CVE-2026-41318

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to version 1.12.1, AnythingLLM's in-chat markdown renderer has an unsafe custom rule for images that interpolates the markdown image's alt text into an HTML alt="..."...

CVE-2026-5361

The Envira Gallery Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the REST API in versions up to and including 1.12.4. This is due to insufficient input sanitization in the updategallerydata function and improper output escaping in the galleryinit function. The...

PT-2026-41171

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.3 Description Open WebUI renders user-uploaded Office files, such as Excel and DOCX, as HTML using the @html directive without applying DOMPurify sanitization. This lack of sanitization allows for Stored...

GHSA-M7R8-6Q9J-M2HC WWBN AVideo has an incomplete fix for CVE-2026-33500: XSS

Summary The incomplete XSS fix in AVideo's ParsedownSafeWithLinks class overrides inlineMarkup for raw HTML but does not override inlineLink or inlineUrlTag, allowing javascript: URLs in markdown link syntax to bypass sanitization. Affected Package - Ecosystem: Other - Package: AVideo - Affected...

PT-2026-31649

Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, Directus stores revision records in directus revisions whenever items are created or updated. Due to the revision snapshot code not consistently calling the prepareDelta sanitization pipeline,...

EUVD-2026-14173

The Comment Genius plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' parameter in all versions up to, and including, 1.2.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitra...

CVE-2026-27627 Karakeep's Reddit plugin content bypasses DOMPurify sanitization, enabling stored XSS

Karakeep is a elf-hostable bookmark-everything app. In version 0.30.0, when the Reddit metascraper plugin returns readableContentHtml, the HTML parsing subprocess uses it directly without running it through DOMPurify. Every other content source in the crawler goes through Readability + DOMPurify,...

CVE-2025-14855 SureForms <= 2.2.0 - Unauthenticated Stored Cross-Site Scripting

The SureForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form field parameters in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web script...

DNN vulnerable to stored cross-site-scripting (XSS) via SVG upload

Summary Sanitization of the content of uploaded SVG files was not covering all possible XSS scenarios. Details DNN validates the contents of SVG's to ensure they are valid and do not contain any malicious code. These checks were introduced as part of CVE-2025-48378. However, the checks to ensure...

CVE-2019-25225

sanitize-html prior to version 2.0.0-beta is vulnerable to Cross-site Scripting XSS. The sanitizeHtml function in index.js does not sanitize content when using the custom transformTags option, which is intended to convert attribute values into text. As a result, malicious input can be transformed...

CVE-2024-13382

The Calculated Fields Form WordPress plugin before 5.2.64 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

DRUPAL-CONTRIB-2025-024

This module adds a formatter for link fields that displays the current entity with another view mode inside the link. Drupal core does not sufficiently sanitize link element attributes, which can lead to a Cross Site Scripting vulnerability XSS. A separate fix for Drupal core has been released bu...

The vulnerability of the ate_iwpriv_set() and ate_ifconfig_set() functions (/goform/ate) in the Tenda AC1206 router microprogramming software allows a hacker to execute arbitrary commands.

The vulnerability of the ateiwprivset and ateifconfigset functions /goform/ate of the Tenda AC1206 router software is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

Cross-site Scripting (XSS)

Overview NuGetGallery is a Core support library for NuGet Gallery Frontend and Backend. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to missing sanitization of autolinks. Details Cross-site scripting or XSS is a code vulnerability that occurs when an attacker...

PT-2024-24136 · WordPress · Post Blocks +5

Name of the Vulnerable Software and Affected Versions: Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks plugin for WordPress versions up to, and including, 2.2.80 Description: The issue is related to Stored Cross-Site Scripting due to insufficient...

The vulnerability of NETGEAR RAX30 network interface cards’ UPnP microprogramming service allows a hacker to execute arbitrary code.

The vulnerability of NETGEAR RAX30 microprogrammed software routing devices stems from the lack of measures taken to sanitize data at the management level. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the hashFirst() function in GoAhead’s embedded web server software for Robustel R1510 VPN routers allows a hacker to cause a service failure.

The vulnerability of the hashFirst function in GoAhead’s embedded web server-based VPN router software, Robustel R1510, is related to the lack of measures taken to sanitize input data. Exploiting this vulnerability could allow a malicious actor to trigger a service failure by sending a specially...

The vulnerability of NETGEAR’s integrated routing software, including models like RBK752, RBR750, RBS750, RBK852, RBR850, and RBS850, stems from the lack of measures to sanitize input data. This allows attackers to execute arbitrary commands.

The vulnerability of NETGEAR’s integrated routing software, including models like RBK752, RBR750, RBS750, RBK852, RBR850, and RBS850, stems from the lack of measures to sanitize input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of the Tivoli Storage Manager FastBack data management program allows a hacker to execute arbitrary code.

The vulnerability of the Tivoli Storage Manager FastBack data management program is related to the lack of measures for cleaning incoming data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...