CVE-2026-47348

Editors with access to create or modify page content were able to include HTML markup in page titles that were stored in the search index without sanitization. When displayed in frontend search results via the Indexed Search plugin, these titles were rendered without proper output encoding,...

Exploit for Improper Access Control in Fortinet Forticlientems

CVE-2026-35616 - Fortinet FortiClientEMS 7.4.5 Unauthenticated...

CVE-2026-47348 TYPO3 CMS - Cross-Site Scripting in Indexed Search

Editors with access to create or modify page content were able to include HTML markup in page titles that were stored in the search index without sanitization. When displayed in frontend search results via the Indexed Search plugin, these titles were rendered without proper output encoding,...

CVE-2026-47348

CVE-2026-47348 describes a Cross-Site Scripting vulnerability in TYPO3 CMS where editors could insert HTML into page titles stored in the search index; when rendered in frontend search results via the Indexed Search plugin, the titles were not properly output-encoded. Affected: TYPO3 CMS versions...

CVE-2026-47348 TYPO3 CMS - Cross-Site Scripting in Indexed Search

Editors with access to create or modify page content were able to include HTML markup in page titles that were stored in the search index without sanitization. When displayed in frontend search results via the Indexed Search plugin, these titles were rendered without proper output encoding,...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the notification emails. An attacker can inject arbitrary HTML content into emails sent to other users by submitting specially crafted input. Details Cross-site scripting or XSS is a code vulnerability that...

CVE-2026-41031

A Stored Cross-Site Scripting vulnerability in Vinna Process Monitor Version 4.0 Service Pack 1 Build 63255 allows an authenticated remote attacker with low privileges to inject malicious JavaScript code into the application. This enables attackers to steal administrative access tokens and sessio...

CVE-2026-41031 A Stored Cross-Site Scripting (XSS) vulnerability occurs in Vinna Process Monitor

A Stored Cross-Site Scripting vulnerability in Vinna Process Monitor Version 4.0 Service Pack 1 Build 63255 allows an authenticated remote attacker with low privileges to inject malicious JavaScript code into the application. This enables attackers to steal administrative access tokens and sessio...

CVE-2026-41031

CVE-2026-41031 describes a Stored Cross-Site Scripting vulnerability in Vinna Process Monitor 4.0 SP1 (Build 63255) . An authenticated, low-privilege attacker can inject malicious JavaScript to access tokens and session credentials. Public metadata lists CVSS v3.1 base score 8.7 (HIGH) with netwo...

CVE-2026-41031 A Stored Cross-Site Scripting (XSS) vulnerability occurs in Vinna Process Monitor

A Stored Cross-Site Scripting vulnerability in Vinna Process Monitor Version 4.0 Service Pack 1 Build 63255 allows an authenticated remote attacker with low privileges to inject malicious JavaScript code into the application. This enables attackers to steal administrative access tokens and sessio...

WordPress Ad Inserter – Ad Manager & AdSense Ads plugin <= 2.8.15 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by darkmode in WordPress Plugin Ad Inserter versions = 2.8.15...

WordPress Integration for Freshsales – Contact Form 7, WPForms, Elementor, Gravity Forms and More plugin <= 1.0.15 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by PeterPatter - - in WordPress Plugin Integration for Freshsales – Contact Form 7, WPForms, Elementor, Gravity Forms and More versions = 1.0.15...

WordPress All-In-One Security (AIOS) – Security and Firewall plugin <= 5.4.7 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin All In One WP Security & Firewall versions = 5.4.7...

CVE-2026-8599

The MailerPress – Email Marketing, Newsletter, Email Automation & WooCommerce Emails plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Campaign HTML Content Field in all versions up to, and including, 2.0.4 due to insufficient input sanitization and output escaping. This makes...

CVE-2026-8677

The Prime Elementor Addons – Lightweight Elementor Widgets for Faster Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Widget HTML Tag Settings in all versions up to, and including, 1.3.3 due to insufficient input sanitization and output escaping. This makes it possible...

CVE-2026-25688

Improper Neutralization of Alternate XSS Syntax vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. AI-generated response content was rendered in the browser without proper sanitization, allowing malicious scripts to be executed when the content was viewed. Users are...

CVE-2026-41724

VMware Cloud Foundation Operations contains multiple stored cross-site scripting vulnerabilities.A malicious actor with privileges to create policies, views or text-widgets may be able to inject scripts to perform administrative actions in VMware Cloud Foundation Operations...

CVE-2026-11491

A vulnerability was identified in CodeAstro Human Resource Management System 1.0. Impacted is an unknown function of the file /notice/Allnotice of the component Notice Board Management. Such manipulation of the argument Notice Title with the input as part of POST leads to cross site scripting. It...

CVE-2026-41722

VMware Cloud Foundation Operations contains multiple stored cross-site scripting vulnerabilities.A malicious actor with privileges to create policies, views or text-widgets may be able to inject scripts to perform administrative actions in VMware Cloud Foundation Operations...

CVE-2026-41723

VMware Cloud Foundation Operations contains multiple stored cross-site scripting vulnerabilities.A malicious actor with privileges to create policies, views or text-widgets may be able to inject scripts to perform administrative actions in VMware Cloud Foundation Operations...