Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the DataTable widget when a query parameter is rendered without proper output escaping. An attacker can execute arbitrary scripts in the context of the user's browser by tricking a user into visiting a craft...

CVE-2026-41456

Bludit CMS prior to commit 6732dde contains a reflected cross-site scripting vulnerability in the search plugin that allows unauthenticated attackers to inject arbitrary JavaScript by crafting a malicious search query. Attackers can execute malicious scripts in the browsers of users who visit...

Malicious code in build-metadata-logger (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 be01b550f3d8914aa6bd8659c9a410054e4e0bf9203d33e93478eb444e957b55 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Oracle Fusion Middleware 安全漏洞

Oracle Fusion Middleware is a suite of middleware products for building and deploying enterprise-class applications, integrations and business processes. A cross-site scripting vulnerability exists in the Dynamic Monitoring Service component of Oracle Fusion Middleware. The vulnerability stems fr...

CVE-2026-40321

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 10.2.2, a user could upload a specially crafted SVG file that could include scripts that can target both authenticated and unauthenticated DNN users. The impact is increased ...

CVE-2026-32963

CVE-2026-32963 affects Silex SD-330AC and related AMC Manager devices; connected data indicates a client-side code execution issue (documenting as CVE-2026-32963) tied to BRIDGE:BREAK disclosures. The public write-ups describe exploitation of serial-to-IP converters and indicate that vendors (inc...

📄 Remote Sunrise Helper for Windows 2026.14 Remote Code Execution

Remote Sunrise Helper for Windows version 2026.14 suffers from an unauthenticated remote code execution vulnerability. Exploit Title: Remote Sunrise Helper for Windows 2026.14 - Unauthenticated Remote Code Execution Date: 2026-04-20 Exploit Author: Chokri Hammedi Software:...

PT-2026-33819

Cross Site Scripting vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1.1 in the visname parameter of visitors-form.php. An authenticated attacker can inject arbitrary JavaScript that is later executed when the malicious input is viewed in...

CVE-2026-40262

Note Mark is an open-source note-taking application. In versions 0.19.1 and prior, the asset delivery handler serves uploaded files inline and relies on magic-byte detection for content type, which does not identify text-based formats such as HTML, SVG, or XHTML. These files are served with an...

October CMS Has Stored XSS In Event Log Mail Preview

A stored cross-site scripting XSS vulnerability was identified in the Event Log mail preview feature. When viewing logged mail messages, HTML content was rendered in an iframe without proper sandboxing, allowing JavaScript execution in the viewer's browser context. Impact - Stored XSS via mail...

CVE-2026-40321

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 10.2.2, a user could upload a specially crafted SVG file that could include scripts that can target both authenticated and unauthenticated DNN users. The impact is increased ...

EUVD-2026-23494

Anviz CX2 Lite and CX7 are vulnerable to unverified update packages that can be uploaded. The device unpacks and executes a script resulting in unauthenticated remote code execution...

Dell PowerProtect Data Domain 安全漏洞

The Dell PowerProtect Data Domain is a data protection-specific storage device designed for efficient backup, archiving and disaster recovery. A cross-site scripting vulnerability exists in Dell PowerProtect Data Domain. The vulnerability stems from a failure to properly handle user input and can...

Note Mark 安全漏洞

Note Mark is a web-based Markdown note-taking application developed by Leo Spratt. Versions of Note Mark prior to 0.19.1 contained security vulnerabilities. These vulnerabilities stemmed from the asset delivery handler’s inline handling of uploaded files and its reliance on magic bytes to detect...

CVE-2024-4867

The WSO2 API Manager developer portal accepts user-supplied input without enforcing expected validation constraints or proper output encoding. This deficiency allows a malicious actor to inject script content that is executed within the context of a user's browser. By leveraging this cross-site...

GROWI vulnerable to stored cross-site scripting

Overview GROWI provided by GROWI, Inc. contains the following vulnerability. Stored cross-site scripting CWE-79 - CVE-2026-26291 Norihide Saito reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary...

CVE-2026-26291

Stored cross-site scripting vulnerability exists in GROWI v7.4.6 and earlier. If this vulnerability is exploited, an arbitrary script may be executed in a user's web browser...

GHSA-J4J5-9X6G-RGXC October CMS has Stored XSS in Event Log Mail Preview

A stored cross-site scripting XSS vulnerability was identified in the Event Log mail preview feature. When viewing logged mail messages, HTML content was rendered in an iframe without proper sandboxing, allowing JavaScript execution in the viewer's browser context. Impact - Stored XSS via mail...

Malicious code in gate-apis (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 720c6a00b12826104b04d6b90dc651d5c669532946a36d8c36e3dff5fd5edb6d Clones of legitimate libraries with malicious modifications intended to download malicious remote code. The remote script allows executing arbitrary files...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the user name field. An attacker can execute arbitrary code in the context of any user who passively visits a comment page by injecting malicious scripts. Details Cross-site scripting or XSS is a code...