5 matches found
PT-2026-50814
Name of the Vulnerable Software and Affected Versions pgAdmin 4 versions 6.0 through 9.15 Description Stored cross-site scripting exists in the error-rendering and plan-node-rendering paths. Text returned by a PostgreSQL server, such as ErrorResponse messages, object names in...
repostat: Reflected Cross-Site Scripting (XSS) via repo prop in RepoCard
Impact The RepoCard component is vulnerable to Reflected Cross-Site Scripting XSS. The vulnerability occurs because the component uses React's dangerouslySetInnerHTML to render the repository name repo prop during the loading state without any sanitization. If a developer using this package passe...
GHSA-FM8C-6M29-RP6J repostat: Reflected Cross-Site Scripting (XSS) via repo prop in RepoCard
Impact The RepoCard component is vulnerable to Reflected Cross-Site Scripting XSS. The vulnerability occurs because the component uses React's dangerouslySetInnerHTML to render the repository name repo prop during the loading state without any sanitization. If a developer using this package passe...
CVE-2026-27612
CVE-2026-27612 concerns the Repostat React component before version 1.0.1, where the repo prop is rendered with dangerouslySetInnerHTML during loading, allowing reflected XSS if unvalidated input is provided. The issue is fixed in 1.0.1 by switching to safe JSX data binding. The CVSSv3.1 base sco...
Cross-site Scripting (XSS)
Overview symfony/ux-twig-component is a Twig components for Symfony Affected versions of this package are vulnerable to Cross-site Scripting XSS via the ComponentAttributes class. An attacker can manipulate HTML attribute outputs and potentially execute scripts in the context of the affected web...