CVE-2025-61650 UserInfoCard is vulnerable to message key stored XSS

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files src/Services/CheckUserUserInfoCardService.Php. This issue affects CheckUser: from before...

CVE-2025-61636 Codex Special:Block vulnerable to message key XSS

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/htmlform/fields/HTMLButtonField.Php. This issue affects MediaWiki: from before 1.39.14, 1.43.4,...

CVE-2026-0671 Multiple stored i18n/message-key XSSes in UploadWizard

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki - UploadWizard extension allows Cross-Site Scripting XSS.This issue affects MediaWiki - UploadWizard extension: 1.45, 1.44, 1.43, 1.39...

CVE-2025-62656 GlobalBlocking Special:GlobalBlockList vulnerable to message key stored XSS

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in The Wikimedia Foundation MediaWiki GlobalBlocking extension allows Stored XSS.This issue affects MediaWiki GlobalBlocking extension: 1.43, 1.44...

CVE-2025-62656 GlobalBlocking Special:GlobalBlockList vulnerable to message key stored XSS

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in The Wikimedia Foundation MediaWiki GlobalBlocking extension allows Stored XSS.This issue affects MediaWiki GlobalBlocking extension: 1.43, 1.44...

CVE-2025-62656

CVE-2025-62656 concerns a stored XSS in the Wikimedia Foundation MediaWiki GlobalBlocking extension. The connected sources confirm the vulnerability arises from improper neutralization of input during web page generation, enabling stored cross-site scripting. Affected versions are MediaWiki Globa...

EUVD-2024-3112

Malicious code in bioql PyPI...

CVE-2024-47824

matrix-react-sdk is react-based software development kit for inserting a Matrix chat/VOIP client into a web page. Starting in version 3.18.0 and before 3.102.0, matrix-react-sdk allows a malicious homeserver to potentially steal message keys for a room when a user invites another user to that roo...

CVE-2020-36599

lib/omniauth/failureendpoint.rb in OmniAuth before 1.9.2 and before 2.0 does not escape the messagekey value...

matrix-react-sdk 信息泄露漏洞

matrix-react-sdk is a Matrix open source component for inserting the Matrix chat/voip client into web pages. An information disclosure vulnerability exists in matrix-react-sdk, which stems from the fact that matrix-react-sdk shares a history message key at invite time...

CVE-2023-48838

Appointment Scheduler 3.0 is vulnerable to Multiple HTML Injection issues via the SMS API Key or Default Country Code...

CVE-2023-48837

Car Rental Script 3.0 is vulnerable to Multiple HTML Injection issues via SMS API Key or Default Country Code...

PT-2023-30981 · Unknown · Appointment Scheduler

Name of the Vulnerable Software and Affected Versions: Appointment Scheduler version 3.0 Description: The issue concerns Multiple HTML Injection problems. These issues can be exploited via the SMS API Key or Default Country Code. Recommendations: For Appointment Scheduler version 3.0, consider...

SUSE CVE-2020-36599

lib/omniauth/failureendpoint.rb in OmniAuth before 1.9.2 and before 2.0 does not escape the messagekey value...

CVE-2022-45347

creationtimestamp| type| source ---|---|--- 2022-12-22 14:18:37+00:00| seen| https://t.me/cibsecurity/55113...

Improper Authentication

Overview omniauth is a generalized Rack framework for multiple-provider authentication. Affected versions of this package are vulnerable to Improper Authentication. It does not escape the messagekey value. Remediation Upgrade omniauth to version 1.9.2 or higher. References - GitHub Commit...

OmniAuth's `lib/omniauth/failure_endpoint.rb` does not escape `message_key` value

lib/omniauth/failureendpoint.rb in OmniAuth before 1.9.2 and before 2.0 does not escape the messagekey value...

OmniAuth's `lib/omniauth/failure_endpoint.rb` does not escape `message_key` value

lib/omniauth/failureendpoint.rb in OmniAuth before 1.9.2 and before 2.0 does not escape the messagekey value...

DEBIAN-CVE-2020-36599

lib/omniauth/failureendpoint.rb in OmniAuth before 1.9.2 and before 2.0 does not escape the messagekey value...

CVE-2020-36599

lib/omniauth/failureendpoint.rb in OmniAuth before 1.9.2 and before 2.0 does not escape the messagekey value...