Cross-site Scripting (XSS)

Overview wagtail is an open source content management system built on Django. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the wagtail.contrib.simpletranslation module. A user with access to the admin area can execute arbitrary JavaScript code in the context of...

CVE-2026-0540

DOMPurify 3.1.3 through 3.3.1 and 2.5.3 through 2.5.8, fixed in commit 2726c74, contain a cross-site scripting vulnerability that allows attackers to bypass attribute sanitization by exploiting five missing rawtext elements noscript, xmp, noembed, noframes, iframe in the SAFEFORXML regex. Attacke...

CVE-2026-3343

A reflected cross-site scripting XSS vulnerability in the Fireware OS Web UI enabled execution of malicious JavaScript in the context of an authenticated management user's browser when they click on a specially crafted link. This vulnerability affects Fireware OS 12.7 up to and including 12.11.7...

RLSA-2026:3516 Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: libvpx: Heap buffer overflow in libvpx CVE-2026-2447 firefox: Invalid pointer in the JavaScript Engine component CVE-2026-2785 firefox: Memory safety bugs fixed in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR...

thunderbird security update

An update is available for thunderbird. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Mozilla Thunderbird is a standalone mail and newsgroup client. Security...

mailparser vulnerable to Cross-site Scripting

Versions of the package mailparser before 3.9.3 are vulnerable to Cross-site Scripting XSS via the textToHtml function due to the improper sanitisation of URLs in the email content. An attacker can execute arbitrary scripts in victim browsers by adding extra quote " to the URL with embedded...

CVE-2026-3455

Versions of the package mailparser before 3.9.3 are vulnerable to Cross-site Scripting XSS via the textToHtml function due to the improper sanitisation of URLs in the email content. An attacker can execute arbitrary scripts in victim browsers by adding extra quote " to the URL with embedded...

Nokia IMPACT 安全漏洞

Nokia IMPACT is a set of IoT intelligent management platforms developed by Finnish company Nokia. Versions of Nokia IMPACT such as 19.11.2.10-20210118042150283 and earlier contain security vulnerabilities. These vulnerabilities stem from the Applications component, which allows JavaScript files t...

CVE-2021-35483

The Applications component of Nokia IMPACT version through 19.11.2.10-20210118042150283 allows an authenticated user to arbitrarily upload JavaScript files via the /ui/rest-proxy/application fileupload parameter. This can occur during the adding of a new application, or during the editing of an...

EUVD-2021-22125

The Applications component of Nokia IMPACT version through 19.11.2.10-20210118042150283 allows an authenticated user to arbitrarily upload JavaScript files via the /ui/rest-proxy/application fileupload parameter. This can occur during the adding of a new application, or during the editing of an...

PT-2026-22758

The Applications component of Nokia IMPACT version through 19.11.2.10-20210118042150283 allows an authenticated user to arbitrarily upload JavaScript files via the /ui/rest-proxy/application fileupload parameter. This can occur during the adding of a new application, or during the editing of an...

CVE-2021-35483

The Applications component of Nokia IMPACT version through 19.11.2.10-20210118042150283 allows an authenticated user to arbitrarily upload JavaScript files via the /ui/rest-proxy/application fileupload parameter. This can occur during the adding of a new application, or during the editing of an...

PT-2026-22733

A reflected cross-site scripting XSS vulnerability in the Fireware OS Web UI enabled execution of malicious JavaScript in the context of an authenticated management user's browser when they click on a specially crafted link. This vulnerability affects Fireware OS 12.7 up to and including 12.11.7...

CVE-2021-35483

The Nokia IMPACT Applications component (versions up to 19.11.2.10-20210118042150283) allows an authenticated user to arbitrarily upload JavaScript files via the /ui/rest-proxy/application fileupload parameter during adding or editing an application. If an authenticated user visits the page where...

CVE-2021-35483

The Applications component of Nokia IMPACT version through 19.11.2.10-20210118042150283 allows an authenticated user to arbitrarily upload JavaScript files via the /ui/rest-proxy/application fileupload parameter. This can occur during the adding of a new application, or during the editing of an...

PT-2026-23054

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 145.0.7632.159 Description An improper implementation in the V8 component of Google Chrome could allow a remote attacker to potentially perform out-of-bounds memory access through a crafted HTML page. The issue...

PT-2026-23522

Name of the Vulnerable Software and Affected Versions OpenClaw versions 2.0.0-beta3 through 2026.2.13 Description The OpenClaw software contains a path traversal issue within the hook transform module loading process that could lead to arbitrary JavaScript execution. The...

MiracleLinux 8 : firefox-140.8.0-2.el8_10.ML.1 (AXSA:2026-248:04)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2026-248:04 advisory. libvpx: Heap buffer overflow in libvpx CVE-2026-2447 firefox: Invalid pointer in the JavaScript Engine component CVE-2026-2785 firefox: Memory safety...

Linux Distros Unpatched Vulnerability : CVE-2026-2796

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - JIT miscompilation in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 148 and Thunderbird 148. CVE-2026-2796 Note that Nessus...

CVE-2025-52470

Chamilo is a learning management system. Prior to version 1.11.30, a stored cross-site scripting XSS vulnerability exists in the sessioncategoryadd.php script. The vulnerability is caused by improper sanitization of the Category Name field, allowing privileged users to inject persistent JavaScrip...