CVE-2026-44541

CVE-2026-44541 affects Fides, an open-source privacy engineering platform. A DOM-based XSS exists in the client-side script fides.js when HTML-formatted descriptions are enabled, reachable from version 2.33.0 up to before 2.84.5. The vulnerability is triggered via the fides_description override, ...

CVE-2026-44541 Fides: DOM-based XSS vulnerability in fides.js via fides_description override

Fides is an open-source privacy engineering platform. From version 2.33.0 to before version 2.84.5, there is a DOM-based XSS vulnerability in fides.js via the fidesdescription override. This issue has been patched in version 2.84.5...

CVE-2026-44541 Fides: DOM-based XSS vulnerability in fides.js via fides_description override

Fides is an open-source privacy engineering platform. From version 2.33.0 to before version 2.84.5, there is a DOM-based XSS vulnerability in fides.js via the fidesdescription override. This issue has been patched in version 2.84.5...

EUVD-2026-35201

Fides is an open-source privacy engineering platform. From version 2.33.0 to before version 2.84.5, there is a DOM-based XSS vulnerability in fides.js via the fidesdescription override. This issue has been patched in version 2.84.5...

TYPO3-CORE-SA-2026-006: TYPO3 HTML Sanitizer allows Cross-Site Scripting

More info at https://typo3.org/security/advisory/typo3-core-sa-2026-006...

TYPO3-CORE-SA-2026-006: TYPO3 HTML Sanitizer allows Cross-Site Scripting

More info at https://typo3.org/security/advisory/typo3-core-sa-2026-006...

WordPress Prime Elementor Addons – Lightweight Elementor Widgets for Faster Pages plugin <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Romain Deperne ang3L in WordPress Plugin Unlimited Elementor Inner Sections By BoomDevs versions = 1.3.3...

WordPress MailerPress – Email Marketing, Newsletter, Email Automation & WooCommerce Emails plugin <= 2.0.4 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability

Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by Faizan Shaik in WordPress Plugin MailerPress versions = 2.0.4...

CVE-2026-47345

The CVE-2026-47345 issue affects the TYPO3 html-sanitizer component prior to version 2.3.2, where namespace attributes are not encoded correctly during HTML serialization, enabling bypass of the built-in XSS prevention. The underlying impact is a cross-site scripting risk in affected TYPO3 deploy...

CVE-2026-47345

Namespace attributes are not encoded correctly during HTML serialization. This allows bypassing the cross-site scripting prevention mechanism of typo3/html-sanitizer before version 2.3.2...

CVE-2026-47345 TYPO3 HTML Sanitizer allows Cross-Site Scripting

Namespace attributes are not encoded correctly during HTML serialization. This allows bypassing the cross-site scripting prevention mechanism of typo3/html-sanitizer before version 2.3.2...

CVE-2026-47345 TYPO3 HTML Sanitizer allows Cross-Site Scripting

Namespace attributes are not encoded correctly during HTML serialization. This allows bypassing the cross-site scripting prevention mechanism of typo3/html-sanitizer before version 2.3.2...

CVE-2026-47344 TYPO3 HTML Sanitizer allows Cross-Site Scripting

When ALLOWINSECURERAWTEXT is enabled, whitespace-variant closing tags e.g., are not recognized by the sanitizer but accepted by browsers as valid end tags, allowing subsequent content to escape sanitization. This allows bypassing the cross-site scripting prevention mechanism of typo3/html-sanitiz...

CVE-2026-47344 TYPO3 HTML Sanitizer allows Cross-Site Scripting

When ALLOWINSECURERAWTEXT is enabled, whitespace-variant closing tags e.g., are not recognized by the sanitizer but accepted by browsers as valid end tags, allowing subsequent content to escape sanitization. This allows bypassing the cross-site scripting prevention mechanism of typo3/html-sanitiz...

CVE-2026-11534

A vulnerability was detected in imvks786 studentmanagementsystem up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. Affected by this issue is some unknown functionality of the file /add.php. The manipulation of the argument name/address/fname results in cross site scripting. It is possible to launch...

EUVD-2026-35132

A vulnerability was detected in imvks786 studentmanagementsystem up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. Affected by this issue is some unknown functionality of the file /add.php. The manipulation of the argument name/address/fname results in cross site scripting. It is possible to launch...

CVE-2026-11534 imvks786 student_management_system add.php cross site scripting

A vulnerability was detected in imvks786 studentmanagementsystem up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. Affected by this issue is some unknown functionality of the file /add.php. The manipulation of the argument name/address/fname results in cross site scripting. It is possible to launch...

CVE-2026-11534

A vulnerability was detected in imvks786 studentmanagementsystem up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. Affected by this issue is some unknown functionality of the file /add.php. The manipulation of the argument name/address/fname results in cross site scripting. It is possible to launch...

CVE-2026-11534 imvks786 student_management_system add.php cross site scripting

A vulnerability was detected in imvks786 studentmanagementsystem up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. Affected by this issue is some unknown functionality of the file /add.php. The manipulation of the argument name/address/fname results in cross site scripting. It is possible to launch...

CVE-2026-11534

Technical details about this CVE are not publicly available in the provided documents. Monitor for updates.