EUVD-2026-26959

Cross Site Scripting vulnerability in Pluck CMS before v.4.7.21dev allows a remote attacker to escalate privileges via the editpage.php and the sanitizePageContent function...

CVE-2023-26448

Custom log-in and log-out locations are used-defined as jslob but were not checked to contain malicious protocol handlers. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface and API. To exploit...

Code injection

Custom log-in and log-out locations are used-defined as jslob but were not checked to contain malicious protocol handlers. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface and API. To exploit...

CVE-2021-4038

Cross Site Scripting XSS vulnerability in McAfee Network Security Manager NSM prior to 10.1 Minor 7 allows a remote authenticated administrator to embed a XSS in the administrator interface via specially crafted custom rules containing HTML. NSM did not correctly sanitize custom rule content in a...

Remote code execution

A remote code execution vulnerability exists in Skype for Business when the software fails to sanitize specially crafted content, aka "Skype for Business Remote Code Execution Vulnerability"...

Microsoft Lync Server Information Disclosure (MS14-032; CVE-2014-1823)

An information disclosure vulnerability exists when Lync Server fails to properly sanitize specially crafted content. The vulnerability is caused when Lync Server does not properly sanitize specially crafted content. An attacker who successfully exploited this vulnerability could potentially...