Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the Display template option of the Set field type, where user-supplied input is processed by the $interpolate function and rendered via Vue's v-html directive without proper sanitization. An attacker can...

Cockpit CMS: Stored cross-site scripting vulnerability in the Set field type's Display template option

Cockpit CMS through version 2.14.0, patched in commit 72a83fc, contains a stored cross-site scripting vulnerability in the Set field type's Display template option, where the template string is processed by the $interpolate function using new Function and rendered via Vue's v-html directive witho...

GHSA-CH4J-VCF5-58X5 Cockpit CMS: Stored cross-site scripting vulnerability in the Set field type's Display template option

Cockpit CMS through version 2.14.0, patched in commit 72a83fc, contains a stored cross-site scripting vulnerability in the Set field type's Display template option, where the template string is processed by the $interpolate function using new Function and rendered via Vue's v-html directive witho...

CVE-2026-23695 Cockpit CMS 2.14.0 Stored XSS via Set Field Display Template

Cockpit CMS through version 2.14.0, patched in commit 72a83fc, contains a stored cross-site scripting vulnerability in the Set field type's Display template option, where the template string is processed by the $interpolate function using new Function and rendered via Vue's v-html directive witho...

CVE-2026-23695 Cockpit CMS 2.14.0 Stored XSS via Set Field Display Template

Cockpit CMS through version 2.14.0, patched in commit 72a83fc, contains a stored cross-site scripting vulnerability in the Set field type's Display template option, where the template string is processed by the $interpolate function using new Function and rendered via Vue's v-html directive witho...

CVE-2026-23695

Cockpit CMS

EUVD-2026-30556

Cockpit CMS through version 2.14.0, patched in commit 72a83fc, contains a stored cross-site scripting vulnerability in the Set field type's Display template option, where the template string is processed by the $interpolate function using new Function and rendered via Vue's v-html directive witho...

PT-2026-41318

Cockpit CMS through version 2.14.0, patched in commit 72a83fc, contains a stored cross-site scripting vulnerability in the Set field type's Display template option, where the template string is processed by the $interpolate function using new Function and rendered via Vue's v-html directive witho...

EUVD-2026-29952

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.9.8.4. This is due to the plugin not properly verifying that a user is authorized to perform an action via the pmsetgrouporder, pmsetgroupitem...

CVE-2026-4607 ProfileGrid <= 5.9.8.4 - Missing Authorization to Authenticated (Subscriber+) Group Settings Modification

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.9.8.4. This is due to the plugin not properly verifying that a user is authorized to perform an action via the pmsetgrouporder, pmsetgroupitem...

EUVD-2025-24611

Malicious code in bioql PyPI...

CVE-2024-31165

Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation ONF libfluid libfluidmsg module. This vulnerability is associated with program routine fluidmsg::of13::SetFieldAction::unpack. This issue affects libfluid: 0.1.0...

libfluid 安全漏洞

libfluid is an Open Networking open source application. A security vulnerability exists in libfluid that stems from the fact that the fluidmsg::of13::SetFieldAction::unpack routine contains a null pointer dereference vulnerability caused by an unchecked return value...

PT-2024-40066 · Packagist · Silverstripe/Framework

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: The issue concerns lists of key/value pairs assigned to OptionsetField or CheckboxSetField that lack a default casting. This can lead to a potential XSS vulnerability when either th...

CVE-2018-14740

An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A SEGV can occur in setfieldone in bootstrap.c while making a query...