CVE-2025-66310

This admin plugin for Grav is an HTML user interface that provides a convenient way to configure Grav and easily create and modify pages. Prior to 1.11.0-beta.1, a Stored Cross-Site Scripting XSS vulnerability was identified in the /admin/pages/page endpoint of the Grav application. This...

EUVD-2025-200100

Grav vulnerable to Cross-Site Scripting XSS Stored endpoint /admin/pages/page parameter dataheadertemplate in Advanced Tab...

CVE-2023-49565 Remote Code Execution

The cbismanager Podman container is vulnerable to remote command execution via the /api/plugins endpoint. Improper sanitization of the HTTP Headers X-FILENAME, X-PAGE, and X-FIELD allows for command injection. These headers are directly utilized within the subprocess.Popen Python function without...

Nokia CloudBand Infrastructure Software和Nokia Container Service 安全漏洞

Nokia CloudBand Infrastructure Software and Nokia Container Service are both products of the Finnish company Nokia.Nokia CloudBand Infrastructure Software is a platform that supports the virtualization of network functions. Nokia Container Service is a container management service. A security...

Vulnerability of components in page.h and init.c of the Linux operating system’s kernel, which allows a hacker to cause a service failure

The vulnerability of the page.h and init.c components in the Linux operating system’s kernel is related to memory initialization errors. Exploiting this vulnerability can allow an attacker to cause a service failure...

XWiki Platform 安全漏洞

XWiki Platform is XWiki's open source suite of Wiki platforms for creating web collaboration applications. A security vulnerability exists in XWiki Platform versions 10.9 through 16.4.6, 16.5.0-rc-1 through 16.10.2, and 17.0.0-rc-1, which stems from a REST API-accessible page header that could le...

The vulnerability of the virt_addr_valid() function in the arch/powerpc/include/asm/page.h module of the Linux operating system allows a hacker to cause a service failure.

The vulnerability of the virtaddrvalid function in the arch/powerpc/include/asm/page.h module of the Linux operating system is related to incorrect error handling. Exploiting this vulnerability could allow an attacker to cause a service failure...

GHSA-HWCP-2H35-P66W PhpSpreadsheet has a Cross-Site Scripting (XSS) vulnerability of the hyperlink base in the HTML page header

Cross-Site Scripting XSS vulnerability of the hyperlink base in the HTML page header Product: Phpspreadsheet Version: version 3.6.0 CWE-ID: CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' CVSS vector v.3.1: 5.4 AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS...

CVE-2024-56411

CVE-2024-56411 concerns PhpSpreadsheet: an XSS vulnerability in the hyperlink base used when generating HTML headers via PhpOffice\PhpSpreadsheet\Writer\Html. The issue arises because the HTML page header is built without sanitizing the hyperlink base, potentially allowing malicious payloads when...

CVE-2024-56411 PhpSpreadsheet has Cross-Site Scripting (XSS) vulnerability of the hyperlink base in the HTML page header

PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 have a cross-site scripting XSS vulnerability of the hyperlink base in the HTML page header. The HTML page is formed without sanitizing the hyperlink base. Versions 3.7.0,...

CVE-2024-56411 PhpSpreadsheet has Cross-Site Scripting (XSS) vulnerability of the hyperlink base in the HTML page header

PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 have a cross-site scripting XSS vulnerability of the hyperlink base in the HTML page header. The HTML page is formed without sanitizing the hyperlink base. Versions 3.7.0,...

CVE-2024-56411 PhpSpreadsheet has Cross-Site Scripting (XSS) vulnerability of the hyperlink base in the HTML page header

PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 have a cross-site scripting XSS vulnerability of the hyperlink base in the HTML page header. The HTML page is formed without sanitizing the hyperlink base. Versions 3.7.0,...

CVE-2023-36666

INEX IXP-Manager before 6.3.1 allows XSS. list-preamble.foil.php, page-header-preamble.foil.php, edit-form.foil.php, page-header-preamble.foil.php, overview.foil.php, cust.foil.php, and view.foil.php may be affected...

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in GitLab DAST analyzer version 2.0 up to and...

Cross site scripting

Cross-site Scripting XSS vulnerability in BlueSpiceDiscovery skin of BlueSpice allows logged in user with edit permissions to inject arbitrary HTML into the default page header of a wikipage...

BlueSpice 跨站脚本漏洞

BlueSpice is free Wiki software from BlueSpice based on the MediaWiki engine. A cross-site scripting vulnerability exists in BlueSpice versions prior to 4.2.1, which stems from the presence of cross-site scripting XSS that allows a logged-in user with editing privileges to inject arbitrary HTML...

PT-2022-26074 · Bluespice · Bluespice

Name of the Vulnerable Software and Affected Versions: BlueSpice affected versions not specified Description: The issue allows a logged-in user with edit permissions to inject arbitrary HTML into the default page header of a wiki page due to a Cross-site Scripting XSS vulnerability in the...

Malicious code in idcs-page-header (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c1d8172ca3493517464b2899e39d788b122bc179a303d4f0113cba3a0e418faf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-3765 Malicious code in idcs-page-header (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c1d8172ca3493517464b2899e39d788b122bc179a303d4f0113cba3a0e418faf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

GHSA-C2H6-7GM8-CV4W XSS in MITREid Connect

The OpenID Connect reference implementation for MITREid Connect through 1.3.3 allows XSS due to userInfoJson being included in the page unsanitized. This is related to header.tag. The issue can be exploited to execute arbitrary JavaScript...