EUVD-2026-9359

In Concrete CMS below version 9.4.8, a stored cross-site scripting XSS vulnerability exists in the "Legacy Form" block. An authenticated user with permissions to create or edit forms e.g., a rogue administrator can inject a persistent JavaScript payload into the options of a multiple-choice...

EUVD-2026-9355

In Concrete CMS below version 9.4.8, A stored cross-site scripting XSS vulnerability exists in the search block where page names and content are rendered without proper HTML encoding in search results. This allows authenticated, rogue administrators to inject malicious JavaScript through page nam...

Concrete CMS has a stored Cross-site Scripting (XSS) vulnerability

In Concrete CMS below version 9.4.8, a Cross-site Scripting XSS vulnerability exists in the "Legacy Form" block. An authenticated user with permissions to create or edit forms e.g., a rogue administrator can inject a persistent JavaScript payload into the options of a multiple-choice question...

CVE-2026-3241

In Concrete CMS below version 9.4.8, a stored cross-site scripting XSS vulnerability exists in the "Legacy Form" block. An authenticated user with permissions to create or edit forms e.g., a rogue administrator can inject a persistent JavaScript payload into the options of a multiple-choice...

CVE-2026-3244

In Concrete CMS below version 9.4.8, A stored cross-site scripting XSS vulnerability exists in the search block where page names and content are rendered without proper HTML encoding in search results. This allows authenticated, rogue administrators to inject malicious JavaScript through page nam...

CVE-2026-3244

In Concrete CMS below version 9.4.8, A stored cross-site scripting XSS vulnerability exists in the search block where page names and content are rendered without proper HTML encoding in search results. This allows authenticated, rogue administrators to inject malicious JavaScript through page nam...

CVE-2021-35483

The Applications component of Nokia IMPACT version through 19.11.2.10-20210118042150283 allows an authenticated user to arbitrarily upload JavaScript files via the /ui/rest-proxy/application fileupload parameter. This can occur during the adding of a new application, or during the editing of an...

CVE-2025-52470

Chamilo is a learning management system. Prior to version 1.11.30, a stored cross-site scripting XSS vulnerability exists in the sessioncategoryadd.php script. The vulnerability is caused by improper sanitization of the Category Name field, allowing privileged users to inject persistent JavaScrip...

CVE-2026-3244

In Concrete CMS below version 9.4.8, A stored cross-site scripting XSS vulnerability exists in the search block where page names and content are rendered without proper HTML encoding in search results. This allows authenticated, rogue administrators to inject malicious JavaScript through page nam...

CVE-2026-3244

Concrete CMS versions below 9.4.8 are affected by a stored XSS in the search block, where page names and content render without HTML encoding, enabling an authenticated rogue administrator to inject JavaScript that runs when users run and view search results. The issue is documented with CVSS v4....

Simplejobscript 跨站脚本漏洞

Simplejobscript is a free web development software open source by Niteosoft. Simplejobscript has a cross-site scripting vulnerability; this vulnerability stems from the jobtypevalue parameter having cross-site scripting capabilities, which may allow unverified attackers to inject malicious script...

Cisco Secure Firewall Threat Defense和Cisco IOS XE Software 资源管理错误漏洞

Cisco Secure Firewall Threat Defense and Cisco IOS XE Software are both products of the American company Cisco. Cisco Secure Firewall Threat Defense is an integrated firewall platform. Cisco IOS XE Software is a network operating system. Both Cisco Secure Firewall Threat Defense and Cisco IOS XE...

PT-2026-23097

Name of the Vulnerable Software and Affected Versions Locutus versions prior to 3.0.0 Description Locutus, a library designed to bring standard libraries from other programming languages to JavaScript for educational purposes, contains a remote code execution RCE flaw. This issue resides within t...

PT-2026-22866

In Concrete CMS below version 9.4.8, a stored cross-site scripting XSS vulnerability exists in the "Legacy Form" block. An authenticated user with permissions to create or edit forms e.g., a rogue administrator can inject a persistent JavaScript payload into the options of a multiple-choice...

PT-2026-23094

Name of the Vulnerable Software and Affected Versions Immutable.js versions prior to 3.8.3 Immutable.js versions prior to 4.3.7 Immutable.js versions prior to 5.1.5 Description A Prototype Pollution issue exists in Immutable.js through versions prior to 3.8.3, 4.3.7, and 5.1.5, specifically withi...

FreeBSD : Firefox -- Multiple vulnerabilities (1124a7b0-1338-11f1-a55d-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 1124a7b0-1338-11f1-a55d-b42e991fc52e advisory. CVE-2026-2807: Memory safety bugs present in Firefox 147 and Thunderbird 147 CVE-2026-2806:...

PT-2026-23102

Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.5.9 Description SiYuan, a personal knowledge management system, contains a reflected cross-site scripting XSS issue in the dynamic icon API endpoint. The vulnerability occurs when the type parameter is set to 8,...

RHEL 9 : firefox (RHSA-2026:3493)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:3493 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: libvpx: Heap...

CVE-2026-26272

HomeBox is a home inventory and organization system. Prior to 0.24.0-rc.1, a stored cross-site scripting XSS vulnerability exists in the item attachment upload functionality. The application does not properly validate or restrict uploaded file types, allowing an authenticated user to upload...

AZL-79340 CVE-2026-27601 affecting package cyrus-sasl 2.1.28-8

Underscore.js is a utility-belt library for JavaScript. Prior to 1.13.8, the .flatten and .isEqual functions use recursion without a depth limit. Under very specific conditions, detailed below, an attacker could exploit this in a Denial of Service DoS attack by triggering a stack overflow...