2 matches found
CVE-2026-46628
CVE-2026-46628 affects Twig (PHP template engine). Before 3.26.0, the deprecated spaceless filter was registered as safe for HTML, causing Twig autoescaping to emit attacker‑controlled markup unescaped when spaceless is applied to untrusted input. This issue is fixed in version 3.26.0. Affected: ...
GHSA-C62G-J346-39V5 absinthe_plug Has a Cross-site Scripting vulnerability
Improper Neutralization of Input During Web Page Generation XSS vulnerability in absinthe-graphql absintheplug allows reflected cross-site scripting via the GraphiQL interface. 'Elixir.Absinthe.Plug.GraphiQL':jsescape/1 in lib/absinthe/plug/graphiql.ex escapes single quotes and newlines in the...