PT-2026-28581

Name of the Vulnerable Software and Affected Versions Express XSS Sanitizer versions prior to 2.0.2 Express XSS Sanitizer versions 4.x and 5.x Description Express XSS Sanitizer, middleware for Express 4.x and 5.x, sanitizes user input data in req.body, req.query, req.headers, and req.params to...

EUVD-2024-42515

Malicious code in bioql PyPI...

Cross Site Scripting

rails-html-sanitizer is vulnerable to Cross Site Scripting. The vulnerability is due to a flaw in the sanitization logic, allowing crafted malicious payloads to be treated as safe. Attackers can use this to include dangerous HTML or scripts in sanitized content, potentially resulting in Cross-Sit...

CVE-2024-47530 Scout contains an Open Redirect on Login via `next`

Scout is a web-based visualizer for VCF-files. Open redirect vulnerability allows performing phishing attacks on users by redirecting them to malicious page. /login API endpoint is vulnerable to open redirect attack via next parameter due to absence of sanitization logic. Additionally, due to lac...

CVE-2023-29199

A flaw was found in the vm2 sandbox. When exception handling is triggered, the sanitization logic is not managed with proper exception handling. This issue may allow an attacker to bypass the sandbox protections which can lead to remote code execution on the hypervisor host or the host which is...

Cross-site Scripting (XSS)

tinymce is vulnerable to cross-site scripting XSS. The vulnerability exists through the URL sanitization logic of the SaxParser...