61 matches found
CVE-2026-49276 Kirby: Self cross-site scripting (self-XSS) in the writer field
Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, Kirby sites using the writer field in any blueprint allowed a scripting link to be included as the target of a link or email link in writer mark components, making the target clickable by the user who entered it and...
PT-2026-50721
Name of the Vulnerable Software and Affected Versions Kirby versions prior to 4.9.4 Kirby versions prior to 5.4.4 Description Kirby sites using the writer field in any blueprint are susceptible to cross-site scripting XSS. The link and email marks within the writer components fail to prevent the...
PYSEC-2026-105
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to version 7.0.0, the Command Sender UI uses an unsafe eval function on array-like command parameters, which allows a user-supplied payload to execute in the browser when...
CVE-2026-42086 OpenC3 COSMOS: Self-XSS in the Command Sender
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to version 7.0.0, the Command Sender UI uses an unsafe eval function on array-like command parameters, which allows a user-supplied payload to execute in the browser when...
CVE-2026-7015 MaxSite CMS Guestbook Plugin cross site scripting
A vulnerability has been found in MaxSite CMS up to 109.3. This issue affects some unknown processing of the component Guestbook Plugin. Such manipulation of the argument ftext/fslug/flimit/femail leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed t...
CVE-2026-28355
Canarytokens help track activity and actions on a network. Versions prior to sha-7ff0e12 have a Self Cross-Site Scripting vulnerability in the "PWA" Canarytoken, whereby the Canarytoken's creator can attack themselves or someone they share the link with. The creator of a PWA Canarytoken can inser...
CVE-2026-28355 "PWA" Canarytoken Vulnerable to Stored Self Cross-Site Scripting
Canarytokens help track activity and actions on a network. Versions prior to sha-7ff0e12 have a Self Cross-Site Scripting vulnerability in the "PWA" Canarytoken, whereby the Canarytoken's creator can attack themselves or someone they share the link with. The creator of a PWA Canarytoken can inser...
CVE-2026-28355
Canarytokens help track activity and actions on a network. Versions prior to sha-7ff0e12 have a Self Cross-Site Scripting vulnerability in the "PWA" Canarytoken, whereby the Canarytoken's creator can attack themselves or someone they share the link with. The creator of a PWA Canarytoken can inser...
CVE-2019-7171
A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/blocks/blocks/edit/8...
Self Cross-Site Scripting (Self-XSS)
privatebin/privatebin is vulnerable to self cross-site scripting Self-XSS. The vulnerability is due to improper handling and reflection of HTML content in filenames via the drag-and-drop helper, which allows an attacker to trick a macOS or Linux user into attaching a maliciously crafted file and...
privatebin XSS
privatebin reports: Dragging a file whose filename contains HTML is reflected verbatim into the page via the drag-and-drop helper, so any user who drops a crafted file on PrivateBin will execute arbitrary JavaScript within their own session self-XSS. This allows an attacker who can entice a victi...
EUVD-2018-20684
Malware in sbrugna...
EUVD-2020-29160
Malware in sbrugna...
EUVD-2017-16814
Malware in sbrugna...
EUVD-2021-31050
Malicious code in bioql PyPI...
EUVD-2025-9623
Malicious code in bioql PyPI...
EUVD-2025-22334
Malicious code in bioql PyPI...
EUVD-2022-51987
Malicious code in bioql PyPI...
EUVD-2023-52725
Malicious code in bioql PyPI...
CVE-2025-51863
Self Cross Site Scripting XSS vulnerability in ChatGPT Unli ChatGPTUnli.com thru 2025-05-26 allows attackers to execute arbitrary code via a crafted SVG file to the chat interface...