830 matches found
CVE-2026-42877
FacturaScripts is an open source accounting and invoicing software. In 2025.92 and earlier, a stored Cross-Site Scripting XSS vulnerability exists in the product search modal of sales Core/Lib/AjaxForms/SalesModalHTML.php and purchases documents Core/Lib/AjaxForms/PurchasesModalHTML.php. An...
CVE-2026-42877
FacturaScripts is an open source accounting and invoicing software. In 2025.92 and earlier, a stored Cross-Site Scripting XSS vulnerability exists in the product search modal of sales Core/Lib/AjaxForms/SalesModalHTML.php and purchases documents Core/Lib/AjaxForms/PurchasesModalHTML.php. An...
CVE-2026-42877
FacturaScripts is an open source accounting and invoicing software. In 2025.92 and earlier, a stored Cross-Site Scripting XSS vulnerability exists in the product search modal of sales Core/Lib/AjaxForms/SalesModalHTML.php and purchases documents Core/Lib/AjaxForms/PurchasesModalHTML.php. An...
CVE-2026-42877
CVE-2026-42877 describes a stored XSS in FacturaScripts where the product variant field referencia is injected into an onclick attribute in SalesModalHTML.php and PurchasesModalHTML.php without proper escaping. The vulnerability allows an authenticated user with warehouse access to create a malic...
CVE-2026-42877 FacturaScripts: Stored XSS via product reference in sales/purchases
FacturaScripts is an open source accounting and invoicing software. In 2025.92 and earlier, a stored Cross-Site Scripting XSS vulnerability exists in the product search modal of sales Core/Lib/AjaxForms/SalesModalHTML.php and purchases documents Core/Lib/AjaxForms/PurchasesModalHTML.php. An...
CVE-2026-31906 Apache OFBiz: Reflected XSS via Improper HTML Attribute Escaping in Layered-Modal Dialog Parameters
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...
CVE-2026-31906
CVE-2026-31906 affects Apache OFBiz up to version 24.09.05 (pre-24.09.06). The issue is an improper neutralization of input during web page generation, i.e., Cross-Site Scripting (XSS). Some sources describe it as a reflected XSS due to improper HTML attribute escaping in layered-modal dialog par...
CVE-2026-31906 Apache OFBiz: Reflected XSS via Improper HTML Attribute Escaping in Layered-Modal Dialog Parameters
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...
DCVD: Dual-Channel Cross-Modal Fusion for Joint Vulnerability Detection and Localization
Software vulnerability detection plays a critical role in ensuring system security, where real-world auditing requires not only determining whether a function is vulnerable but also pinpointing the specific lines responsible. However, existing approaches either rely on a single information source...
GHSA-R736-2678-FCRX FacturaScripts vulnerable to stored XSS via product reference in sales/purchases
Summary A stored Cross-Site Scripting XSS vulnerability exists in the product search modal of sales and purchases documents. An authenticated user with access to the warehouse module can create a product with a malicious reference that executes arbitrary JavaScript in the browser of any other use...
FacturaScripts vulnerable to stored XSS via product reference in sales/purchases
Summary A stored Cross-Site Scripting XSS vulnerability exists in the product search modal of sales and purchases documents. An authenticated user with access to the warehouse module can create a product with a malicious reference that executes arbitrary JavaScript in the browser of any other use...
CVE-2026-41906 FreeScout: Conversation Change-Customer Cross-Mailbox Authorization Bypass
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.214, the Change Customer modal correctly hides out-of-scope customers through the mailbox-filtered search endpoint, but the backend conversationchangecustomer action accepts any supplied...
PT-2026-38615
Summary A stored Cross-Site Scripting XSS vulnerability exists in the product search modal of sales and purchases documents. An authenticated user with access to the warehouse module can create a product with a malicious reference that executes arbitrary JavaScript in the browser of any other use...
Astra Linux - ΡΡΠ·Π²ΠΈΠΌΠΎΡΡΡ Π² chromium
Inappropriate implementation in Navigation in Google Chrome on iOS prior to 108.0.5359.71 allowed a remote attacker to spoof the contents of the modal dialogue via a crafted HTML page. Chromium security severity: Medium...
One Single Hub Text Breaks CLIP: Identifying Vulnerabilities in Cross-Modal Encoders Via Hubness
The hubness problem, in which hub embeddings are close to many unrelated examples, occurs often in high-dimensional embedding spaces and may pose a practical threat for purposes such as information retrieval and automatic evaluation metrics. In particular, since cross-modal similarity between tex...
RoboKA: KAN Informed Multimodal Learning for RoboCall Surveillance System
Wide exploration on robocall surveillance research is hindered due to limited access to public datasets, due to privacy concerns. In this work, we first curate Robo-SAr, a synthetic robocall dataset designed for robocall surveillance research. Robo-SAr comprises of 200 unwanted and 1200 legitimat...
VulStyle: A Multi-Modal Pre-Training for Code Stylometry-Augmented Vulnerability Detection
We present VulStyle, a multi-modal software vulnerability detection model that jointly encodes function-level source code, non-terminal Abstract Syntax Tree AST structure, and code stylometry CStyle features. Prior work in code representation primarily leverages token-level models or full AST...
CVE-2026-5938
Improper control flow management allows a crafted document action chain to cause modal dialog reentry on the main thread, resulting in UI freeze and denial of service...
CVE-2026-5938 Foxit PDF Editor/Reader Infinite Loop Denial-of-Service Vulnerability
Improper control flow management allows a crafted document action chain to cause modal dialog reentry on the main thread, resulting in UI freeze and denial of service...
EUVD-2026-25824
Improper control flow management allows a crafted document action chain to cause modal dialog reentry on the main thread, resulting in UI freeze and denial of service...