EUVD-2026-26438

A weakness has been identified in LinkStackOrg LinkStack up to 4.8.6. Impacted is the function editPage of the file app/Http/Controllers/UserController.php. Executing a manipulation of the argument pageDescription can lead to cross site scripting. It is possible to launch the attack remotely. The...

CVE-2026-7501 LinkStackOrg LinkStack UserController.php editPage cross site scripting

A weakness has been identified in LinkStackOrg LinkStack up to 4.8.6. Impacted is the function editPage of the file app/Http/Controllers/UserController.php. Executing a manipulation of the argument pageDescription can lead to cross site scripting. It is possible to launch the attack remotely. The...

CVE-2026-7501 LinkStackOrg LinkStack UserController.php editPage cross site scripting

A weakness has been identified in LinkStackOrg LinkStack up to 4.8.6. Impacted is the function editPage of the file app/Http/Controllers/UserController.php. Executing a manipulation of the argument pageDescription can lead to cross site scripting. It is possible to launch the attack remotely. The...

CVE-2026-28686

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, A heap-buffer-overflow vulnerability exists in the PCL encode due to an undersized output buffer allocation. This vulnerability is fixed in 7.1.2-16 and 6.9.13-...

EUVD-2020-21612

Malware in sbrugna...

EUVD-2018-11580

Malware in sbrugna...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: cups (UTSA-2025-987464)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987464 advisory. CUPS is a standards-based, open-source printing system, and libppd can be used for legacy PPD file support. The libppd function ppdCreatePPDFromIPP2 does not sanitiz...

EUVD-2025-17556

Malicious code in bioql PyPI...

DEBIAN-CVE-2022-50323

In the Linux kernel, the following vulnerability has been resolved: net: do not sense pfmemalloc status in skbappendpagefrags skbappendpagefrags is used by afunix and udp sendpage implementation so far. In commit 326140063946 "tcp: TX zerocopy should not sense pfmemalloc status" we explained why ...

Cross-site Scripting (XSS)

Overview anchorcms/anchor-cms is a lightweight blog CMS for PHP. Affected versions of this package are vulnerable to Cross-site Scripting XSS through the "page description" field in the page creation interface /admin/pages/add. An attacker can execute arbitrary JavaScript code by injecting...

CVE-2025-46041

A stored cross-site scripting XSS vulnerability in Anchor CMS v0.12.7 allows attackers to inject malicious JavaScript via the page description field in the page creation interface /admin/pages/add...

CVE-2025-46041

A stored cross-site scripting XSS vulnerability in Anchor CMS v0.12.7 allows attackers to inject malicious JavaScript via the page description field in the page creation interface /admin/pages/add...

CVE-2025-46041

Anchor CMS v0.12.7 is affected by CVE-2025-46041: a stored XSS in the page creation interface, exploitable via the description field on /admin/pages/add. An authenticated user (admin/editor) can inject arbitrary JavaScript which is stored and executed when the page is viewed. Affected component/l...

PT-2025-24544 · Unknown · Anchor Cms

Name of the Vulnerable Software and Affected Versions: Anchor CMS version 0.12.7 Description: A stored cross-site scripting XSS issue allows attackers to inject malicious JavaScript via the page description field in the page creation interface, specifically the "/admin/pages/add" API endpoint...

Ghostscript: NPDL device: Compression buffer overflow

A flaw was found in Artifex Ghostscript. The NPDL device has a compression buffer overflow for contrib/japanese/gdevnpdl.c...

CVE-2024-32745

A cross-site scripting XSS vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE DESCRIPTION parameter under the CURRENT PAGE module...

CVE-2020-29233

WonderCMS 3.1.3 is affected by cross-site scripting XSS in the Page description component. This vulnerability can allow an attacker to inject the XSS payload in the Page description and each time any user will visits the website, the XSS triggers and attacker can steal the cookie according to the...

CVE-2024-13080

A vulnerability was found in PHPGurukul Land Record System 1.0. It has been classified as problematic. This affects an unknown part of the file /admin/aboutus.php. The manipulation of the argument Page Description leads to cross site scripting. It is possible to initiate the attack remotely. The...

PT-2024-17925 · Unknown · Phpgurukul Land Record System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Land Record System version 1.0 Description: A problem has been found in the code of the file /admin/contactus.php. The manipulation of the Page Description argument leads to cross-site scripting. The attack can be initiated remotel...

WonderCMS 安全漏洞

WonderCMS is an open source PHP-based content management system CMS. A cross-site scripting vulnerability exists in WonderCMS v3.4.3, which stems from the lack of effective filtering and escaping of user-supplied data in the PAGE DESCRIPTION parameter of the Settings section, and can be exploited...