EUVD-2026-16862

Handlebars.js has JavaScript Injection in CLI Precompiler via Unescaped Names and Options...

Handlebars.js has JavaScript Injection in CLI Precompiler via Unescaped Names and Options

Summary The Handlebars CLI precompiler bin/handlebars / lib/precompiler.js concatenates user-controlled strings — template file names and several CLI options — directly into the JavaScript it emits, without any escaping or sanitization. An attacker who can influence template filenames or CLI...

EUVD-2026-16860

Handlebars.js has JavaScript Injection via AST Type Confusion when passing an object as dynamic partial...

Handlebars.js has JavaScript Injection via AST Type Confusion by tampering @partial-block

Summary The @partial-block special variable is stored in the template data context and is reachable and mutable from within a template via helpers that accept arbitrary objects. When a helper overwrites @partial-block with a crafted Handlebars AST, a subsequent invocation of @partial-block compil...

EUVD-2026-16849

Handlebars.js has JavaScript Injection via AST Type Confusion by tampering @partial-block...

GHSA-3MFM-83XF-C92R Handlebars.js has JavaScript Injection via AST Type Confusion by tampering @partial-block

Summary The @partial-block special variable is stored in the template data context and is reachable and mutable from within a template via helpers that accept arbitrary objects. When a helper overwrites @partial-block with a crafted Handlebars AST, a subsequent invocation of @partial-block compil...

GHSA-2W6W-674Q-4C4Q Handlebars.js has JavaScript Injection via AST Type Confusion

Summary Handlebars.compile accepts a pre-parsed AST object in addition to a template string. The value field of a NumberLiteral AST node is emitted directly into the generated JavaScript without quoting or sanitization. An attacker who can supply a crafted AST to compile can therefore inject and...

EUVD-2026-16848

Handlebars.js has JavaScript Injection via AST Type Confusion...

Handlebars.js has JavaScript Injection via AST Type Confusion

Summary Handlebars.compile accepts a pre-parsed AST object in addition to a template string. The value field of a NumberLiteral AST node is emitted directly into the generated JavaScript without quoting or sanitization. An attacker who can supply a crafted AST to compile can therefore inject and...

CVE-2021-27308

A cross-site scripting XSS vulnerability in the admin login panel in 4images version 1.8 allows remote attackers to inject JavaScript via the "redirect" parameter...

CVE-2021-27519

A cross-site scripting XSS issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the "srch" parameter...

CVE-2021-27520

A cross-site scripting XSS issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the "author" parameter...

CVE-2021-27526

A cross-site scripting XSS vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "page" parameter...

CVE-2021-27528

A cross-site scripting XSS vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "refID" parameter...

WindMill 代码注入漏洞

WindMill is a free open-source tool developed by Lukasavicus’ individual developer. It is used to control the execution of tasks in Python. Versions of WindMill prior to 1.664.0 contained a code injection vulnerability. This vulnerability occurred when JavaScript string literals were inserted int...

CVE-2026-33525

Authelia is an open-source authentication and authorization server providing two-factor authentication and single sign-on SSO for applications via a web portal. In version 4.39.15, an attacker may potentially be able to inject javascript into the Authelia login page if several conditions are met...

CVE-2026-33525 Authelia: Improper Neutralization of Input During Web Page Generation Leads to Potential Cross-site Scripting

Authelia is an open-source authentication and authorization server providing two-factor authentication and single sign-on SSO for applications via a web portal. In version 4.39.15, an attacker may potentially be able to inject javascript into the Authelia login page if several conditions are met...

CVE-2026-30048

A stored cross-site scripting XSS vulnerability exists in the NotChatbot WebChat widget thru 1.4.4. User-supplied input is not properly sanitized before being stored and rendered in the chat conversation history. This allows an attacker to inject arbitrary JavaScript code which is executed when t...

CVE-2026-3492

The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.9.28.1. This is due to a compound failure involving missing authorization on the createfromtemplate AJAX endpoint allowing any authenticated user to create forms, insufficie...

CVE-2026-22183

wpDiscuz before 7.6.47 contains a stored cross-site scripting vulnerability in the inline comment preview functionality that allows authenticated users to inject malicious scripts by submitting comments with unescaped content. Attackers with unfilteredhtml capabilities can inject JavaScript...