Lucene search
+L

6 matches found

OSV
OSV
added 2026/06/29 11:50 a.m.7 views

PYSEC-2026-301 Bugsink is vulnerable to Stored XSS via Pygments fallback in stacktrace rendering

Summary An unauthenticated attacker who can submit events to a Bugsink project can store arbitrary JavaScript in an event. The payload executes only if a user explicitly views the affected Stacktrace in the web UI. Details When Pygments returns more lines than it was given a known upstream quirk...

9.3CVSS6AI score0.00286EPSS
Exploits1References7
EUVD
EUVD
added 2026/06/05 9:43 p.m.14 views

EUVD-2026-31861

Bugsink: Issue event views can show an event from another project if its UUID is known...

3.1CVSS5.4AI score0.00154EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/02/26 4:15 a.m.8 views

CVE-2026-27614

Bugsink is a self-hosted error tracking tool. In versions prior to 2.0.13, an unauthenticated attacker who can submit events to a Bugsink project can store arbitrary JavaScript in an event. The payload executes only if a user explicitly views the affected Stacktrace in the web UI. When Pygments...

9.3CVSS5.7AI score0.00286EPSS
Exploits1References1
NVD
NVD
added 2026/02/25 3:16 a.m.17 views

CVE-2026-27614

Bugsink is a self-hosted error tracking tool. In versions prior to 2.0.13, an unauthenticated attacker who can submit events to a Bugsink project can store arbitrary JavaScript in an event. The payload executes only if a user explicitly views the affected Stacktrace in the web UI. When Pygments...

9.3CVSS0.00286EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/02/25 2:31 a.m.5 views

CVE-2026-27614

Bugsink is a self-hosted error tracking tool. In versions prior to 2.0.13, an unauthenticated attacker who can submit events to a Bugsink project can store arbitrary JavaScript in an event. The payload executes only if a user explicitly views the affected Stacktrace in the web UI. When Pygments...

9.3CVSS5.7AI score0.00286EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/25 12:0 a.m.14 views

PT-2026-21841

Name of the Vulnerable Software and Affected Versions Bugsink versions prior to 2.0.13 Description Bugsink is a self-hosted error tracking tool affected by a stored cross-site scripting XSS issue. An unauthenticated attacker who can submit events to a Bugsink project can store arbitrary JavaScrip...

9.3CVSS6AI score0.00286EPSS
Exploits1References16
Rows per page
Query Builder