PT-2026-41891

A Stored HTML Injection vulnerability was discovered in the Smart Polling functionality due to improper validation of an input parameter. An authenticated user with limited privileges can push malicious remote strategies containing HTML tags through the sync. When a victim views the affected remo...

CVE-2026-34161

Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, a Stored Cross-Site Scripting XSS vulnerability exists in the social post attachment upload functionality, where an authenticated user can upload a malicious HTML file containing JavaScript via the...

Autodesk Fusion 跨站脚本漏洞

Autodesk Fusion is a data management software platform developed by Autodesk, Inc. in the United States. Autodesk Fusion has a cross-site scripting vulnerability, which stems from malicious HTML payloads in variant names. This vulnerability may lead to stored-cross-site scripting attacks, allowin...

CVE-2025-63714

Cross-Site Scripting XSS vulnerability in SourceCodester User Account Generator 1.0 allows remote attackers to execute arbitrary JavaScript code in the context of the user's browser session via crafted input in the Username Prefix field. The vulnerability exists due to improper sanitization of...

webkitgtk: processing malicious web content may lead to arbitrary code execution

A flaw was found in WebKitGTK. This issue exists due to a boundary error when processing malicious HTML content in WebKit, which could result in memory corruption and arbitrary code execution on the target system...

The vulnerability of the Dawn component in browsers such as Google Chrome and Microsoft Edge allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the Dawn component in Google Chrome and Microsoft Edge relates to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information by loading a specially create...

webkitgtk: processing malicious web content may lead to arbitrary code execution

A flaw was found in WebKitGTK. This issue exists due to a boundary error when processing malicious HTML content in WebKit, which could result in memory corruption and arbitrary code execution on the target system...

Google Chrome 缓冲区错误漏洞

Google Chrome is a web browser from Google, Inc. A buffer overflow vulnerability exists in Google Chrome, which can be exploited by attackers to potentially exploit heap corruption via well-designed HTML pages...

The vulnerability of the user interface in Google Chrome’s Omnibox allows a perpetrator to compromise data integrity.

The vulnerability of the user interface in Google Chrome’s Omnibox is related to the lack of a mechanism for verifying the entered data. Exploiting this vulnerability allows an attacker to manipulate the integrity of data by creating a malicious HTML page...