CVE-2026-27458 LinkAce: Stored XSS in Atom Feed via CDATA Escape in List Description

LinkAce is a self-hosted archive to collect website links. Versions 2.4.2 and below have a Stored Cross-site Scripting vulnerability through the Atom feed endpoint for lists /lists/feed. An authenticated user can inject a CDATA-breaking payload into a list description that escapes the XML CDATA...

CVE-2026-27458 LinkAce: Stored XSS in Atom Feed via CDATA Escape in List Description

LinkAce is a self-hosted archive to collect website links. Versions 2.4.2 and below have a Stored Cross-site Scripting vulnerability through the Atom feed endpoint for lists /lists/feed. An authenticated user can inject a CDATA-breaking payload into a list description that escapes the XML CDATA...

SUSE CVE-2010-3089

Multiple cross-site scripting XSS vulnerabilities in GNU Mailman before 2.1.14rc1 allow remote authenticated users to inject arbitrary web script or HTML via vectors involving 1 the list information field or 2 the list description field...

CVE-2020-23209

A stored cross site scripting XSS vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "List Description" field under the "Edit A List" module...

Cross site scripting

A stored cross site scripting XSS vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "List Description" field under the "Edit A List" module...

CVE-2020-23209

A stored cross site scripting XSS vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "List Description" field under the "Edit A List" module...

PhpList 跨站脚本漏洞

phpList is an open source newsletter and email marketing software from phpList UK. A stored cross-site scripting vulnerability exists in phplist version 3.5.3. The vulnerability can be exploited to execute arbitrary web script or HTML via the "List Description" field under the "Edit List" module...

PT-2021-10859 · Phplist · Phplist

Name of the Vulnerable Software and Affected Versions: phplist version 3.5.3 Description: A stored cross site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the List Description field under the Edit A List module. This enables...

CVE-2010-3089

Multiple cross-site scripting XSS vulnerabilities in GNU Mailman before 2.1.14rc1 allow remote authenticated users to inject arbitrary web script or HTML via vectors involving 1 the list information field or 2 the list description field...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in GNU Mailman before 2.1.14rc1 allow remote authenticated users to inject arbitrary web script or HTML via vectors involving 1 the list information field or 2 the list description field...

CVE-2010-3089

Removed by vendor...

CVE-2010-3089

Multiple cross-site scripting XSS vulnerabilities in GNU Mailman before 2.1.14rc1 allow remote authenticated users to inject arbitrary web script or HTML via vectors involving 1 the list information field or 2 the list description field...

PT-2010-4537 · Gnu +2 · Gnu Mailman +2

Name of the Vulnerable Software and Affected Versions: GNU Mailman versions prior to 2.1.14rc1 Description: The issue involves multiple cross-site scripting XSS vulnerabilities that allow remote authenticated users to inject arbitrary web script or HTML. This can be achieved through vectors...