222110 matches found
tomcat: Apache Tomcat: Security constraint bypass for CGI scripts
A flaw was found in the CGI servlet component of Apache Tomcat. This vulnerability allows a security constraint bypass via improper handling of case sensitivity in the pathInfo component of a URI mapped to the CGI servlet...
UBUNTU-CVE-2026-2032
Malicious scripts that interrupt new tab page loading could cause desynchronization between the address bar and page content, allowing the attacker to spoof arbitrary HTML under a trusted domain. This vulnerability was fixed in Firefox for iOS 147.2.1...
CVE-2026-2032
Malicious scripts that interrupt new tab page loading could cause desynchronization between the address bar and page content, allowing the attacker to spoof arbitrary HTML under a trusted domain. This vulnerability affects Firefox for iOS 147.2.1...
CVE-2026-2032
CVE-2026-2032 details (Firefox for iOS): Malicious scripts can interrupt the loading of a new tab page, causing desynchronization between the address bar and page content and enabling spoofing of arbitrary HTML under a trusted domain. Affected product: Firefox for iOS versions older than 147.2.1....
CVE-2026-2032
Malicious scripts that interrupt new tab page loading could cause desynchronization between the address bar and page content, allowing the attacker to spoof arbitrary HTML under a trusted domain. This vulnerability was fixed in Firefox for iOS 147.2.1...
pretix-tracking-scripts (>=1.0.0 <=1.0.1) potentially affected by CVE-2026-2415 via pretix (=2024.11.0)
pretix PYPI version =2024.11.0 is affected by a known vulnerability. The following packages have a transitive dependency on pretix and may be impacted: - pretix-tracking-scripts =1.0.0, =1.0.1 Source cves: CVE-2026-2415 Source advisory: OSV:GHSA-R8P8-QW9W-J9QV...
CVE-2025-59903
Stored Cross-Site Scripting XSS vulnerability in Kubysoft, where uploaded SVG images are not properly sanitized. This allows attackers to embed malicious scripts within SVG files as visual content, which are then stored on the server and executed in the context of any user accessing the compromis...
CVE-2025-59903 Stored Cross-Site Scripting (XSS) in Kubysoft
Stored Cross-Site Scripting XSS vulnerability in Kubysoft, where uploaded SVG images are not properly sanitized. This allows attackers to embed malicious scripts within SVG files as visual content, which are then stored on the server and executed in the context of any user accessing the compromis...
CVE-2025-59905
Cross-Site Scripting XSS vulnerability reflected in Kubysoft, which occurs through multiple parameters within the endpoint ‘/node/kudaby/nodeFN/procedure’. This flaw allows the injection of arbitrary client-side scripts, which are immediately reflected in the HTTP response and executed in the...
PT-2026-8326
Stored Cross-Site Scripting XSS vulnerability in Kubysoft, where uploaded SVG images are not properly sanitized. This allows attackers to embed malicious scripts within SVG files as visual content, which are then stored on the server and executed in the context of any user accessing the compromis...
CVE-2019-25371
OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient input validation in the host parameter. Attackers can submit crafted POST requests to the diagping.php endpoint with script payloads i...
CVE-2019-25371 OPNsense 19.1 Reflected XSS via diag_ping.php
OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient input validation in the host parameter. Attackers can submit crafted POST requests to the diagping.php endpoint with script payloads i...
EUVD-2019-19426
OPNsense 19.1 contains a stored cross-site scripting vulnerability in the systemadvancedsysctl.php endpoint that allows attackers to inject persistent malicious scripts via the tunable parameter. Attackers can submit POST requests with script payloads that are stored and executed in the context o...
Deciso OPNsense 跨站脚本漏洞
Deciso OPNsense is a set of open-source firewall and routing software based on FreeBSD developed by the Dutch company Deciso. Version Decivo OPNsense 19.1 contains a cross-site scripting vulnerability. This vulnerability stems from the tunable parameter in the systemadvancedsysctl.php endpoint,...
CVE-2026-1754 personal-authors-category <= 0.3 - Reflected Cross-Site Scripting
The personal-authors-category plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the URL path in all versions up to, and including, 0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
Fedora 43 : linux-sgx (2026-a84e0ad039)
The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-a84e0ad039 advisory. Update nodejs modules used by pccs daemon for CVE-2026-23745, CVE-2026-23950, CVE-2026-24842, CVE-2025-13465, CVE-2025-15284. Remove Fedora override...
PT-2026-8051
The Simple Wp colorfull Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' parameter in the 'accordion' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
PT-2026-7996
A cross-site scripting XSS vulnerability in the Generate Item Barcode function of OpenSourcePOS v3.4.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Item Category parameter...
CVE-2025-70094
A cross-site scripting XSS vulnerability in the Generate Item Barcode function of OpenSourcePOS v3.4.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Item Category parameter...
CVE-2025-70091
A cross-site scripting XSS vulnerability in the Customers function of OpenSourcePOS v3.4.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Phone Number parameter...