PT-2026-49559

If the HTML you give it contains a element, and inside that template there's an element with a shadow DOM attached to it, DOMPurify quietly skips over the shadow contents. Whatever the attacker put in there - an image with an onerror handler, a link with a javascript: URL, even a full script -...

CVE-2026-8080

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in misp allows Stored XSS. This issue affects MISP before 2.5.37. A stored cross-site scripting vulnerability exists in the template element attribute handling logic. The application accepted...

CVE-2026-8740

A flaw has been found in Sanluan PublicCMS 5.202506.d. The impacted element is the function execute of the file publiccms-core/src/main/java/com/publiccms/views/directive/tools/TemplateResultDirective.java of the component templateResult API. This manipulation of the argument templateContent caus...

CVE-2026-8080

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in misp allows Stored XSS. This issue affects MISP before 2.5.37. A stored cross-site scripting vulnerability exists in the template element attribute handling logic. The application accepted...

CVE-2026-8080 MISP core - Stored XSS in MISP template (old engine) element attribute type

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in misp allows Stored XSS. This issue affects MISP before 2.5.37. A stored cross-site scripting vulnerability exists in the template element attribute handling logic. The application accepted...

EUVD-2026-28357

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in misp allows Stored XSS. This issue affects MISP before 2.5.37. A stored cross-site scripting vulnerability exists in the template element attribute handling logic. The application accepted...

CVE-2026-8080 MISP core - Stored XSS in MISP template (old engine) element attribute type

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in misp allows Stored XSS. This issue affects MISP before 2.5.37. A stored cross-site scripting vulnerability exists in the template element attribute handling logic. The application accepted...

CVE-2026-8080

CVE-2026-8080 affects MISP core, specifically the old templating engine, where template element attribute type and category values were not validated. This stored XSS vulnerability impacts versions before 2.5.37 and is tied to the old engine later removed in 2.5.38. The CVSS-derived metrics indic...

CVE-2026-8080

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in misp allows Stored XSS. This issue affects MISP before 2.5.37. A stored cross-site scripting vulnerability exists in the template element attribute handling logic. The application accepted...

PT-2026-38424

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in misp allows Stored XSS. This issue affects MISP before 2.5.37. A stored cross-site scripting vulnerability exists in the template element attribute handling logic. The application accepted...

CVE-2025-14731

A weakness has been identified in CTCMS Content Management System up to 2.1.2. This affects an unknown function in the library /ctcms/apps/libraries/CTParser.php of the component Frontend/Template Management Module. This manipulation causes improper neutralization of special elements used in a...

EUVD-2013-2861

Malware in sbrugna...

CVE-2020-28947

In MISP 2.4.134, XSS exists in the template element index view because the id parameter is mishandled...

The vulnerability of the Apache OFBiz resource planning software lies in the improper elimination of special elements used in the template, allowing a hacker to execute arbitrary code.

The vulnerability of the Apache OFBiz resource planning software lies in the improper elimination of certain elements used in the template. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

SUSE CVE-2013-2922

Use-after-free vulnerability in core/html/HTMLTemplateElement.cpp in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that operates on a TEMPLATE element...

MISP Cross-Site Scripting Vulnerability (CNVD-2020-66576)

MISP is an open source software solution for collecting, storing, distributing and sharing cybersecurity metrics and threats related to cybersecurity event analysis and malware analysis. A cross-site scripting vulnerability exists in the template element index view in MISP 2.4.134. The...

CVE-2020-28947

In MISP 2.4.134, XSS exists in the template element index view because the id parameter is mishandled...

Design/Logic Flaw

In MISP 2.4.134, XSS exists in the template element index view because the id parameter is mishandled...

CVE-2018-17847

The html package aka x/net/html through 2018-09-25 in Go mishandles , leading to a "panic: runtime error" index out of range in nodeStack.pop in node.go, called from parser.clearActiveFormattingElements, during an html.Parse call...

openSUSE Security Update : chromium (openSUSE-SU-2014:0065-1)

Update to Chromium 31.0.1650.63 Stable channel update : - Security fixes : - CVE-2013-6634: Session fixation in sync related to 302 redirects - CVE-2013-6635: Use-after-free in editing - CVE-2013-6636: Address bar spoofing related to modal dialogs - CVE-2013-6637: Various fixes from internal...