Lucene search
+L

175 matches found

NVD
NVD
added 2 days ago11 views

CVE-2026-15099

The Delicious Recipes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'steps' block attribute in versions up to, and including, 1.10.2. This is due to insufficient input sanitization and output escaping in the wrapdirectiontext function, which interpolates the...

6.4CVSS0.00193EPSS
Exploits0References5
OSV
OSV
added 3 days ago4 views

CVE-2026-54443 Dashy: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

Dashy is a self-hostable personal dashboard. From 1.9.4 until 3.2.0, the Dashy RSS Widget in src/components/Widgets/RssFeed.vue does not sanitize RSS item link values before rendering feed item titles and Read More links as anchor href attributes, allowing an attacker-controlled feed to provide a...

5.9CVSS6.1AI score0.00229EPSS
Exploits0References4
OSV
OSV
added 4 days ago4 views

CVE-2026-45753 Symfony: HtmlSanitizer UrlAttributeSanitizer Omits action/formaction/poster/cite — javascript: URI Survives Sanitization (XSS)

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 6.1.0-BETA1 until 6.4.40, 7.4.12, and 8.0.12, UrlAttributeSanitizer::getSupportedAttributes omits URL-valued attributes including action, formaction, poster, and cite, so configurations that adm...

2.1CVSS6.1AI score0.00297EPSS
Exploits0References7
NVD
NVD
added 2026/07/10 7:17 p.m.8 views

CVE-2026-55464

Snipe-IT is an IT asset/license management system. Prior to 8.6.2, CommonMark escapes raw HTML but does not sanitize javascript: URIs in Markdown hyperlinks, allowing a user with assets.edit permission to place a malicious link in a markdown-textarea custom field that executes arbitrary JavaScrip...

5.4CVSS0.00173EPSS
Exploits0References3
CVE
CVE
added 2026/07/10 6:40 p.m.10 views

CVE-2026-55464

Snipe-IT (IT asset/license management) is affected by CVE-2026-55464 prior to version 8.6.2. The issue arises from CommonMark escaping raw HTML but not sanitizing javascript: URIs in Markdown hyperlinks within a markdown-textarea custom field. A user with assets.edit permission can insert a malic...

5.4CVSS6.2AI score0.00173EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/07/10 6:40 p.m.3 views

CVE-2026-55464 Snipe-IT: Stored XSS via Markdown custom field

Snipe-IT is an IT asset/license management system. Prior to 8.6.2, CommonMark escapes raw HTML but does not sanitize javascript: URIs in Markdown hyperlinks, allowing a user with assets.edit permission to place a malicious link in a markdown-textarea custom field that executes arbitrary JavaScrip...

4.8CVSS6.2AI score0.00173EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/07/10 6:40 p.m.39 views

CVE-2026-55464 Snipe-IT: Stored XSS via Markdown custom field

Snipe-IT is an IT asset/license management system. Prior to 8.6.2, CommonMark escapes raw HTML but does not sanitize javascript: URIs in Markdown hyperlinks, allowing a user with assets.edit permission to place a malicious link in a markdown-textarea custom field that executes arbitrary JavaScrip...

4.8CVSS0.00173EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/24 8:14 p.m.4 views

CVE-2026-52798

Gogs is an open source self-hosted Git service. Prior to 0.14.3, although .ipynb previews are sanitized on the server side via /-/api/sanitizeipynb, the inserted content is re-rendered on the client side without sanitization using marked on elements with the .nb-markdown-cell class. During this...

8.9CVSS6AI score0.00429EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/06/22 11:58 p.m.4 views

GHSA-JQ8V-RMF6-65JW Gogs has Stored XSS in `.ipynb` Preview

Summary Although .ipynb previews are sanitized on the server side via /-/api/sanitizeipynb, the inserted content is re-rendered on the client side without sanitization using marked on elements with the .nb-markdown-cell class. During this process, links containing schemes such as javascript: can ...

8.9CVSS5.8AI score0.00429EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-48822

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Shaarli is a personal bookmarking service. Versions 0.16.1 and prior contain a stored Cross-Site Scripting XSS vulnerability in the Markdown-to-HTML conversion...

