58939 matches found
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the getDynamicIcon endpoint when attacker-controlled input is embedded into SVG output without proper sanitization. An attacker can execute arbitrary JavaScript in the context of the web application by...
EUVD-2026-9491
Inappropriate implementation in V8 in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Chromium security severity: High...
GHSA-WF6X-7X77-MVGW Immutable is vulnerable to Prototype Pollution
Impact What kind of vulnerability is it? Who is impacted? A Prototype Pollution is possible in immutable via the mergeDeep, mergeDeepWith, merge, Map.toJS, and Map.toObject APIs. Affected APIs | API | Notes | | --------------------------------------- |...
GHSA-FP25-P6MJ-QQG6 locutus call_user_func_array vulnerable to Remote Code Execution (RCE) due to Code Injection
Details A Remote Code Execution RCE flaw was discovered in the locutus project v2.0.39, specifically within the calluserfuncarray function implementation. The vulnerability allows an attacker to inject arbitrary JavaScript code into the application's runtime environment. This issue stems from an...
locutus call_user_func_array vulnerable to Remote Code Execution (RCE) due to Code Injection
Details A Remote Code Execution RCE flaw was discovered in the locutus project v2.0.39, specifically within the calluserfuncarray function implementation. The vulnerability allows an attacker to inject arbitrary JavaScript code into the application's runtime environment. This issue stems from an...
EUVD-2026-9465
Multiple Cisco products are affected by a vulnerability in the Snort 3 Detection Engine that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to restart, resulting in an interruption of packet inspection. This vulnerability is due to an error in the JSTokenize...
CVE-2026-20066
Multiple Cisco products are affected by a vulnerability in the Snort 3 Detection Engine that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to restart, resulting in an interruption of packet inspection. This vulnerability is due to an error in the JSTokenize...
CVE-2026-20066
Multiple Cisco products are affected by a vulnerability in the Snort 3 Detection Engine that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to restart, resulting in an interruption of packet inspection. This vulnerability is due to an error in the JSTokenize...
CVE-2026-20066 Multiple Cisco Products Snort 3 TBD Denial of Service Vulnerability
Multiple Cisco products are affected by a vulnerability in the Snort 3 Detection Engine that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to restart, resulting in an interruption of packet inspection. This vulnerability is due to an error in the JSTokenize...
CVE-2026-20066
CVE-2026-20066 affects multiple Cisco products using the Snort 3 Detection Engine. The issue stems from JSTokenizer normalization logic during HTTP inspection of JavaScript, allowing an unauthenticated remote attacker to trigger a DoS by causing the Snort 3 engine to restart, interrupting packet ...
CVE-2019-25502 Simple Job Script Cross-Site Scripting via job_type_value Parameter
Simple Job Script contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the jobtypevalue parameter in the jobs endpoint. Attackers can craft requests with SVG payload injection to execute arbitrary JavaScript in victim...
Security Bulletin: Cross-Site Scripting (XSS) Vulnerability in serialize-javascript Due to Improper Input Sanitization affects watsonx.data
Summary A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly sanitize certain inputs, such as regex or other JavaScript object types, allowing an attacker to inject malicious code. This code could be executed when...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Switch Language block. An attacker can execute arbitrary JavaScript code in the context of other users by injecting malicious scripts through this component. Details Cross-site scripting or XSS is a code...
EUVD-2026-9359
In Concrete CMS below version 9.4.8, a stored cross-site scripting XSS vulnerability exists in the "Legacy Form" block. An authenticated user with permissions to create or edit forms e.g., a rogue administrator can inject a persistent JavaScript payload into the options of a multiple-choice...
EUVD-2026-9355
In Concrete CMS below version 9.4.8, A stored cross-site scripting XSS vulnerability exists in the search block where page names and content are rendered without proper HTML encoding in search results. This allows authenticated, rogue administrators to inject malicious JavaScript through page nam...
Concrete CMS has a stored Cross-site Scripting (XSS) vulnerability
In Concrete CMS below version 9.4.8, a Cross-site Scripting XSS vulnerability exists in the "Legacy Form" block. An authenticated user with permissions to create or edit forms e.g., a rogue administrator can inject a persistent JavaScript payload into the options of a multiple-choice question...
CVE-2026-3241
In Concrete CMS below version 9.4.8, a stored cross-site scripting XSS vulnerability exists in the "Legacy Form" block. An authenticated user with permissions to create or edit forms e.g., a rogue administrator can inject a persistent JavaScript payload into the options of a multiple-choice...
CVE-2026-3244
In Concrete CMS below version 9.4.8, A stored cross-site scripting XSS vulnerability exists in the search block where page names and content are rendered without proper HTML encoding in search results. This allows authenticated, rogue administrators to inject malicious JavaScript through page nam...
CVE-2026-3244
In Concrete CMS below version 9.4.8, A stored cross-site scripting XSS vulnerability exists in the search block where page names and content are rendered without proper HTML encoding in search results. This allows authenticated, rogue administrators to inject malicious JavaScript through page nam...
CVE-2021-35483
The Applications component of Nokia IMPACT version through 19.11.2.10-20210118042150283 allows an authenticated user to arbitrarily upload JavaScript files via the /ui/rest-proxy/application fileupload parameter. This can occur during the adding of a new application, or during the editing of an...