Lucene search
K

4 matches found

ATTACKERKB
ATTACKERKB
added 2026/04/20 8:0 a.m.5 views

CVE-2026-6619

A vulnerability has been found in langgenius dify up to 1.13.3. Impacted is the function openInNewTab of the file web/app/components/base/image-uploader/image-preview.tsx of the component ImagePreview. The manipulation of the argument filename leads to cross site scripting. The attack may be...

5.1CVSS3.9AI score0.00206EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/04/20 8:0 a.m.10 views

CVE-2026-6619

The CVE affects langgenius dify up to version 1.13.3, specifically the ImagePreview component’s openInNewTab in web/app/components/base/image-uploader/image-preview.tsx. The vulnerability arises from manipulating the filename argument, enabling cross-site scripting. Impact is described as remote ...

5.1CVSS3.9AI score0.00206EPSS
Exploits0References4
Snyk
Snyk
added 2025/12/01 3:39 p.m.5 views

Improper Restriction of Rendered UI Layers or Frames

Overview feehi/cms is a Feehi CMS project template. Affected versions of this package are vulnerable to Improper Restriction of Rendered UI Layers or Frames via the Comments Management function. An attacker can manipulate user interactions by causing links to open in a new tab without proper...

4.8CVSS6.8AI score0.00168EPSS
Exploits1References2
NVD
NVD
added 2025/10/06 7:15 a.m.4 views

CVE-2025-9913

JavaScript can be ran inside the address bar via the dashboard "Open in new Tab" Button, making the application vulnerable to session hijacking...

6.1CVSS0.00272EPSS
Exploits0References6
Rows per page
Query Builder