5.8CVSS6.1AI score0.0012EPSS
Exploits0References3
OSV
OSV
added 2026/06/18 8:14 p.m.6 views

GHSA-W9HF-3PP7-PVXV OpenClaw: Exported session HTML could keep unsafe markdown links

Summary Exported session HTML could keep unsafe markdown links. In affected versions, content rendered into an exported session could preserve unsafe javascript: or data: links in generated HTML. This advisory is scoped to the named feature and configuration. It does not change OpenClaw's...

6.1CVSS5.6AI score0.00188EPSS
Exploits0References4
CVE
CVE
added 2026/06/08 12:6 p.m.35 views

CVE-2026-8833

CVE-2026-8833 affects Checkmk versions <2.5.0p5, <2.4.0p31,

8.5CVSS5.2AI score0.0014EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/08 12:6 p.m.15 views

CVE-2026-8833 XSS in urls

Improper neutralization of HTML-encoded characters in the URL validation function in Checkmk 2.5.0p5, 2.4.0p31, 2.3.0p48, and all 2.2.0 versions allows an authenticated user to bypass URL validation and inject malicious URLs such as javascript: URIs, resulting in cross-site scripting when another...

8.5CVSS5.2AI score0.0014EPSS
Exploits0References1
OSV
OSV
added 2026/06/08 12:6 p.m.3 views

CVE-2026-8833 XSS in urls

Improper neutralization of HTML-encoded characters in the URL validation function in Checkmk 2.5.0p5, 2.4.0p31, 2.3.0p48, and all 2.2.0 versions allows an authenticated user to bypass URL validation and inject malicious URLs such as javascript: URIs, resulting in cross-site scripting when another...

8.5CVSS5.8AI score0.0014EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:26 p.m.13 views

CVE-2026-39964

TypeBot is a chatbot builder tool. In versions prior to 3.16.0, the Typebot viewer packages/embeds/js renders anchor tags from rich text bubble content without filtering the javascript: URI scheme. A bot author can set a link URL to javascript:PAYLOAD, which executes in the visitor's browser...

5.4CVSS5.4AI score0.00241EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/05 6:46 p.m.41 views

CVE-2026-46496 HAX CMS: Stored XSS via '<video-player>' component allows arbitrary JavaScript execution and token theft

HAX CMS helps manage microsite universe with PHP or NodeJs backends. A stored cross-site scripting XSS vulnerability exists in versions prior to 26.0.0 due to improper sanitization of the component. The component allows javascript: URIs in the source attribute, which are executed when the page is...

9.3CVSS0.0023EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/28 4:43 p.m.14 views

Symfony's HtmlSanitizer UrlAttributeSanitizer Omits action/formaction/poster/cite — `javascript`: URI Survives Sanitization (XSS)

Description symfony/html-sanitizer lets applications sanitise untrusted HTML. UrlAttributeSanitizer is the visitor responsible for validating URL-valued attributes and stripping dangerous schemes from them; it runs on every element regardless of configuration. Whether an attribute is kept is...

6.1CVSS5.8AI score0.00297EPSS
Exploits0References6Affected Software2
Vulnrichment
Vulnrichment
added 2026/05/22 5:21 p.m.10 views

CVE-2026-39964 TypeBot: Stored XSS via javascript: URI in text bubble links — bot author executes JS on visitors' browsers

TypeBot is a chatbot builder tool. In versions prior to 3.16.0, the Typebot viewer packages/embeds/js renders anchor tags from rich text bubble content without filtering the javascript: URI scheme. A bot author can set a link URL to javascript:PAYLOAD, which executes in the visitor's browser...

5.4CVSS5.8AI score0.00241EPSS
Exploits0References3
CVE
CVE
added 2026/05/22 5:21 p.m.38 views

CVE-2026-39964

TypeBot (viewer at packages/embeds/js) before version 3.16.0 renders rich-text bubble links without filtering javascript: URIs. A bot author can set a link to javascript:PAYLOAD, which executes in the visitor’s browser context when clicked, allowing the attacker’s code to run with the host page’s...

5.4CVSS5.8AI score0.00241EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/22 5:21 p.m.13 views

EUVD-2026-31480

TypeBot is a chatbot builder tool. In versions prior to 3.16.0, the Typebot viewer packages/embeds/js renders anchor tags from rich text bubble content without filtering the javascript: URI scheme. A bot author can set a link URL to javascript:PAYLOAD, which executes in the visitor's browser...

5.4CVSS5.8AI score0.00241EPSS
Exploits0References3
Rows per page
Query Builder