PT-2026-38893

Name of the Vulnerable Software and Affected Versions Auto Affiliate Links versions prior to 6.8.9 Description The plugin is subject to Stored Cross-Site Scripting due to insufficient input sanitization of the url POST parameter within the aal url stats save action function and a lack of output...

EUVD-2020-30884

docPrint Pro 8.0 contains a local buffer overflow vulnerability in the 'Add URL' input field that allows attackers to execute arbitrary code by overwriting memory. Attackers can craft a malicious payload that triggers a structured exception handler SEH overwrite to execute shellcode and gain remo...

EUVD-2025-201879

@tiptap/extension-link vulnerable to Cross-site Scripting XSS...

CVE-2025-14284

Versions of the package @tiptap/extension-link before 2.10.4 are vulnerable to Cross-site Scripting XSS due to unsanitized user input allowed in setting or toggling links. An attacker can execute arbitrary JavaScript code in the context of the application by injecting a javascript: URL payload in...

PT-2025-33738 · Moonshine · Moonshine

Name of the Vulnerable Software and Affected Versions: MoonShine version 3.12.3 Description: A stored cross-site scripting XSS vulnerability exists in the Create Article function. Attackers can execute arbitrary web scripts or HTML by injecting a crafted payload into the Link parameter...

Linux Distros Unpatched Vulnerability : CVE-2024-22262

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Applications that use UriComponentsBuilder to parse an externally provided URL e.g. through a query parameter AND perform validation checks on the host of the...

WordPress plugin Team Members 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

SUSE CVE-2018-18607

An issue was discovered in elflinkinputbfd in elflink.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in elflinkinputbfd when used for finding STTTLS symbols without any TLS section. A specially crafted ELF allows...

Improper Link Input Validation leads to Cross-site Scripting (XSS)

Description The link input validation is not filtered protocol javascript of href attribute. It allows attackers to inject malicious links to many fields of the website, such as author introduction, user summary, and book description, ... which could execute javascript code XSS. Proof of Concept...

Cross-site Scripting (XSS)

Overview typo3/cms is a free open source Content Management Framework. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the typoLink function. An attacker can inject arbitrary web script or HTML by crafting malicious input in a link field. Note: This is only...

CVE-2018-8973

OTCMS 3.20 allows XSS by adding a keyword or link to an article, as demonstrated by an admin/keyWorddeal.php?mudi=add request...