CVE-2026-45245

Summarize prior to 0.15.1 contains a vulnerability in the hover summary feature that allows malicious pages to dispatch synthetic mouseover events over attacker-controlled links, causing the extension to make authenticated daemon requests using stored tokens without verifying event trustworthines...

Summarize's hover summary feature allows malicious pages to dispatch synthetic mouseover events over attacker-controlled links

Summarize prior to 0.15.0 contains a vulnerability in the hover summary feature that allows malicious pages to dispatch synthetic mouseover events over attacker-controlled links, causing the extension to make authenticated daemon requests using stored tokens without verifying event trustworthines...

GHSA-2R69-QGV3-HR65 Summarize's hover summary feature allows malicious pages to dispatch synthetic mouseover events over attacker-controlled links

Summarize prior to 0.15.0 contains a vulnerability in the hover summary feature that allows malicious pages to dispatch synthetic mouseover events over attacker-controlled links, causing the extension to make authenticated daemon requests using stored tokens without verifying event trustworthines...

EUVD-2026-30795

Summarize prior to 0.15.1 contains a vulnerability in the hover summary feature that allows malicious pages to dispatch synthetic mouseover events over attacker-controlled links, causing the extension to make authenticated daemon requests using stored tokens without verifying event trustworthines...

CVE-2026-45245 Summarize < 0.15.1 Unauthorized Daemon Request via Untrusted Events

Summarize prior to 0.15.1 contains a vulnerability in the hover summary feature that allows malicious pages to dispatch synthetic mouseover events over attacker-controlled links, causing the extension to make authenticated daemon requests using stored tokens without verifying event trustworthines...

CVE-2026-45245

CVE-2026-45245 affects the Summarize extension prior to 0.15.1. A vulnerability in the hover summary feature lets malicious pages dispatch synthetic mouseover events on attacker‑controlled links, causing the extension to issue authenticated daemon requests using stored tokens without verifying ev...

EUVD-2022-1509

Malicious code in bioql PyPI...

GHSA-2C6J-VW6R-MFCH Fiora chat group avatar is vulnerable to XSS via SVG files

File upload vulnerability in Fiora chat application 1.0.0 through user avatar upload functionality. The application fails to validate SVG file content, allowing malicious SVG files with embedded foreignObject elements containing iframe tags and JavaScript event handlers onmouseover to be uploaded...

Inline Related Posts < 3.5.0 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as Admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed Put the following payload in the CSS margin-top settings: 0 em" onmouseover=alert/XSS/// Th...

Enhanced Text Widget < 1.6.6 - Admin+ Stored XSS

Description The plugin does not validate and escape some of its Widget options before outputting them back in attributes, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...

Ultimate Posts Widget < 2.3.1 - Admin+ Stored XSS

Description The plugin does not validate and escape some of its Widget options before outputting them back in attributes, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...

Show-Hide / Collapse-Expand <= 1.2.5 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Exploit...

XSS on external links

Description This vulnerability allow for an administrator to create an evil external link. Proof of Concept As an admin user Go to /front/link.form.php?id=1 Create an external link and put has value for the link 'onmouseover="alertdocument.domain" Assign this link to budgets example As a regular...

Hackers Using PowerPoint Mouseover Trick to Infect Systems with Malware

The Russian state-sponsored threat actor known as APT28 has been found leveraging a new code execution method that makes use of mouse movement in decoy Microsoft PowerPoint documents to deploy malware. The technique "is designed to be triggered when the user starts the presentation mode and moves...

Cross-site Scripting (XSS)

org.jeecgframework.boot:jeecg-boot-base-core is vulnerable to cross-site scripting. The vulnerability exists in jeecg-boot/jmreport/view with a mouseover event, allowing an attacker to inject and execute malicious javascript...

Cross-site Scripting in jeecg-boot

jeecg-boot is a code generator. A Cross Site Scripting XSS vulnerabilitiy exists in jeecg-boot 3.0 in /jeecg-boot/jmreport/view with a mouseover event...

GHSA-Q448-6C3M-CXMJ Cross-site Scripting in jeecg-boot

jeecg-boot is a code generator. A Cross Site Scripting XSS vulnerabilitiy exists in jeecg-boot 3.0 in /jeecg-boot/jmreport/view with a mouseover event...

CVE-2021-44585

A Cross Site Scripting XSS vulnerabilitiy exits in jeecg-boot 3.0 in /jeecg-boot/jmreport/view with a mouseover event...

Cross site scripting

A Cross Site Scripting XSS vulnerabilitiy exits in jeecg-boot 3.0 in /jeecg-boot/jmreport/view with a mouseover event...

CVE-2021-44585

A Cross Site Scripting XSS vulnerabilitiy exits in jeecg-boot 3.0 in /jeecg-boot/jmreport/view with a mouseover event...