59050 matches found
Lucy-XSS security vulnerability
Lucy-XSS is a cross-site scripting protection library open-sourced by NAVER. Lucy-XSS has a security vulnerability, which stems from improper configuration of the default super-set rule file, leading to inadequate cleanup and potentially allowing malicious JavaScript to be executed...
PT-2026-3294
Marky 0.0.1 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts into markdown files. Attackers can upload crafted markdown files with embedded JavaScript payloads that execute when the file is opened, potentially enabling remote code executio...
CVE-2021-47779
Dolibarr ERP-CRM 14.0.2 contains a stored cross-site scripting vulnerability in the ticket creation module that allows low-privilege users to inject malicious scripts. Attackers can craft a specially designed ticket message with embedded JavaScript that triggers when an administrator copies the...
Cotonti Siena security vulnerabilities
Cotonti Siena is a powerful open-source web development framework and content manager developed by Cotonti. Version 0.9.19 of Cotonti Siena contains a security vulnerability. This vulnerability stems from the site title parameters in the administrator configuration panel, which contain stored...
RockyLinux 9 : firefox (RLSA-2026:0694)
The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:0694 advisory. firefox: Spoofing issue in the Downloads Panel component CVE-2025-14327 firefox: Use-after-free in the JavaScript: GC component CVE-2026-0885 firefox:...
Microsoft Edge (Chromium) < 144.0.3719.82 Multiple Vulnerabilities
The version of Microsoft Edge installed on the remote Windows host is prior to 144.0.3719.82. It is, therefore, affected by multiple vulnerabilities as referenced in the January 16, 2026 advisory. - Use after free in ANGLE. CVE-2026-0908 - Microsoft Edge Elevation Service exposes a privileged COM...
RockyLinux 8 : firefox (RLSA-2026:0667)
The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:0667 advisory. firefox: Spoofing issue in the Downloads Panel component CVE-2025-14327 firefox: Use-after-free in the JavaScript: GC component CVE-2026-0885 firefox:...
PT-2026-3297
StudyMD 0.3.2 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts into markdown files. Attackers can upload crafted markdown files with embedded JavaScript payloads that execute when the file is opened, potentially enabling remote code...
CVE-2021-47808
Cotonti Siena 0.9.19 contains a stored cross-site scripting vulnerability in the admin configuration panel's site title parameter. Attackers can inject malicious JavaScript code through the 'maintitle' parameter to execute scripts when administrators view the page...
CVE-2021-47783 Phpwcms 1.9.30 - Arbitrary File Upload
Phpwcms 1.9.30 contains a file upload vulnerability that allows authenticated attackers to upload malicious SVG files with embedded JavaScript. Attackers can upload crafted SVG payloads through the multiple file upload feature to potentially execute cross-site scripting attacks on the platform...
CVE-2021-47783 Phpwcms 1.9.30 - Arbitrary File Upload
Phpwcms 1.9.30 contains a file upload vulnerability that allows authenticated attackers to upload malicious SVG files with embedded JavaScript. Attackers can upload crafted SVG payloads through the multiple file upload feature to potentially execute cross-site scripting attacks on the platform...
CVE-2021-47783
Phpwcms 1.9.30 contains a file upload vulnerability that allows authenticated attackers to upload malicious SVG files with embedded JavaScript. Attackers can upload crafted SVG payloads through the multiple file upload feature to potentially execute cross-site scripting attacks on the platform...
CVE-2026-1011
A stored cross-site scripting XSS vulnerability exists in the Altium Support Center AddComment endpoint due to missing server-side input sanitization. Although the client interface applies HTML escaping, the backend accepts and stores arbitrary HTML and JavaScript supplied via modified POST...
CVE-2026-0601
A reflected cross-site scripting vulnerability exists in Nexus Repository 3 that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser through a specially crafted request requiring user interaction...
Node.js: HashDoS in V8
Vulnerability description not provided...
CVE-2025-70890
A stored cross-site scripting XSS vulnerability exists in Cyber Cafe Management System v1.0. An authenticated attacker can inject arbitrary JavaScript code into the username parameter via the add-users.php endpoint. The injected payload is stored and executed in the victim s browser when the...
GHSA-6738-R8G5-QWP3 svelte vulnerable to Cross-site Scripting
Summary An XSS vulnerability exists in Svelte 5.46.0-2 resulting from improper escaping of hydratable keys. If these keys incorporate untrusted user input, arbitrary JavaScript can be injected into server-rendered HTML. Details When using the hydratable function, the first argument is used as a k...
svelte vulnerable to Cross-site Scripting
Summary An XSS vulnerability exists in Svelte 5.46.0-2 resulting from improper escaping of hydratable keys. If these keys incorporate untrusted user input, arbitrary JavaScript can be injected into server-rendered HTML. Details When using the hydratable function, the first argument is used as a k...
CVE-2025-71164
Typesetter CMS versions up to and including 5.1 contain a reflected cross-site scripting XSS vulnerability in the Editing component. The images parameter submitted as images in a POST request is reflected into an HTML href attribute without proper context-aware output encoding in...
CVE-2026-22867
LaSuite Doc is a collaborative note taking, wiki and documentation platform. From 3.8.0 to 4.3.0, a Stored Cross-Site Scripting XSS vulnerability exists in the Interlinking feature. When a user creates a link to another document within the editor, the URL of that link is not validated. An attacke...