PT-2026-26438

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. SuiteCRM 7.15.0 contains a reflected HTML injection vulnerability in the login page that allows attackers to inject arbitrary HTML content, enabling phishing attacks and page defacement. Versio...

CVE-2026-29183

SiYuan Note/CMS exposes an unauthenticated reflected XSS via GET /api/icon/getDynamicIcon with type=8, where attacker-controlled content is inserted into SVG output without escaping. Prior to 3.5.9, this allowed injection of executable JavaScript in the SiYuan web origin, potentially enabling act...

PT-2026-21530

Name of the Vulnerable Software and Affected Versions Shenzhen Tenda F3 Wireless Router firmware version V12.01.01.55 multi Description The administrative interface of the software lacks the X-Content-Type-Options: nosniff header in responses and includes attacker-influenced content that can be...

Oracle GlassFish Server 跨站脚本漏洞

Oracle GlassFish Server is an application from Oracle Corporation.Oracle GlassFish Server is built using the GlassFish Server Open Source Edition to provide a flexible, lightweight, and production-ready Java EE 6 application server. Oracle GlassFish Server suffers from a cross-site scripting...

PT-2021-20055 · Oracle · Oracle Glassfish Server

Name of the Vulnerable Software and Affected Versions: Oracle GlassFish Server versions 3.1.2.18 and below Description: The issue allows a malicious user to cause an administrator user to supply dangerous content to the vulnerable page, which is then reflected back to the user and executed by the...

Cross-site Scripting (XSS)

Overview iobroker.web is a Web server on the base of Node.js and express to read the files from ioBroker DB. Affected versions of this package are vulnerable to Cross-site Scripting XSS. Characters in the GET url path are not properly escaped and can be reflected in the server response. Details...