PT-2026-23727

Kestra is an event-driven orchestration platform. In versions from 1.1.10 and prior, Kestra’s execution-file preview renders user-supplied Markdown .md with markdown-it instantiated as html:true and injects the resulting HTML with Vue’s v-html without sanitisation. At time of publication, there a...

LangBot 跨站脚本漏洞

LangBot is an open-source development platform for large-scale instant messaging robots created by LangBot. Versions of LangBot prior to 4.8.7 contained a cross-site scripting vulnerability. This vulnerability stemmed from the use of rehypeRaw to render the original HTML provided by users, which...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via unsafe template rendering that combines user input with permissive sanitizer handling of data URLs in the display of author and committer names. An attacker can execute arbitrary JavaScript in the context of...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via unsafe template rendering that combines user input with permissive sanitizer handling of data URLs in the display of author and committer names. An attacker can execute arbitrary JavaScript in the context of...

GHSA-VGVF-M4FW-938J Gogs: Stored XSS in branch and wiki views through author and committer names

Summary Stored XSS is still possible through unsafe template rendering that mixes user input with safe plus permissive sanitizer handling of data URLs. Details safe still turns off escaping: - internal/template/template.go - func saferaw string template.HTML return template.HTMLraw Branch pages...

CVE-2026-26195

Gogs is an open source self-hosted Git service. Prior to version 0.14.2, stored xss is still possible through unsafe template rendering that mixes user input with safe plus permissive sanitizer handling of data urls. This issue has been patched in version 0.14.2...

CVE-2026-26195

Gogs prior to v0.14.2 is affected by a stored XSS due to unsafe template rendering that mixes user input with a permissive sanitizer for data URLs. The issue enables stored cross-site scripting via data URLs and has been patched in v0.14.2. CVSS v4.0 base metrics indicate a MEDIUM severity (6.9) ...

Wagtail 跨站脚本漏洞

Wagtail is an open-source content management system CMS developed by Wagtail. Versions of Wagtail prior to 6.3.8, 7.0.6, 7.2.3, and 7.3.1 had a cross-site scripting vulnerability. This vulnerability stemmed from the rendering of TableBlock blocks in StreamField, which allowed for stored cross-sit...

MarkUs 跨站脚本漏洞

MarkUs is an open-source Ruby on Rails and React web application used for submitting and grading student assignments. Versions of MarkUs prior to 2.9.1 had a cross-site scripting vulnerability, which stemmed from failing to properly clean up when reading and rendering the content of student...

Gogs（Go Git Service） 跨站脚本漏洞

Gogs Go Git Service is a Go-based self-service Git hosting service developed by the Gogs team. It supports creating and migrating public/private repositories, as well as adding and removing repository collaborators. Prior to version 0.14.2, Gogs had a cross-site scripting vulnerability. This...

PT-2026-23486

Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.14.2 Description Gogs, a self-hosted Git service, contains a stored cross-site scripting XSS issue due to unsafe template rendering. The issue arises from mixing user input with permissive sanitizer handling of data UR...

CVE-2026-28357

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, a stored XSS vulnerability exists in the Formula virtual cell. Formula results containing URI:: patterns are rendered via v-html without sanitization, allowing injected HTML to execute. This issue has been patche...

CVE-2026-26266

AliasVault is a privacy-first password manager with built-in email aliasing. A stored cross-site scripting XSS vulnerability was identified in the email rendering feature of AliasVault Web Client versions 0.25.3 and lower. When viewing received emails on an alias, the HTML content is rendered in ...

CVE-2026-26266 AliasVault affected by Cross-Site Scripting (XSS) via Email HTML Rendering

AliasVault is a privacy-first password manager with built-in email aliasing. A stored cross-site scripting XSS vulnerability was identified in the email rendering feature of AliasVault Web Client versions 0.25.3 and lower. When viewing received emails on an alias, the HTML content is rendered in ...

CVE-2026-26266 AliasVault affected by Cross-Site Scripting (XSS) via Email HTML Rendering

AliasVault is a privacy-first password manager with built-in email aliasing. A stored cross-site scripting XSS vulnerability was identified in the email rendering feature of AliasVault Web Client versions 0.25.3 and lower. When viewing received emails on an alias, the HTML content is rendered in ...

CVE-2026-26266

AliasVault Web Client versions ≤ 0.25.3 are affected by a stored XSS in the email rendering feature. HTML content of emails viewed in an alias is rendered in an iframe via srcdoc, which lacks origin isolation, allowing a crafted email containing JavaScript to execute in the application's origin w...

CVE-2026-26266 AliasVault affected by Cross-Site Scripting (XSS) via Email HTML Rendering

AliasVault is a privacy-first password manager with built-in email aliasing. A stored cross-site scripting XSS vulnerability was identified in the email rendering feature of AliasVault Web Client versions 0.25.3 and lower. When viewing received emails on an alias, the HTML content is rendered in ...

GHSA-R294-2894-92J3 OpenClaw has stored XSS in exported session HTML viewer via markdown/raw-HTML rendering

Summary The exported session HTML viewer allowed stored XSS when untrusted session content included raw HTML markdown tokens or unescaped metadata fields. Impact Opening a crafted exported HTML session could execute attacker-controlled JavaScript in the viewer context. This can expose session...

NocoDB Vulnerable to Stored Cross-Site Scripting via Rich Text Cells

Summary Rich text cell content rendered via v-html without sanitization, enabling stored XSS. Details Rich text in TextArea.vue was parsed by markdown-it with html: true and injected via v-html without DOMPurify. A user with Editor role can inject arbitrary HTML that executes for all viewers...

NocoDB Vulnerable to Stored Cross-site Scripting via Comments

Summary Comments rendered via v-html without sanitization, enabling stored XSS. Details Comments in Comments.vue were parsed by markdown-it with html: true and injected via v-html without DOMPurify. A user with Commenter role can inject arbitrary HTML that executes for all viewers. Impact Stored...