CVE-2026-37503

Cross-Site Scripting XSS in V2Board thru 1.7.4. The customhtml field in theme configuration is rendered using Blade unescaped output in public/theme/v2board/dashboard.blade.php. An admin can inject arbitrary JavaScript via the saveThemeConfig API. All site visitors execute the payload, enabling...

CVE-2026-37503

Cross-Site Scripting XSS in V2Board thru 1.7.4. The customhtml field in theme configuration is rendered using Blade unescaped output in public/theme/v2board/dashboard.blade.php. An admin can inject arbitrary JavaScript via the saveThemeConfig API. All site visitors execute the payload, enabling...

PT-2026-36484

Name of the Vulnerable Software and Affected Versions V2Board versions prior to 1.7.5 Description Cross-Site Scripting XSS occurs when the custom html field in the theme configuration is rendered using unescaped Blade output in the 'public/theme/v2board/dashboard.blade.php' file. An administrator...

EUVD-2026-26667

Cross-Site Scripting XSS in V2Board thru 1.7.4. The customhtml field in theme configuration is rendered using Blade unescaped output in public/theme/v2board/dashboard.blade.php. An admin can inject arbitrary JavaScript via the saveThemeConfig API. All site visitors execute the payload, enabling...

EUVD-2021-0492

Malware in sbrugna...

Magento LTS vulnerable to stored XSS in theme config fields

As reported by Aakash Adhikari, Github: @justlife4x4, the Design Themes Skin Images / CSS config field allows a Stored XSS when it contains an end script tag. Impact A malicious user with access to this configuration field could use a Stored XSS to affect other authenticated admin users in the...

GHSA-5PXH-89CX-4668 Magento LTS vulnerable to stored XSS in theme config fields

As reported by Aakash Adhikari, Github: @justlife4x4, the Design Themes Skin Images / CSS config field allows a Stored XSS when it contains an end script tag. Impact A malicious user with access to this configuration field could use a Stored XSS to affect other authenticated admin users in the...

GHSA-5W74-JX7M-X6HV XSS vulnerability in theme config file in Mautic

Impact Mautic before v2.13.0 has stored XSS via a theme config file. Patches Update to 2.13.0 or later. Workarounds None. For more information If you have any questions or comments about this advisory: Email us at [email protected]...

XSS vulnerability in theme config file in Mautic

Impact Mautic before v2.13.0 has stored XSS via a theme config file. Patches Update to 2.13.0 or later. Workarounds None. For more information If you have any questions or comments about this advisory: Email us at [email protected]...

CVE-2018-8071

Mautic before v2.13.0 has stored XSS via a theme config file...

Cross site scripting

Mautic before v2.13.0 has stored XSS via a theme config file...

CVE-2018-8071

CVE-2018-8071 affects Mautic prior to v2.13.0 and involves a stored cross-site scripting (XSS) vulnerability in the theme config file. The underlying issue is that malicious input placed in the theme config.json could be stored and later rendered, allowing execution of arbitrary scripts in the vi...

CVE-2018-8071

Mautic before v2.13.0 has stored XSS via a theme config file...