CVE-2026-28436

Frappe is a full-stack web application framework. Prior to versions 16.11.0 and 15.102.0, an attacker can set a crafted image URL that results in XSS when the avatar is displayed, and it can be triggered for other users via website page comments. This issue has been patched in versions 16.11.0 an...

CVE-2026-28436 Frappe: Stored XSS in avatar_macro.html

Frappe is a full-stack web application framework. Prior to versions 16.11.0 and 15.102.0, an attacker can set a crafted image URL that results in XSS when the avatar is displayed, and it can be triggered for other users via website page comments. This issue has been patched in versions 16.11.0 an...

CVE-2026-28436

Frappe is a full-stack web application framework. Prior to versions 16.11.0 and 15.102.0, an attacker can set a crafted image URL that results in XSS when the avatar is displayed, and it can be triggered for other users via website page comments. This issue has been patched in versions 16.11.0 an...

CVE-2021-47892

PEEL Shopping 9.3.0 contains a stored cross-site scripting vulnerability in the 'Comments / Special Instructions' parameter of the purchase page. Attackers can inject malicious JavaScript payloads that will execute when the page is refreshed, potentially allowing client-side script execution...

EUVD-2025-203408

A HTML Injection vulnerability in the comment section of the project page in MicroStudio 24.01.29 allows remote attackers to inject arbitrary web script or HTML via the text parameter of addprojectcomment function...

CVE-2025-62246

Multiple stored cross-site scripting XSS vulnerabilities in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, and older unsupported versions allow remote authenticated users t...

EUVD-2017-10721

Malware in sbrugna...

EUVD-2008-5766

Malware in sbrugna...

CVE-2022-42000

Cross-site Scripting XSS vulnerability in BlueSpiceSocialProfile extension of BlueSpice allows user with comment permissions to inject arbitrary HTML into the comment section of a wikipage...

YFCMF 跨站脚本漏洞

YFCMF is a software application. Provides a lightweight enterprise website management system. A cross-site scripting vulnerability exists in YFCMF version v2.3.1, which originates in the comments section of the news page...

Security Bulletin: Security Bulletin: IBM Security Privileged Identity Manager is affected by sensitive information in page comments vulnerability (CVE-2017-1705)

Summary IBM Security Privileged Identity Manager has addressed the following vulnerability. There was left-over sensitive information in page comments Vulnerability Details Relevant CVE Information: CVEID: CVE-2017-1705 DESCRIPTION: IBM Security Privileged Identity Manager contains left-over,...

IBM Security Privileged Identity Manager Information Disclosure Vulnerability (CNVD-2018-08470)

IBM Security Privileged Identity Manager ISPIM is an identity management product within IBM Identity Governance and Management, an identity governance solution from IBM Corporation, USA, that protects, automates and audits the use of privileged identities,... It is designed to protect, automate a...

CVE-2017-1705

IBM Security Privileged Identity Manager 2.1.0 contains left-over, sensitive information in page comments. While this information is not visible at first it can be obtained by viewing the page source. IBM X-Force ID: 134427...

CVE-2017-1705

IBM Security Privileged Identity Manager 2.1.0 contains left-over, sensitive information in page comments. While this information is not visible at first it can be obtained by viewing the page source. IBM X-Force ID: 134427...

CVE-2017-1705

IBM Security Privileged Identity Manager 2.1.0 contains left-over, sensitive information in page comments. While this information is not visible at first it can be obtained by viewing the page source. IBM X-Force ID: 134427...

CVE-2017-1705

CVE-2017-1705 affects IBM Security Privileged Identity Manager (ISPIM) 2.1.0. The issue is sensitive information left in HTML page comments, not visible in the UI but retrievable via page source. Root cause: sensitive data remnants in comments. Impact: potential exposure of privileged context inf...

Stored Cross-Site Scripting Vulnerability in Pivotx

Pivotx is an open source blog content management system. Pivotx 2.3.11 and prior versions have a stored cross-site scripting vulnerability at the home page message comments. A lack of filtering in the lib.php file allows an attacker to inject cross-site statements using only supported tags...

CVE-2008-5795

Cross-site scripting XSS vulnerability in the eluna Page Comments elunapagecomments extension 1.1.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Sql injection

SQL injection vulnerability in the eluna Page Comments elunapagecomments extension 1.1.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

CVE-2008-5796

SQL injection vulnerability in the eluna Page Comments elunapagecomments extension 1.1.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...