GHSA-F5P7-2C9Q-8896 phpMyFAQ has Stored XSS in FAQ Question/Answer via Encode-Decode Bypass of removeAttributes() Sanitization

Summary The FAQ creation and update endpoints in phpMyFAQ apply FILTERSANITIZESPECIALCHARS which HTML-encodes input, then immediately call htmlentitydecode which reverses the encoding, followed by Filter::removeAttributes which only strips HTML attributes — not tags. This allows , , , and tags to...

Cross-site Scripting (XSS)

Overview @marko/runtime-tags is an Optimized runtime for Marko templates. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the handling of interpolated values within or tags due to improper case-insensitive detection of closing tags. An attacker can execute arbitrar...

PT-2026-3102

An SSR XSS exists in async hydration when attacker‑controlled keys are passed to hydratable. The key is embedded inside a block without HTML‑safe escaping, allowing to terminate the script and inject arbitrary JavaScript. This enables remote script execution in users' browsers, with potential for...

WordPress Taeggie Feed Cross-Site Scripting Vulnerability

WordPress Taeggie Feed is a plugin on WordPress that is mainly used to integrate social media content into a website, supporting dynamic syndication on platforms like Facebook, Instagram, Twitter and LinkedIn. WordPress Taeggie Feed suffers from a cross-site scripting vulnerability that originate...

WordPress plugin Taeggie Feed 跨站脚本漏洞

WordPress Taeggie Feed is a plugin on WordPress that is mainly used to integrate social media content into a website, supporting dynamic syndication on platforms like Facebook, Instagram, Twitter and LinkedIn. WordPress Taeggie Feed suffers from a cross-site scripting vulnerability that originate...

CVE-2022-38771

The mobile application in Transtek Mojodat FAM Fixed Asset Management 2.4.6 allows remote attackers to send SCRIPT tags as injected input to the API request...

CVE-2022-38771

The mobile application in Transtek Mojodat FAM Fixed Asset Management 2.4.6 allows remote attackers to send SCRIPT tags as injected input to the API request...

Transtek Mojodat FAM SQL注入漏洞

Transtek Mojodat FAM is a Fixed Asset Management software from Transtek Lebanon. A security vulnerability exists in Transtek Mojodat FAM Fixed Asset Management version 2.4.6, which stems from a vulnerability that allows remote attackers to send SCRIPT tags as injected input to API requests...

CVE-2022-25238

Silverstripe silverstripe/framework through 4.10.0 allows XSS, inside of script tags that can can be added to website content via XHR by an authenticated CMS user if the cwp-core module is not installed on the sanitiseserverside contig is not set to true in project code...

CVE-2020-8966

There is an Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in php webpages of Tiki-Wiki Groupware. Tiki-Wiki CMS all versions through 20.0 allows malicious users to cause the injection of malicious code fragments scripts into a legitimate web page...

openSUSE 10 Security Update : qt (qt-3050)

qt wrongly accepts overly long UTF-8 sequences due to a bug in the UTF-8 decoder. This may lead to security problems unter certain circumstances. The bug for example allows for script tag injection in konqueror CVE-2007-0242. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive te...

openSUSE 10 Security Update : libqt4 (libqt4-3056)

qt wrongly accepts overly long UTF-8 sequences due to a bug in the UTF-8 decoder. This may lead to security problems unter certain circumstances. The bug for example allows for script tag injection in konqueror CVE-2007-0242. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive te...