Kirby CMS vulnerable to cross-site scripting (XSS) from list field content in the site frontend

TL;DR This vulnerability affects all Kirby sites that use the list field or list block, when content is authored by users who may not be fully trusted. The attack requires an authenticated Panel user with update permission to any list field or list block. This vulnerability is of high severity fo...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the list field process. An attacker can execute arbitrary JavaScript code in the browsers of site visitors and logged-in users by injecting malicious HTML content into the list field, which is then rendered ...

GHSA-5FHX-9Q32-Q257 Kirby CMS vulnerable to cross-site scripting (XSS) from list field content in the site frontend

TL;DR This vulnerability affects all Kirby sites that use the list field or list block, when content is authored by users who may not be fully trusted. The attack requires an authenticated Panel user with update permission to any list field or list block. This vulnerability is of high severity fo...

PT-2026-43450

TL;DR This vulnerability affects all Kirby sites that use the list field or list block, when content is authored by users who may not be fully trusted. The attack requires an authenticated Panel user with update permission to any list field or list block. This vulnerability is of high severity fo...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an uninitialized list field of a newly allocated filter object in the damosnewfilter function, which could...

kernel: mm/damon/core: initialize damo_filter->list from damos_new_filter()

In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: initialize damofilter-list from damosnewfilter damosnewfilter is not initializing the list field of newly allocated filter object. However, DAMON sysfs interface and DAMONRECLAIM are not initializing it after calli...

BIT-JOOMLA-2024-21730 [20240702] - Core - Self-XSS in fancyselect list field layout

The fancyselect list field layout does not correctly escape inputs, leading to a self-XSS vector...

CVE-2024-21730

The fancyselect list field layout does not correctly escape inputs, leading to a self-XSS vector...

CVE-2024-21730

The fancyselect list field layout does not correctly escape inputs, leading to a self-XSS vector...

CVE-2024-21730 [20240702] - Core - Self-XSS in fancyselect list field layout

The fancyselect list field layout does not correctly escape inputs, leading to a self-XSS vector...

CVE-2024-21730

CVE-2024-21730 describes a self-XSS in Joomla! core tied to the fancyselect list field layout, where inputs are not properly escaped. The vulnerability enables a self-XSS vector and requires user interaction for exploitation (per CVSS: UI:R, I:L, C:L). Reports consistently identify this as part o...

Joomla! Security Vulnerabilities

Joomla! is a set of forum components used in the Joomla! content management system. A security vulnerability exists in Joomla! that stems from a list field layout that does not properly escape input, which can lead to a cross-site scripting XSS vulnerability...

[20240702] - Core - Self-XSS in fancyselect list field layout

The fancyselect list field layout does not correctly escape inputs, leading to a self-XSS vector...

PT-2023-27663 · Tenda · Tenda Ac6

Name of the Vulnerable Software and Affected Versions: Tenda AC6 version US AC6V1.0BR V15.03.05.16 multi TD01.bin Description: The issue concerns a command execution vulnerability in the sub ADD50 function. This vulnerability is exploited when the formSetIptv function obtains the list and vlanId...

PT-2023-27665 · Tenda · Tenda Ac6

Name of the Vulnerable Software and Affected Versions: Tenda AC6 version US AC6V1.0BR V15.03.05.16 multi TD01.bin Description: The issue concerns a command execution vulnerability in the sub ADF3C function. This vulnerability is exploited through the formSetIptv function, which obtains the list a...

PhpList 跨站脚本漏洞

phpList is an open source newsletter and email marketing software from phpList UK. A stored cross-site scripting vulnerability exists in phplist version 3.5.3. The vulnerability can be exploited to execute arbitrary web script or HTML via the "Add List" field under the "Import Email" module...

PT-2021-10860 · Phplist · Phplist

Name of the Vulnerable Software and Affected Versions: phplist version 3.5.3 Description: A stored cross site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Add a list field under the Import Emails module. Recommendations: For...

PYSEC-2019-120

scapy 2.4.0 is affected by: Denial of Service. The impact is: infinite loop, resource consumption and program unresponsive. The component is: RADIUSAttrPacketListField.getfieldself... The attack vector is: over the network or in a pcap. both work...

PYSEC-2019-50

scapy 2.4.0 is affected by: Denial of Service. The impact is: infinite loop, resource consumption and program unresponsive. The component is: RADIUSAttrPacketListField.getfieldself... The attack vector is: over the network or in a pcap. both work...

mailman: Multiple security flaws leading to cross-site scripting (XSS) attacks

Multiple cross-site scripting XSS vulnerabilities in GNU Mailman before 2.1.14rc1 allow remote authenticated users to inject arbitrary web script or HTML via vectors involving 1 the list information field or 2 the list description field...