 before 2.1.1...

EUVD-2026-30997

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Orejime allows Cross-Site Scripting XSS. This issue affects Orejime: from 0.0.0 before 2.0.16...

Drupal core is Vulnerable to Cross-Site Scripting

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Drupal core allows Cross-Site Scripting XSS. This issue affects Drupal core: from 8.0.0 before 10.5.9, from 10.6.0 before 10.6.7, from 11.0.0 before 11.2.11, from 11.3.0 before 11.3.7...

EUVD-2026-30988

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Obfuscate allows Cross-Site Scripting XSS. This issue affects Obfuscate: from 0.0.0 before 2.0.2...

WordPress plugin Cost of Goods by PixelYourSite 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

CVE-2026-8493

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Colorbox Inline allows Cross-Site Scripting XSS. This issue affects Colorbox Inline: from 0.0.0 before 2.1.1...

CVE-2026-6367

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Drupal core allows Cross-Site Scripting XSS. This issue affects Drupal core: from 11.3.0 before 11.3.7...

CVE-2026-6871

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Obfuscate allows Cross-Site Scripting XSS. This issue affects Obfuscate: from 0.0.0 before 2.0.2...

CVE-2026-6095

The CVE-2026-6095 issue affects Orejime (0.0.0 to 2.0.15) and is a Cross-site Scripting (XSS) vulnerability caused by Improper Neutralization of Input During Web Page Generation, specifically the IframeConsent element writing HTML attributes without escaping. This can allow malicious input to inj...

edk2: EDK2: Improper Input Validation allows arbitrary command execution

A flaw was found in EDK2 EFI Development Kit 2. This vulnerability allows an attacker to cause arbitrary command execution and impact Confidentiality, Integrity, and Availability via improper input validation by local access...

CVE-2026-31910

CVE-2026-31910 (Apache OFBiz) is an SSRF vulnerability tied to improper input validation in UI Factory Classes. Affected software is Apache OFBiz prior to 24.09.06. The issue enables Server-Side Request Forgery and is addressed by upgrading to version 24.09.06, which contains the fix. No exploita...

EUVD-2026-30868

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

Apache OFBiz 跨站脚本漏洞

Apache OFBiz is an ERP system developed by the Apache Foundation in the United States. This system provides a complete set of Java-based web application components and tools. Versions of Apache OFBiz prior to 24.09.06 had a cross-site scripting vulnerability; this vulnerability was due to imprope...

Drupal Orejime 跨站脚本漏洞

Drupal Orejime is a Drupal privacy and cookie consent management module developed by the Drupal company. Versions of Drupal Orejime prior to 2.0.16 contained a cross-site scripting vulnerability. This vulnerability stemmed from improper input during the web page generation process, which could le...

Lexmark Printers Improper Input Validation (CVE-2010-0101)

The embedded HTTP server in multiple Lexmark laser and inkjet printers and MarkNet devices, including X94x, W840, T656, N4000, E462, C935dn, 25xxN, and other models, allows remote attackers to cause a denial of service operating system halt via a malformed HTTP Authorization header. This plugin...

GHSA-8X9C-MQXV-Q2PP Microsoft Security Advisory CVE-2026-35433 – .NET Elevation of Privilege Vulnerability

Executive Summary: Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 8.0, .NET 9.0, and .NET 10.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. Improper input validation i...

CVE-2026-7498 Stored XSS in Basamak Informatics' DernekWeb

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Basamak Information Technology Consulting and Organization Trade Ltd. Co. DernekWeb allows Stored XSS. This issue affects DernekWeb: through 30122025...

CVE-2026-7498

CVE-2026-7498 describes a Stored XSS in DernekWeb (Basamak Information Technology Consulting and Organization Trade Ltd. Co.) caused by improper neutralization of input during web page generation. Affected: DernekWeb up to 30122025. CVSSv3.1: 8.8 (HIGH) with NETWORK attack, NO privileges, UI requ...

PT-2026-41663

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Basamak Information Technology Consulting and Organization Trade Ltd. Co. DernekWeb allows Stored XSS. This issue affects DernekWeb: through 30122025...

Basamak DernekWeb 跨站脚本漏洞

Basamak DernekWeb is an association and membership management system developed by the Turkish company Basamak. Versions of Basamak DernekWeb prior to 30122025 contained a cross-site scripting vulnerability. This vulnerability stemmed from improper input during the web page generation process, whi...