CVE-2021-47910

AccessPress Social Icons 1.8.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by entering JavaScript payloads into the 'icon title' field. Attackers can store XSS payloads like image tags with onerror event handlers that execut...

PT-2026-39505

Filterable Portfolio Gallery 1.0 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by entering payloads in the title field. Attackers can store JavaScript code like image tags with onerror handlers that execute when the gallery...

GHSA-GQX7-99JW-6FPR LibreNMS affected by reflected xss via email field

Summary reflected xss via email field Details 1. visit http://127.0.0.1/settings/alerting/email 2. in the email address input but this payload 3. notice the alert PoC - video attached with the report https://github.com/user-attachments/assets/c1b443f5-85c6-4545-b04f-def06d82b42e Impact can lead t...

Payload-XSS

Payload-XSS Daftar Isi 1. Payload Dasar 1-20payload-...

XSS-Lab-Handson-3-TI-WEB2

Nama : Ronald Saut Manurung NIM : 2481022 Prodi : Tekni...

CVE-2026-22792 5ire vulnerable to Remote Code Execution (RCE)

5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Prior to version 0.15.3, an unsafe HTML rendering permits untrusted HTML including on event attributes to execute in the renderer context. An attacker can inject an payload to run arbitrary...

CVE-2026-22792 5ire vulnerable to Remote Code Execution (RCE)

5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Prior to version 0.15.3, an unsafe HTML rendering permits untrusted HTML including on event attributes to execute in the renderer context. An attacker can inject an payload to run arbitrary...

CVE-2026-22792

5ire desktop AI assistant (cross-platform) prior to version 0.15.3 is affected by an unsafe HTML rendering vulnerability in the renderer context that allows untrusted HTML (including on* event attributes) to execute JavaScript. An attacker can inject an payload to call exposed bridge APIs (e.g.,...

EUVD-2026-3778

5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Prior to version 0.15.3, an unsafe HTML rendering permits untrusted HTML including on event attributes to execute in the renderer context. An attacker can inject an payload to run arbitrary...

CVE-2026-22792 5ire vulnerable to Remote Code Execution (RCE)

5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Prior to version 0.15.3, an unsafe HTML rendering permits untrusted HTML including on event attributes to execute in the renderer context. An attacker can inject an payload to run arbitrary...

CVE-2022-37307

OX App Suite through 7.10.6 allows XSS via XHTML CDATA for a snippet, as demonstrated by the onerror attribute of an IMG element within an e-mail signature...

CVE-2023-53940

Codigo Markdown Editor 1.0.1 contains a code execution vulnerability that allows attackers to run arbitrary system commands by crafting a malicious markdown file. Attackers can embed a video source with an onerror event that executes shell commands through Node.js childprocess module when the fil...

CVE-2023-53940

Codigo Markdown Editor 1.0.1 contains a code execution vulnerability that allows attackers to run arbitrary system commands by crafting a malicious markdown file. Attackers can embed a video source with an onerror event that executes shell commands through Node.js childprocess module when the fil...

CVE-2023-53940

Codigo Markdown Editor 1.0.1 contains a code execution vulnerability that allows attackers to run arbitrary system commands by crafting a malicious markdown file. Attackers can embed a video source with an onerror event that executes shell commands through Node.js childprocess module when the fil...

CVE-2023-53940 Codigo Markdown Editor 1.0.1 Electron Arbitrary Code Execution via Markdown File

Codigo Markdown Editor 1.0.1 contains a code execution vulnerability that allows attackers to run arbitrary system commands by crafting a malicious markdown file. Attackers can embed a video source with an onerror event that executes shell commands through Node.js childprocess module when the fil...

CVE-2023-53940

CVE-2023-53940 affects Codigo Markdown Editor 1.0.1 (Electron). The vulnerability arises from handling of markdown files where an embedded video source with an onerror event can trigger arbitrary shell commands via Node.js child_process, enabling code execution when the file is opened. Public ind...

CVE-2023-53940 Codigo Markdown Editor 1.0.1 Electron Arbitrary Code Execution via Markdown File

Codigo Markdown Editor 1.0.1 contains a code execution vulnerability that allows attackers to run arbitrary system commands by crafting a malicious markdown file. Attackers can embed a video source with an onerror event that executes shell commands through Node.js childprocess module when the fil...

PT-2025-52319

Name of the Vulnerable Software and Affected Versions Codigo Markdown Editor version 1.0.1 Description The software contains a code execution issue that permits attackers to execute arbitrary system commands by creating a malicious markdown file. An attacker can embed a video source with an onerr...

CVE-2023-53887

Zomplog 3.9 contains a cross-site scripting vulnerability that allows authenticated users to inject malicious scripts when creating new pages. Attackers can craft malicious image source and onerror attributes to execute arbitrary JavaScript code in victim's browser...

CVE-2023-53887

Zomplog 3.9 contains a cross-site scripting vulnerability that allows authenticated users to inject malicious scripts when creating new pages. Attackers can craft malicious image source and onerror attributes to execute arbitrary JavaScript code in victim's browser...