EUVD-2026-38803

A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the MultiSelectDialog component...

CVE-2026-50708

A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the MultiSelectDialog component...

CVE-2026-50708 Frappe Framework 17.0.0-dev - Stored XSS in Multi Select Dialog result rendering

A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the MultiSelectDialog component...

CVE-2026-50708

CVE-2026-50708 affects Frappe Framework 17.0.0-dev, with a Stored XSS in the MultiSelectDialog component caused by improper neutralization of user-controlled input. The CVSS v4.0 base score is 4.8 (Medium), with network attack vector, low privileges required, and user interaction required. The im...

EUVD-2022-1972

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2020-25815

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in MediaWiki 1.32.x through 1.34.x before 1.34.4. LogEventList::getFiltersDesc is insecurely using message text to build options names f...

Linux Distros Unpatched Vulnerability : CVE-2025-3469

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is...

DEBIAN-CVE-2025-3469

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/htmlform/fields/HTMLMultiSelectField.Php. This issue affects MediaWiki: before 1.39.12, 1.42.6,...

UBUNTU-CVE-2025-3469

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/htmlform/fields/HTMLMultiSelectField.Php. This issue affects MediaWiki: before 1.39.12, 1.42.6,...

BIT-MEDIAWIKI-2020-25815

An issue was discovered in MediaWiki 1.32.x through 1.34.x before 1.34.4. LogEventList::getFiltersDesc is insecurely using message text to build options names for an HTML multi-select field. The relevant code should use escaped instead of text...

The vulnerability of the isteven-multi-select component of the Portainer management platform allows attackers to perform cross-site scripting attacks.

The vulnerability of the isteven-multi-select component of the Portainer container management platform exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...

Cross-site Scripting (XSS)

getkirby/cms is vulnerable to Cross-site Scripting XSS. The use of the v-html tag in MultiselectInput.vue allows an attacker to inject and execute malicious javascript through the dynamic options in the multi-select field...

MAL-2022-7311 Malicious code in yahoo-react-multi-select-box (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 59b42c16c52333b42adb394c8784f37abd19319bd11704e6381f6c1af61d4d1c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MediaWiki Cross-site Scripting (XSS) vulnerability

An issue was discovered in MediaWiki 1.32.x through 1.34.x before 1.34.4. LogEventList::getFiltersDesc is insecurely using message text to build options names for an HTML multi-select field. The relevant code should use escaped instead of text...

GHSA-2F58-VF6G-6P8X MediaWiki Cross-site Scripting (XSS) vulnerability

An issue was discovered in MediaWiki 1.32.x through 1.34.x before 1.34.4. LogEventList::getFiltersDesc is insecurely using message text to build options names for an HTML multi-select field. The relevant code should use escaped instead of text...

In SQLite before 3.32.3 select.c mishandles query-flattener optimization leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation.

...

CVE-2020-25815

An issue was discovered in MediaWiki 1.32.x through 1.34.x before 1.34.4. LogEventList::getFiltersDesc is insecurely using message text to build options names for an HTML multi-select field. The relevant code should use escaped instead of text...

DEBIAN-CVE-2020-25815

An issue was discovered in MediaWiki 1.32.x through 1.34.x before 1.34.4. LogEventList::getFiltersDesc is insecurely using message text to build options names for an HTML multi-select field. The relevant code should use escaped instead of text...

UBUNTU-CVE-2020-25815

An issue was discovered in MediaWiki 1.32.x through 1.34.x before 1.34.4. LogEventList::getFiltersDesc is insecurely using message text to build options names for an HTML multi-select field. The relevant code should use escaped instead of text...

CVE-2020-25815

The CVE-2020-25815 issue affects MediaWiki 1.32.x–1.34.x prior to 1.34.4. The root cause is LogEventList::getFiltersDesc constructing HTML multi-select option names by using message text (text()) instead of the correct escaping method (escaped()). This insecure handling can expose UI strings and ...