4 matches found
CVE-2026-55659
Grist is spreadsheet software using Python as its formula language. Prior to 1.7.15, several server-rendered Grist pages embedded user-controlled values into the page and into inline scripts without fully escaping them, allowing cross-site scripting. On the main application page, a document's nam...
CVE-2026-55659 Grist: XSS through unsafe value interpolation in server-rendered pages
Grist is spreadsheet software using Python as its formula language. Prior to 1.7.15, several server-rendered Grist pages embedded user-controlled values into the page and into inline scripts without fully escaping them, allowing cross-site scripting. On the main application page, a document's nam...
PT-2026-6855
Gophish = 0.12.1 is vulnerable to Incorrect Access Control. The administrative dashboard exposes each user’s long-lived API key directly inside the rendered HTML/JavaScript of the page on every login. This makes permanent API credentials accessible to any script running in the browser context...
DCP-Portal 3.7/4.x/5.x Multiple HTML Injection Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/11339/info DCP-Portal is reported prone to multiple HTML injection vulnerabilities. It is reported that DCP-Portal does not sufficiently filter data submitted via input fields in several scripts. These vulnerabilities may...