CVE-2026-1011

A stored cross-site scripting XSS vulnerability exists in the Altium Support Center AddComment endpoint due to missing server-side input sanitization. Although the client interface applies HTML escaping, the backend accepts and stores arbitrary HTML and JavaScript supplied via modified POST...

CVE-2026-21451 Bagisto has HTML Filter Bypass that Enables Stored XSS

Bagisto is an open source laravel eCommerce platform. A stored Cross-Site Scripting XSS vulnerability exists in Bagisto prior to version 2.3.10 within the CMS page editor. Although the platform normally attempts to sanitize tags, the filtering can be bypassed by manipulating the raw HTTP POST...

EUVD-2022-34531

Malicious code in bioql PyPI...

EUVD-2021-9787

Malicious code in bioql PyPI...

CVE-2023-41710

User-defined script code could be stored for a upsell related shop URL. This code was not correctly sanitized when adding it to DOM. Attackers could lure victims to user accounts with malicious script code and make them execute it in the context of a trusted domain. We added sanitization for this...

Zyxel NBG-418N v2 跨站脚本漏洞

The Zyxel NBG-418N v2 is a wireless router from China Hopkins Zyxel. A security vulnerability exists in the Zyxel NBG-418N v2 firmware version prior to V1.00. An attacker has exploited the vulnerability to store malicious scripts using web management interface parameters, which could lead to a...

CVE-2022-2254 Distributed Data Systems WebHMI Cross-site Scripting

A user with administrative privileges in Distributed Data Systems WebHMI 4.1.1.7662 can store a script that could impact other logged in users...