Lucene search
+L

30 matches found

NVD
NVD
added 2026/07/01 4:16 p.m.10 views

CVE-2025-15646

HTML::Gumbo versions before 0.19 for Perl disclose heap memory via type confusion. Support for the element was added to libgumbo 0.10.0 in 2015, but the walktree function in lib/HTML/Gumbo.xs was not updated to support it. The element was treated as a text-node, where strlen over-reads the heap...

9.8CVSS0.00663EPSS
Exploits0References4
CVE
CVE
added 2026/07/01 2:38 p.m.35 views

CVE-2025-15646

HTML::Gumbo for Perl before 0.19 is vulnerable to heap memory disclosure via type confusion when parsing documents containing a element. The issue arises because libgumbo’s walk_tree was not updated to support , causing the element to be treated as a text node and enabling strlen() over-read of ...

9.8CVSS5.8AI score0.00663EPSS
Exploits0References4
OSV
OSV
added 2026/07/01 2:38 p.m.4 views

CVE-2025-15646 HTML::Gumbo versions before 0.19 for Perl disclose heap memory via type confusion

HTML::Gumbo versions before 0.19 for Perl disclose heap memory via type confusion. Support for the element was added to libgumbo 0.10.0 in 2015, but the walktree function in lib/HTML/Gumbo.xs was not updated to support it. The element was treated as a text-node, where strlen over-reads the heap...

9.8CVSS5.9AI score0.00663EPSS
Exploits0References8
Snyk
Snyk
added 2026/06/15 8:1 p.m.11 views

Cross-site Scripting (XSS)

Overview org.webjars.npm:dompurify is a DOM-only XSS sanitizer for HTML, MathML and SVG. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the INPLACE function when handling a element containing an element with an attached shadow DOM. An attacker can execute arbitrar...

8.1CVSS6.2AI score0.00388EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.18 views

PT-2026-49559

Name of the Vulnerable Software and Affected Versions DOMPurify affected versions not specified Description An issue exists where the sanitizer skips the contents of a shadow DOM attached to an element inside a element. This allows malicious payloads, such as images with onerror handlers, links...

6.3CVSS6.1AI score0.00388EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/06/05 7:24 p.m.10 views

CVE-2026-8080

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in misp allows Stored XSS. This issue affects MISP before 2.5.37. A stored cross-site scripting vulnerability exists in the template element attribute handling logic. The application accepted...

6.8CVSS5.3AI score0.00139EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/18 1:58 p.m.15 views

CVE-2026-8740

A flaw has been found in Sanluan PublicCMS 5.202506.d. The impacted element is the function execute of the file publiccms-core/src/main/java/com/publiccms/views/directive/tools/TemplateResultDirective.java of the component templateResult API. This manipulation of the argument templateContent caus...

6.5CVSS6.3AI score0.00232EPSS
Exploits0References1
NVD
NVD
added 2026/05/07 12:16 p.m.46 views

CVE-2026-8080

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in misp allows Stored XSS. This issue affects MISP before 2.5.37. A stored cross-site scripting vulnerability exists in the template element attribute handling logic. The application accepted...

6.8CVSS0.00139EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/07 12:7 p.m.41 views

EUVD-2026-28357

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in misp allows Stored XSS. This issue affects MISP before 2.5.37. A stored cross-site scripting vulnerability exists in the template element attribute handling logic. The application accepted...

6.8CVSS5.8AI score0.00139EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/07 12:7 p.m.13 views

CVE-2026-8080

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in misp allows Stored XSS. This issue affects MISP before 2.5.37. A stored cross-site scripting vulnerability exists in the template element attribute handling logic. The application accepted...

6.8CVSS5.8AI score0.00139EPSS
Exploits0References2
CVE
CVE
added 2026/05/07 12:7 p.m.25 views

CVE-2026-8080

CVE-2026-8080 affects MISP core, specifically the old templating engine, where template element attribute type and category values were not validated. This stored XSS vulnerability impacts versions before 2.5.37 and is tied to the old engine later removed in 2.5.38. The CVSS-derived metrics indic...

6.8CVSS5.8AI score0.00139EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/05/07 12:7 p.m.5 views

CVE-2026-8080 MISP core - Stored XSS in MISP template (old engine) element attribute type

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in misp allows Stored XSS. This issue affects MISP before 2.5.37. A stored cross-site scripting vulnerability exists in the template element attribute handling logic. The application accepted...

6.8CVSS5.9AI score0.00139EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/07 12:7 p.m.66 views

CVE-2026-8080 MISP core - Stored XSS in MISP template (old engine) element attribute type

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in misp allows Stored XSS. This issue affects MISP before 2.5.37. A stored cross-site scripting vulnerability exists in the template element attribute handling logic. The application accepted...

6.8CVSS0.00139EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/07 12:7 p.m.9 views

CVE-2026-8080 MISP core - Stored XSS in MISP template (old engine) element attribute type

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in misp allows Stored XSS. This issue affects MISP before 2.5.37. A stored cross-site scripting vulnerability exists in the template element attribute handling logic. The application accepted...

6.8CVSS5.8AI score0.00139EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.28 views

PT-2026-38424

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in misp allows Stored XSS. This issue affects MISP before 2.5.37. A stored cross-site scripting vulnerability exists in the template element attribute handling logic. The application accepted...

6.8CVSS5.8AI score0.00139EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/12/16 11:55 p.m.13 views

CVE-2025-14731

A weakness has been identified in CTCMS Content Management System up to 2.1.2. This affects an unknown function in the library /ctcms/apps/libraries/CTParser.php of the component Frontend/Template Management Module. This manipulation causes improper neutralization of special elements used in a...

7.2CVSS6.6AI score0.00393EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2013-2861

Malware in sbrugna...

6.8CVSS9.3AI score0.01272EPSS
Exploits0References12
RedhatCVE
RedhatCVE
added 2025/05/22 3:27 p.m.17 views

CVE-2020-28947

In MISP 2.4.134, XSS exists in the template element index view because the id parameter is mishandled...

6.1CVSS6AI score0.00802EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2025/03/13 12:0 a.m.8 views

The vulnerability of the Apache OFBiz resource planning software lies in the improper elimination of special elements used in the template, allowing a hacker to execute arbitrary code.

The vulnerability of the Apache OFBiz resource planning software lies in the improper elimination of certain elements used in the template. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

3.6CVSS5.8AI score0.00623EPSS
Exploits0References6Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 5:37 a.m.2 views

SUSE CVE-2013-2922

Use-after-free vulnerability in core/html/HTMLTemplateElement.cpp in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that operates on a TEMPLATE element...

6.8CVSS9.6AI score0.01272EPSS
Exploits0References5
Rows per page
Query Builder