EUVD-2026-10014

HumHub is an Open Source Enterprise Social Network. In version 1.18.0, a cross-site scripting vulnerability was identified in the Button component of version 1.18.0. Due to inconsistent output encoding at several points within the software, malicious scripts could be injected and executed in the...

HumHub 跨站脚本漏洞

HumHub is an open-source social networking software developed using the Yii PHP framework. Version HumHub 1.18.0 contains a cross-site scripting vulnerability. This vulnerability stems from inconsistent output encoding in the Button component, which may allow malicious scripts to be injected and...

Improper Encoding or Escaping of Output

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the script generation process in Windows deployments due to improper handling of command-line arguments in gateway.cmd. An attacker can execute...

CVE-2026-27746

The SPIP jeux plugin versions prior to 4.1.1 contain a reflected cross-site scripting XSS vulnerability in the prepropre pipeline. The plugin incorporates untrusted request parameters into HTML output without proper output encoding, allowing attackers to inject arbitrary script content into pages...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the rendering of user-controlled input in the identity name field without proper output encoding. An attacker can execute arbitrary JavaScript in the context of the WebUI by storing malicious scripts in the...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the rendering of RSE metadata in the WebUI. An attacker can execute arbitrary JavaScript in the users' context by injecting malicious scripts into the City, CountryName, or ISP fields, which are then stored...

Improper Encoding or Escaping of Output

Overview Magick.NET-Q16-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

Improper Encoding or Escaping of Output

Overview Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the internal SVG decoder process. An attacker can execute arbitrary MVG drawing commands by crafting a malicious SVG file that is processed by the application. Remediation A fix was pushed int...

CVE-2026-27742

Bludit

Improper Encoding or Escaping of Output

Overview jspdf is a PDF Document creation from JavaScript Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the addJS method. An attacker can inject arbitrary PDF objects and execute malicious actions or alter the document structure by supplying...

CVE-2026-1438

Reflected Cross-Site Scripting XSS vulnerability in the Graylog Web Interface console, version 2.2.3, caused by a lack of proper sanitization and escaping in HTML output. Several endpoints include segments of the URL directly in the response without applying output encoding, allowing an attacker ...

CVE-2026-1441

Reflected Cross-Site Scripting XSS vulnerability in the Graylog Web Interface console, version 2.2.3, caused by a lack of proper sanitization and escaping in HTML output. Several endpoints include segments of the URL directly in the response without applying output encoding, allowing an attacker ...

CVE-2026-1438 Reflected Cross-Site Scripting (XSS) vulnerability in Graylog Web Interface

Reflected Cross-Site Scripting XSS vulnerability in the Graylog Web Interface console, version 2.2.3, caused by a lack of proper sanitization and escaping in HTML output. Several endpoints include segments of the URL directly in the response without applying output encoding, allowing an attacker ...

PT-2026-20393

Reflected Cross-Site Scripting XSS vulnerability in the Graylog Web Interface console, version 2.2.3, caused by a lack of proper sanitization and escaping in HTML output. Several endpoints include segments of the URL directly in the response without applying output encoding, allowing an attacker ...

PT-2026-20395

Reflected Cross-Site Scripting XSS vulnerability in the Graylog Web Interface console, version 2.2.3, caused by a lack of proper sanitization and escaping in HTML output. Several endpoints include segments of the URL directly in the response without applying output encoding, allowing an attacker ...

PT-2026-20396

Reflected Cross-Site Scripting XSS vulnerability in the Graylog Web Interface console, version 2.2.3, caused by a lack of proper sanitization and escaping in HTML output. Several endpoints include segments of the URL directly in the response without applying output encoding, allowing an attacker ...

PT-2026-20268

Name of the Vulnerable Software and Affected Versions lty628 aidigu version 1.9.1 Description The software is susceptible to a Cross Site Scripting XSS issue. This affects the /tools/Password/add page, specifically within the password input field. Successful exploitation could allow an attacker t...

CVE-2026-24426

Shenzhen Tenda AC7 firmware version V03.03.03.01cn and prior contain an improper output encoding vulnerability in the web management interface. User-supplied input is reflected in HTTP responses without adequate escaping, allowing injection of arbitrary HTML or JavaScript in a victim’s browser...

CVE-2026-24426

Shenzhen Tenda AC7 firmware version V03.03.03.01cn and prior contain an improper output encoding vulnerability in the web management interface. User-supplied input is reflected in HTTP responses without adequate escaping, allowing injection of arbitrary HTML or JavaScript in a victim’s browser...

CVE-2026-24426

The CVE-2026-24426 issue affects Shenzhen Tenda AC7 firmware prior to V03.03.03.01_cn, where an improper output encoding in the web management interface reflects user input in HTTP responses. This reflected XSS risk could allow injection of arbitrary HTML/JavaScript into a victim’s browser contex...