4 matches found
CVE-2026-6619
A vulnerability has been found in langgenius dify up to 1.13.3. Impacted is the function openInNewTab of the file web/app/components/base/image-uploader/image-preview.tsx of the component ImagePreview. The manipulation of the argument filename leads to cross site scripting. The attack may be...
CVE-2026-6619
The CVE affects langgenius dify up to version 1.13.3, specifically the ImagePreview component’s openInNewTab in web/app/components/base/image-uploader/image-preview.tsx. The vulnerability arises from manipulating the filename argument, enabling cross-site scripting. Impact is described as remote ...
Improper Restriction of Rendered UI Layers or Frames
Overview feehi/cms is a Feehi CMS project template. Affected versions of this package are vulnerable to Improper Restriction of Rendered UI Layers or Frames via the Comments Management function. An attacker can manipulate user interactions by causing links to open in a new tab without proper...
CVE-2025-9913
JavaScript can be ran inside the address bar via the dashboard "Open in new Tab" Button, making the application vulnerable to session hijacking...