3392 matches found
CVE-2026-29038 changedetection.io: Reflected XSS in RSS Tag Error Response
changedetection.io is a free open source web page change detection tool. Prior to version 0.54.4, there is a reflected cross-site scripting XSS vulnerability identified in the /rss/tag/ endpoint of changedetection.io. The taguuid path parameter is reflected directly in the HTTP response body...
CVE-2026-29038 changedetection.io: Reflected XSS in RSS Tag Error Response
changedetection.io is a free open source web page change detection tool. Prior to version 0.54.4, there is a reflected cross-site scripting XSS vulnerability identified in the /rss/tag/ endpoint of changedetection.io. The taguuid path parameter is reflected directly in the HTTP response body...
CVE-2026-29038
CVE-2026-29038 affects changedetection.io before version 0.54.4. The vulnerability is a reflected XSS in the /rss/tag/ endpoint where the URL path parameter tag_uuid is reflected in the HTTP response body without HTML escaping. Flask returns text/html by default for plain strings, enabling the br...
Cross-site Scripting (XSS)
Overview changedetection.io is a Website change detection and monitoring service Affected versions of this package are vulnerable to Cross-site Scripting XSS via the taguuid parameter in the /rss/tag/ endpoint, which is reflected in the HTTP response without proper escaping. An attacker can execu...
changedetection.io has Reflected XSS in its RSS Tag Error Response
A reflected cross-site scripting XSS vulnerability was identified in the /rss/tag/ endpoint of changedetection.io. The taguuid path parameter is reflected directly in the HTTP response body without HTML escaping. Since Flask returns text/html by default for plain string responses, the browser...
CVE-2026-28559
wpForo Forum 2.4.14 contains an information disclosure vulnerability that allows unauthenticated users to retrieve private and unapproved forum topics via the global RSS feed endpoint. Attackers request the RSS feed without a forum ID parameter, bypassing the privacy and status WHERE clauses that...
CVE-2026-28559
wpForo Forum 2.4.14 has an information disclosure flaw in the global RSS feed endpoint that allows unauthenticated access to private and unapproved topics. Requesting the RSS feed without a forum ID bypasses privacy and status filters that are applied when a specific forum ID is present, exposing...
CVE-2026-28559 wpForo Forum 2.4.14 Information Disclosure via Global RSS Feed
wpForo Forum 2.4.14 contains an information disclosure vulnerability that allows unauthenticated users to retrieve private and unapproved forum topics via the global RSS feed endpoint. Attackers request the RSS feed without a forum ID parameter, bypassing the privacy and status WHERE clauses that...
CVE-2026-27645
changedetection.io is a free open source web page change detection tool. In versions prior to 0.54.1, the RSS single-watch endpoint reflects the UUID path parameter directly in the HTTP response body without HTML escaping. Since Flask returns text/html by default for plain string responses, the...
Cross-site Scripting (XSS)
Overview changedetection.io is a Website change detection and monitoring service Affected versions of this package are vulnerable to Cross-site Scripting XSS via the rss/ endpoint, where the UUID path parameter is reflected in the HTTP response body without proper HTML escaping. An attacker can...
CVE-2026-27645
changedetection.io is a free open source web page change detection tool. In versions prior to 0.54.1, the RSS single-watch endpoint reflects the UUID path parameter directly in the HTTP response body without HTML escaping. Since Flask returns text/html by default for plain string responses, the...
CVE-2026-27645
CVE-2026-27645 : In affected changedetection.io versions prior to 0.54.1, the RSS single-watch endpoint reflects the UUID path parameter directly in the HTTP response body without HTML escaping. Because Flask returns text/html by default for plain string responses, the browser may parse and execu...
CVE-2026-27645
changedetection.io is a free open source web page change detection tool. In versions prior to 0.54.1, the RSS single-watch endpoint reflects the UUID path parameter directly in the HTTP response body without HTML escaping. Since Flask returns text/html by default for plain string responses, the...
CVE-2026-27645 changedetection.io Vulnerable to Reflected XSS in RSS Single Watch Error Response
changedetection.io is a free open source web page change detection tool. In versions prior to 0.54.1, the RSS single-watch endpoint reflects the UUID path parameter directly in the HTTP response body without HTML escaping. Since Flask returns text/html by default for plain string responses, the...
CVE-2025-60183
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in silence Silencesoft RSS Reader external-rss-reader allows Stored XSS.This issue affects Silencesoft RSS Reader: from n/a through = 0.6...
CVE-2025-60183 WordPress Silencesoft RSS Reader Plugin <= 0.6 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in silence Silencesoft RSS Reader external-rss-reader allows Stored XSS.This issue affects Silencesoft RSS Reader: from n/a through = 0.6...
CVE-2025-60183 WordPress Silencesoft RSS Reader Plugin <= 0.6 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in silence Silencesoft RSS Reader external-rss-reader allows Stored XSS.This issue affects Silencesoft RSS Reader: from n/a through = 0.6...
CVE-2026-2825
A vulnerability has been found in rachelos WeRSS we-mp-rss up to 1.4.8. This impacts the function fixhtml of the file tools/fix.py of the component Article Module. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the...
CVE-2026-2825 rachelos WeRSS we-mp-rss Article fix.py fix_html cross site scripting
A vulnerability has been found in rachelos WeRSS we-mp-rss up to 1.4.8. This impacts the function fixhtml of the file tools/fix.py of the component Article Module. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the...
CVE-2026-2825 rachelos WeRSS we-mp-rss Article fix.py fix_html cross site scripting
A vulnerability has been found in rachelos WeRSS we-mp-rss up to 1.4.8. This impacts the function fixhtml of the file tools/fix.py of the component Article Module. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the...