Hono vulnerable to XSS through ErrorBoundary component

Summary A Cross-Site Scripting XSS vulnerability exists in the ErrorBoundary component of the hono/jsx library. Under certain usage patterns, untrusted user-controlled strings may be rendered as raw HTML, allowing arbitrary script execution in the victim's browser. Details The issue is in the...

Cross-site Scripting (XSS)

Overview hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to Cross-site Scripting XSS via the ErrorBoundary component of the jsx library, when untrusted user-controlled strings are rendered as raw HTML. An attacker can execute scripts in the victim...

PT-2026-5014

Name of the Vulnerable Software and Affected Versions Hono versions prior to 4.11.7 Description A Cross-Site Scripting XSS issue exists in the ErrorBoundary component of the hono/jsx library. Untrusted data from users may be rendered as raw HTML, potentially allowing execution of arbitrary script...

EUVD-2026-3777

Saleor is an e-commerce platform. Starting in version 3.0.0 and prior to versions 3.20.108, 3.21.43, and 3.22.27, Saleor was allowing users to modify rich text fields with HTML without running any backend HTML cleaners thus allowing malicious actors to perform stored XSS attacks on dashboards and...

CVE-2023-25437

An issue was discovered in vTech VCS754 version 1.1.1.A before 1.1.1.H, allows attackers to gain escalated privileges and gain sensitive information due to cleartext passwords passed in the raw HTML...

Cross-site Scripting (XSS)

Overview Kentico.Xperience.AspNet.Mvc5.Libraries is an assemblies required to use the Kentico Xperience API in class libraries developed for ASP.NET MVC 5 applications. Does not include content items or other modifications intended for the MVC web application itself. Affected versions of this...

Cross-site Scripting (XSS)

Overview Kentico.Xperience.AspNetCore.WebApp is an assemblies and content items required to integrate Kentico Xperience into ASP.NET Core applications. Affected versions of this package are vulnerable to Cross-site Scripting XSS through the CheckBox.cshtml view rendering. An attacker can execute...

Small Language Models for Phishing Website Detection: Cost, Performance, and Privacy Trade-Offs

Phishing websites pose a major cybersecurity threat, exploiting unsuspecting users and causing significant financial and organisational harm. Traditional machine learning approaches for phishing detection often require extensive feature engineering, continuous retraining, and costly infrastructur...

EUVD-2013-2037

Malware in sbrugna...

EUVD-2020-23146

Malware in sbrugna...

EUVD-2020-23149

Malware in sbrugna...

EUVD-2025-30838

Malicious code in bioql PyPI...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Prompt module when commands return raw HTML. An attacker can execute arbitrary scripts in the context of a user's browser by submitting malicious input that is processed through certain commands. Details...

Cross-site Scripting (XSS)

Overview DotNetNuke.Core is a references provider to the DotNetNuke.dll to develop extensions for the DNN Platform. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Prompt module when commands return raw HTML. An attacker can execute arbitrary scripts in the...

CVE-2025-59545

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 10.1.0, the Prompt module allows execution of commands that can return raw HTML. Malicious input, even if sanitized for display elsewhere, can be executed when processed...

CVE-2025-59545 DNN Vulnerable to Stored Cross-Site Scripting (XSS) in the Prompt module

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 10.1.0, the Prompt module allows execution of commands that can return raw HTML. Malicious input, even if sanitized for display elsewhere, can be executed when processed...

DNN 跨站脚本漏洞

DNN also known as DotNetNuke is a set of American DNN company by Microsoft support, based on the ASP.NET platform of open source content management system CMS. The system is easy to install, scalable, feature-rich and so on. A cross-site scripting vulnerability exists in DNN versions prior to...

CVE-2025-59411

CubeCart is an ecommerce software solution. Prior to version 6.5.11, the contact form’s Enquiry field accepts raw HTML and that HTML is included verbatim in the email sent to the store admin. By submitting HTML in the Enquiry, the admin receives an email containing that HTML. This indicates user...

CVE-2025-53835

XWiki Rendering is a generic rendering system that converts textual input in a given syntax wiki syntax, HTML, etc into another syntax XHTML, etc. Starting in version 5.4.5 and prior to version 14.10, the XHTML syntax depended on the xdom+xml/current syntax which allows the creation of raw blocks...

CVE-2025-53835 XWiki Rendering is vulnerable to XSS attacks through insecure XHTML syntax

XWiki Rendering is a generic rendering system that converts textual input in a given syntax wiki syntax, HTML, etc into another syntax XHTML, etc. Starting in version 5.4.5 and prior to version 14.10, the XHTML syntax depended on the xdom+xml/current syntax which allows the creation of raw blocks...