3 matches found
PT-2026-55291
Name of the Vulnerable Software and Affected Versions RAGFlow versions prior to 0.26.3 Description An authenticated workspace user with permissions to create or edit an agent can perform a stored cross-site scripting attack. The agent update endpoint uses the normalize dsl function, which validat...
UBUNTU-CVE-2026-1090
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.6 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user, when the markdownplaceholders feature flag was enabled, to inject JavaScript in a browser due to improper...
PT-2025-50138
Name of the Vulnerable Software and Affected Versions MailEnable versions prior to 10.54 Description MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS issue in the AddressesCc parameter of the ''/Mondo/lang/sys/Forms/AddressBook.aspx'' endpoint. The AddressesCc value...