2 matches found
CVE-2025-31136 FreshRSS vulnerable to Cross-site Scripting by <iframe>'ing a vulnerable same-origin page in a feed entry
FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, it's possible to run arbitrary JavaScript on the feeds page. This occurs by combining a cross-site scripting XSS issue that occurs in f.php when SVG favicons are downloaded from an attacker-controlled feed containing tags...
CVE-2022-3513
An issue has been discovered in GitLab affecting all versions starting from 12.8 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. A specially crafted payload could lead to a reflected XSS on the client side which allows attackers to...