Lucene search
K

4 matches found

OSV
OSV
added 2026/05/22 4:12 p.m.3 views

CVE-2026-28445 Typebot: Stored XSS via Rating Block Custom Icon Bypasses isUnsafe Sandbox in Builder Preview

Typebot is a chatbot builder tool. In versions 3.15.2 and prior, the RatingButton component in the embed package renders the user-controlled customIcon.svg field directly via Solid's innerHTML directive without any sanitization, even though DOMPurify is already a dependency and is used elsewhere ...

8.7CVSS6.1AI score0.00257EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/23 12:40 a.m.7 views

EUVD-2026-25158

STIG Manager is an API and web client for managing Security Technical Implementation Guides STIG assessments of Information Systems. Versions 1.5.10 through 1.6.7 have a reflected Cross-Site Scripting XSS vulnerability in the OIDC authentication error handling code in src/init.js and...

8.5CVSS6.1AI score0.00332EPSS
Exploits1References1
Snyk
Snyk
added 2026/03/20 8:45 p.m.9 views

Cross-site Scripting (XSS)

Overview @pdfme/schemas is a TypeScript base PDF generator and React base UI. Open source, developed by the community, and completely free to use under the MIT license! Affected versions of this package are vulnerable to Cross-site Scripting XSS in the multiVariableText property panel when...

5.5CVSS5.7AI score
Exploits0References2
OSV
OSV
added 2019/09/27 6:15 p.m.3 views

DEBIAN-CVE-2019-11744

Some HTML elements, such as title and textarea, can contain literal angle brackets without treating them as markup. It is possible to pass a literal closing tag to .innerHTML on these elements, and subsequent content after that will be parsed as if it were outside the tag. This can lead to XSS if...

6.1CVSS7.2AI score0.0145EPSS
Exploits0References1
Rows per page
Query Builder