@angular/compiler: Two-Way Property Binding Sanitization Bypass (XSS)

An issue in the @angular/compiler package allows bypassing DOM property sanitization through the use of two-way property bindings. Specifically, when a native DOM property that requires sanitization such as innerHTML, srcdoc, src, href, data, or sandbox is bound using the two-way binding syntax...

GHSA-58W9-8G37-X9V5 @angular/compiler: Two-Way Property Binding Sanitization Bypass (XSS)

An issue in the @angular/compiler package allows bypassing DOM property sanitization through the use of two-way property bindings. Specifically, when a native DOM property that requires sanitization such as innerHTML, srcdoc, src, href, data, or sandbox is bound using the two-way binding syntax...

EUVD-2026-36077

draw.io is a configurable diagramming and whiteboarding application. Prior to version 29.7.12, a crafted .drawio file can execute arbitrary JavaScript in the editor's origin when the file is opened. The vulnerability is not in the label sanitizer which works correctly on the rendering path but in...

CVE-2026-47900

Logseq is vulnerable to a stored cross-site scripting XSS. A malicious plugin can include a JavaScript payload in the "name" field of its "package.json" file, which is rendered using "innerHTML" without proper sanitization, allowing the execution of arbitrary code in the privileged host context...

CVE-2026-47900

Affected software: Logseq. Vulnerability: Stored XSS in which a malicious plugin can place a JavaScript payload in the name field of its package.json, rendered via innerHTML without sanitization, allowing code execution in privileged host context. Versions/impact: Only v0.10.15 was tested and con...

Logseq 跨站脚本漏洞

Logseq is an open-source knowledge management and collaboration platform developed by Logseq. Version Logseq v0.10.15 contains a cross-site scripting vulnerability. This vulnerability arises from malicious plugins that can include JavaScript payloads in the name field of their package.json file,...

CVE-2026-45231

DumbAssets through 1.0.11 contains a stored cross-site scripting vulnerability in asset fields including name, description, modelNumber, serialNumber, and tags that are stored without server-side sanitization and rendered using innerHTML without client-side escaping. Attackers can create or updat...

CVE-2026-5231

The WP Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'utmsource' parameter in all versions up to, and including, 14.16.4. This is due to insufficient input sanitization and output escaping. The plugin's referral parser copies the raw utmsource value into the...

CVE-2026-28445

Typebot is a chatbot builder tool. In versions 3.15.2 and prior, the RatingButton component in the embed package renders the user-controlled customIcon.svg field directly via Solid's innerHTML directive without any sanitization, even though DOMPurify is already a dependency and is used elsewhere ...

EUVD-2026-33936

Appsmith’s SQL query editor’s autocomplete functionality fails to sanitize database object names before rendering them in innerHTML, allowing an authenticated Developer to inject persistent XSS by a malicious table or column names triggering arbitrary code execution in the sessions of other...

CVE-2026-45348 pyLoad: Stored XSS in Downloads view via unsanitized link URL in packages.js template literal

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the packages.js template at src/pyload/webui/app/themes/modern/templates/js/packages.js:172 interpolates a stored link URL into a template literal inside single-quoted HTML and then writes the result to...

CVE-2026-9806

A stored cross-site scripting XSS vulnerability exists in the notification panel of CTI Transmute in versions prior to the patched release. Notification messages containing user-controlled convert names were rendered in the notification bell dropdown using innerHTML without adequate sanitization...

CTI-Transmute 安全漏洞

CTI-Transmute is an open-source network threat intelligence format conversion service developed by the MISP Project. CTI-Transmute has a security vulnerability. This vulnerability stems from the fact that the notification messages in the notification panel contain transition names that are...

CVE-2026-48149

Budibase is an open-source low-code platform. Prior to 3.39.0, the Budibase Text component renders markdown by assigning marked.parsemarkdown straight to innerHTML with no sanitizer packages/bbui/src/Markdown/MarkdownViewer.svelte:22. Any column a builder binds to a Text component in Markdown mod...

EUVD-2026-32591

Budibase is an open-source low-code platform. Prior to 3.39.0, the Budibase Text component renders markdown by assigning marked.parsemarkdown straight to innerHTML with no sanitizer packages/bbui/src/Markdown/MarkdownViewer.svelte:22. Any column a builder binds to a Text component in Markdown mod...

CVE-2026-48149

CVE-2026-48149 affects Budibase prior to version 3.39.0, where the Budibase Text component in Markdown mode rendered markdown by assigning marked.parse(markdown) directly to innerHTML without sanitization (MarkdownViewer.svelte:22). This creates a stored-XSS sink in any column bound to a Text com...

Budibase 跨站脚本漏洞

Budibase is an open-source platform developed by Budibase in the UK. It allows for the creation of internal applications, workflows, and management panels within minutes. Versions of Budibase prior to 3.39.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from the Text...

PT-2026-44060

Name of the Vulnerable Software and Affected Versions Budibase versions prior to 3.39.0 Description The Text component in this open-source low-code platform renders markdown by assigning the output of the marked.parsemarkdown function directly to innerHTML without using a sanitizer. This creates ...

EUVD-2026-31466

Typebot is a chatbot builder tool. In versions 3.15.2 and prior, the RatingButton component in the embed package renders the user-controlled customIcon.svg field directly via Solid's innerHTML directive without any sanitization, even though DOMPurify is already a dependency and is used elsewhere ...

CVE-2026-28445

Typebot is a chatbot builder tool. In versions 3.15.2 and prior, the RatingButton component in the embed package renders the user-controlled customIcon.svg field directly via Solid's innerHTML directive without any sanitization, even though DOMPurify is already a dependency and is used elsewhere ...