2 matches found
NPM: TinaCMS: Cross-origin postMessage handlers and rich-text URL-sanitization bypass enable stored XSS and session takeover
NPM: TinaCMS: Cross-origin postMessage handlers and rich-text URL-sanitization bypass enable stored XSS and session takeover vulnerability discovered by ? in WordPress Npm tinacms versions 3.9.3...
CVE-2026-22849
Saleor (e-commerce platform) contains a stored XSS vulnerability in rich text fields due to missing backend HTML cleaning prior to versions 3.20.108, 3.21.43, and 3.22.27. The underlying issue is lack of HTML sanitization in rich text content, enabling malicious actors to inject scripts that coul...