CVE-2026-33061

Jexactyl is a customisable game management panel and billing system. Commits after 025e8dbb0daaa04054276bda814d922cf4af58da and before e28edb204e80efab628d1241198ea4f079779cfd inject server-side objects into client-side JavaScript through resources/views/templates/wrapper.blade.php. Using unescap...

Jexpanel 安全漏洞

Jexpanel is a game server management and billing panel developed by Jexactyl. Jexpanel has a security vulnerability, which stems from the use of jsonencode in the wrapper.blade.php template without proper escaping. This could lead to a storage-based DOM cross-site scripting attack...

CVE-2026-28560

wpForo Forum 2.4.14 contains a stored cross-site scripting vulnerability that allows script injection via forum URL data output into an inline script block using jsonencode without the JSONHEXTAG flag. Attackers set a forum slug containing a closing script tag or unescaped single quote to break o...

CVE-2026-28560

wpForo Forum 2.4.14 contains a stored XSS vulnerability: forum URL data output into an inline script block via json_encode without JSON_HEX_TAG. An attacker can supply a forum slug containing a closing tag or unescaped single quote to break out of the JavaScript string context and execute arbitr...

Ian Dunn: unchecked unserialize usages in audit-trail-extension/audit-trail-extension.php

in: https://github.com/iandunn/audit-trail-extension/blob/master/audit-trail-extension.phpL106 https://github.com/iandunn/audit-trail-extension/blob/master/audit-trail-extension.phpL112 https://github.com/iandunn/audit-trail-extension/blob/master/audit-trail-extension.phpL133...

Ruby on Rails Active Support XSS Vulnerability (Jun 2015) - Linux

Ruby on Rails is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...