CVE-2026-1592 Stored XSS via Create New Layer Field found in Foxit PDF Editor Cloud

Foxit PDF Editor Cloud pdfonline contains a stored cross-site scripting vulnerability in the Create New Layer feature. Unsanitized user input is embedded into the HTML output, allowing arbitrary JavaScript execution when the layer is referenced. This issue affects pdfonline.foxit.com: before...

CVE-2026-1592

CVE-2026-1592 affects Foxit PDF Editor Cloud (pdfonline). The vulnerability is a stored cross-site scripting (XSS) in the Create New Layer feature, where unsanitized user input is embedded into HTML output, enabling arbitrary JavaScript execution when the layer is referenced. Documents reference ...

CVE-2026-1591 Stored XSS via Attachments Feature in https://pdfonline.foxit.com/

Foxit PDF Editor Cloud pdfonline contains a stored cross-site scripting vulnerability in the file upload feature. A malicious username is embedded into the upload file list without proper escaping, allowing arbitrary JavaScript execution when the list is displayed. This issue affects...

CVE-2026-1591

Foxit PDF Editor Cloud pdfonline contains a stored cross-site scripting vulnerability in the file upload feature. A malicious username is embedded into the upload file list without proper escaping, allowing arbitrary JavaScript execution when the list is displayed. This issue affects...

CVE-2026-1591 Stored XSS via Attachments Feature in https://pdfonline.foxit.com/

Foxit PDF Editor Cloud pdfonline contains a stored cross-site scripting vulnerability in the file upload feature. A malicious username is embedded into the upload file list without proper escaping, allowing arbitrary JavaScript execution when the list is displayed. This issue affects...

Malicious code in frontend-js-state-web (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 770e7ef9c670e6c188650363a084728f7827f49ab63d6fb9aa57f6e4cfd07dbf The package frontend-js-state-web was found to contain malicious code. Source: ghsa-malware...

MAL-2026-680 Malicious code in frontend-js-state-web (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 770e7ef9c670e6c188650363a084728f7827f49ab63d6fb9aa57f6e4cfd07dbf The package frontend-js-state-web was found to contain malicious code. Source: ghsa-malware...

CVE-2025-70958

Multiple reflected cross-site scripting XSS vulnerabilities in the installation module of Subrion CMS v4.2.1 allows attackers to execute arbitrary Javascript in the context of the user's browser via injecting a crafted payload into the dbuser, dbpwd, and dbname parameters...

CVE-2025-67477

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Special.Apisandbox/ApiSandboxLayout.Js. This issue affects MediaWiki: from before...

CVE-2025-61651

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files modules/ext.CheckUser/checkuser/checkUserHelper/buildUserElement.Js. This issue affects CheckUser: from...

CVE-2025-67484 Action API xslt option allows JavaScript execution by administrators who are not interface administrators

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiFormatXml.Php. This issue affects MediaWiki: from before 1.39.16, 1.43.6, 1.44.3, 1.45.1...

CVE-2025-67484 Action API xslt option allows JavaScript execution by administrators who are not interface administrators

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiFormatXml.Php. This issue affects MediaWiki: from before 1.39.16, 1.43.6, 1.44.3, 1.45.1...

CVE-2025-67484

MediaWiki vulnerability CVE-2025-67484 affects MediaWiki versions before 1.39.16, 1.43.6, 1.44.3, and 1.45.1. The issue is tied to the Action API xslt option, enabling JavaScript execution by administrators who are not interface administrators; the xslt option is now disabled by default and can b...

CVE-2025-67477 Stored XSS through a system message in Special:ApiSandbox

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Special.Apisandbox/ApiSandboxLayout.Js. This issue affects MediaWiki: from before...

CVE-2025-11261

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Language/mediawiki.Language.Js. This issue affects MediaWiki: from before 1.39.15,...

CVE-2025-61657

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation Vector. This vulnerability is associated with program files resources/skins.Vector.Js/stickyHeader.Js. This issue affects Vector: from before 1.43.4, 1.44.1...

GHSA-9JJM-MC56-3QXV Subrion CMS vulnerable to cross-site scripting

Multiple reflected Cross-site Scripting XSS vulnerabilities in the installation module of Subrion CMS v4.2.1 allow attackers to execute arbitrary Javascript in the context of the user's browser via injecting a crafted payload into the dbuser, dbpwd, and dbname parameters...

Subrion CMS vulnerable to cross-site scripting

Multiple reflected Cross-site Scripting XSS vulnerabilities in the installation module of Subrion CMS v4.2.1 allow attackers to execute arbitrary Javascript in the context of the user's browser via injecting a crafted payload into the dbuser, dbpwd, and dbname parameters...

EUVD-2025-206639

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Language/mediawiki.Language.Js. This issue affects MediaWiki: from before 1.39.15,...

CVE-2025-61637

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Action/mediawiki.Action.Edit.Preview.Js, resources/src/mediawiki.Page.Preview.Js...