PT-2026-41363

phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in search.twig where result.question and result.answerPreview are rendered with the raw filter, disabling autoescape protection. Attackers with FAQ editor privileges can inject HTML-entity-encoded payloads that bypass html...

CVE-2026-45148

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, broken access control in the searchAsset, searchTag, searchWidget, and searchTemplate publish-mode Readers can enumerate metadata from documents that are invisible to the publish service. This vulnerability is fixed in...

phpMyFAQ has stored XSS via | raw Filter in search.twig — html_entity_decode(strip_tags()) Bypass in Search Result Rendering

Summary The search result rendering template search.twig outputs FAQ content fields result.question and result.answerPreview using Twig's | raw filter, which completely disables the template engine's built-in auto-escaping. A user with FAQ editor/contributor privileges can store a payload encoded...

Cross-site Scripting (XSS)

Overview phpmyfaq/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Cross-site Scripting XSS via the search.twig template and the process that decodes and renders user-supplied content without proper sanitization. An...

PT-2024-11775 · Logpoint · Logpoint

Name of the Vulnerable Software and Affected Versions: Logpoint versions prior to 7.1.1 Description: An issue was discovered in the search template of Logpoint, where template injection was seen. The search template uses jinja templating for generating dynamic data, which could be abused to achie...

Logpoint 安全漏洞

Logpoint is a network security application from the Danish company Logpoint. A security vulnerability exists in Logpoint versions prior to 7.1.1, which stems from a template injection vulnerability in the search template function...

Atlassian Jira Server/Data Center 8.16.0 - Reflected Cross-Site Scripting Vulnerability

Exploit Title: Atlassian Jira Server/Data Center 8.16.0 - Reflected Cross-Site Scripting XSS Exploit Author: CAPTAINHOOK Vendor Homepage: https://www.atlassian.com/ Software Link: https://www.atlassian.com/software/jira/download/data-center Version: versions 8.5.14, 8.6.0 ≤ version 8.13.6, 8.14.0...

Vulnerability in Search Template Leads to Reflected XSS JIRA Software Server - CVE-2021-26078

Affected versions of Jira Server and Jira Data Center have a XSS vulnerability in the number range searcher component which allows remote attackers to inject arbitrary HTML or JavaScript. Affected versions: versions 8.5.14 8.6.0 ≤ version 8.13.6 8.14.0 ≤ version 8.16.1 Fixed versions: 8.5.14...

Vulnerability in Search Template Leads to Reflected XSS JIRA Software Server - CVE-2021-26078

Affected versions of Jira Server and Jira Data Center have a XSS vulnerability in the number range searcher component which allows remote attackers to inject arbitrary HTML or JavaScript. Affected versions: versions 8.5.14 8.6.0 ≤ version 8.13.6 8.14.0 ≤ version 8.16.1 Fixed versions: 8.5.14...

CVE-2008-1953

Cross-site scripting XSS vulnerability in the Sitedesigner before 1.1.5 search template in Magnolia Enterprise Edition allows remote attackers to inject arbitrary web script or HTML via the query parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from...