GHSA-GQR2-7HCG-RCHF CI4MS: Stored XSS in Pages Module Content via Broken html_purify Validation Rule

Summary The Pages backend module registers the htmlpurify validation rule on language-keyed page content but persists the raw, un-purified POST value into the database. The public renderer for pages Home::index → app/Views/templates/default/pages.php emits $pageInfo-content without esc, yielding...

CI4MS: Stored XSS in Pages Module Content via Broken html_purify Validation Rule

Summary The Pages backend module registers the htmlpurify validation rule on language-keyed page content but persists the raw, un-purified POST value into the database. The public renderer for pages Home::index → app/Views/templates/default/pages.php emits $pageInfo-content without esc, yielding...

GHSA-2M69-JMVH-6CHR CI4MS: Stored XSS in Blog Content via Broken `html_purify` Validation Rule

Summary The custom htmlpurify validation rule used to sanitize blog post bodies relies on by-reference mutation ?string &$str, but CodeIgniter 4's validator passes a local copy of the value, so the sanitized text is silently discarded. The Blog controller writes $lanData'content' directly into...

PT-2026-41770

Summary The Pages backend module registers the html purify validation rule on language-keyed page content but persists the raw, un-purified POST value into the database. The public renderer for pages Home::index → app/Views/templates/default/pages.php emits $pageInfo-content without esc, yielding...

CVE-2026-44568 Open WebUI: Stored XSS in Pending User Overlay via Incorrect DOMPurify Application Order

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the AccountPending.svelte component renders the admin-configured "Pending User Overlay Content" using marked.parse inside @html with an incorrect DOMPurify application order. An admi...

Open WebUI 跨站脚本漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI that is open source. Versions of Open WebUI prior to 0.9.3 had a cross-site scripting vulnerability. This vulnerability stemmed from the XLSX.utils.sheettohtml function, which was rendered using @html excelHtml without...

EUVD-2026-20485

CI4MS has stored XSS in Pages Content Due to Missing htmlpurify Sanitization...

CVE-2026-39392

CI4MS is a CodeIgniter 4-based CMS skeleton. Prior to 0.31.4.0, the Pages module does not apply html_purify to content on create/update, so page content is stored unsanitized and rendered as raw HTML on the public frontend. An authenticated admin with page-editing privileges can inject arbitrary ...

CVE-2026-33628

Invoice Ninja is a source-available invoice, quote, project and time-tracking app built with Laravel. Invoice line item descriptions in Invoice Ninja v5.13.0 bypass the XSS denylist filter, allowing stored XSS payloads to execute when invoices are rendered in the PDF preview or client portal. The...

CVE-2026-33742

Invoice Ninja is a source-available invoice, quote, project and time-tracking app built with Laravel. Product notes fields in Invoice Ninja v5.13.0 allow raw HTML via Markdown rendering, enabling stored XSS. The Markdown parser output was not sanitized with purify::clean before being included in...

CVE-2026-33628

Invoice Ninja is a source-available invoice, quote, project and time-tracking app built with Laravel. Invoice line item descriptions in Invoice Ninja v5.13.0 bypass the XSS denylist filter, allowing stored XSS payloads to execute when invoices are rendered in the PDF preview or client portal. The...

CVE-2026-33742

Invoice Ninja (Laravel-based) v5.13.0 contains a stored XSS flaw in product notes through Markdown rendering, where raw HTML output was not sanitized before being embedded in invoice templates. The issue is explicitly fixed in v5.13.4 by applying purify::clean() to Markdown output. The vulnerabil...

CVE-2026-33742 Invoice Ninja has Stored XSS via Markdown HTML Injection in Product Notes

Invoice Ninja is a source-available invoice, quote, project and time-tracking app built with Laravel. Product notes fields in Invoice Ninja v5.13.0 allow raw HTML via Markdown rendering, enabling stored XSS. The Markdown parser output was not sanitized with purify::clean before being included in...

EUVD-2026-16418

Invoice Ninja is a source-available invoice, quote, project and time-tracking app built with Laravel. Product notes fields in Invoice Ninja v5.13.0 allow raw HTML via Markdown rendering, enabling stored XSS. The Markdown parser output was not sanitized with purify::clean before being included in...

CVE-2026-33628 Invoice Ninja Denylist Bypass may Lead to Stored XSS via Invoice Line Items

Invoice Ninja is a source-available invoice, quote, project and time-tracking app built with Laravel. Invoice line item descriptions in Invoice Ninja v5.13.0 bypass the XSS denylist filter, allowing stored XSS payloads to execute when invoices are rendered in the PDF preview or client portal. The...

CVE-2026-33628 Invoice Ninja Denylist Bypass may Lead to Stored XSS via Invoice Line Items

Invoice Ninja is a source-available invoice, quote, project and time-tracking app built with Laravel. Invoice line item descriptions in Invoice Ninja v5.13.0 bypass the XSS denylist filter, allowing stored XSS payloads to execute when invoices are rendered in the PDF preview or client portal. The...

CVE-2026-33628

Invoice Ninja (versions 5.13.0–5.13.3) is vulnerable to stored XSS via invoice line item descriptions rendered in PDF previews and client portals because the line item description field was not passed through purify::clean() before rendering. The root cause is the missing sanitization in the rend...

CVE-2026-33628

Invoice Ninja is a source-available invoice, quote, project and time-tracking app built with Laravel. Invoice line item descriptions in Invoice Ninja v5.13.0 bypass the XSS denylist filter, allowing stored XSS payloads to execute when invoices are rendered in the PDF preview or client portal. The...

Invoice Ninja Denylist Bypass may Lead to Stored XSS via Invoice Line Items

Vulnerability Details Invoice line item descriptions in Invoice Ninja v5.13.0 bypass the XSS denylist filter, allowing stored XSS payloads to execute when invoices are rendered in the PDF preview or client portal. The line item description field was not passed through purify::clean before...

Malicious Package

Overview eslint-plugin-react-purify is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...