CVE-2026-5429

Unsanitized input during web page generation in the Kiro Agent webview in Kiro IDE before version 0.8.140 allows a remote unauthenticated threat actor to execute arbitrary code via a potentially damaging crafted color theme name when a local user opens the workspace. This issue requires the user ...

CVE-2026-5429

Unsanitized input during web page generation in the Kiro Agent webview in Kiro IDE before version 0.8.140 allows a remote unauthenticated threat actor to execute arbitrary code via a potentially damaging crafted color theme name when a local user opens the workspace. This issue requires the user ...

CVE-2026-5429

Unsanitized input during web page generation in the Kiro Agent webview in Kiro IDE before version 0.8.140 allows a remote unauthenticated threat actor to execute arbitrary code via a potentially damaging crafted color theme name when a local user opens the workspace. This issue requires the user ...

CVE-2019-25574 Green CMS 2.x Path Traversal Arbitrary File Download

Green CMS 2.x contains a path traversal vulnerability that allows authenticated attackers to download arbitrary files and directories by injecting directory traversal sequences. Attackers can manipulate the themename parameter in the themeexporthandle action or supply base64-encoded file paths to...

CVE-2025-68936

ONLYOFFICE Docs before 9.2.1 allows XSS via the Color theme name. This is related to DocumentServer...

EUVD-2025-205392

ONLYOFFICE Docs before 9.2.1 allows XSS via the Color theme name. This is related to DocumentServer...

CVE-2025-68936

ONLYOFFICE Docs before 9.2.1 allows XSS via the Color theme name. This is related to DocumentServer...

CVE-2025-68936

ONLYOFFICE Docs before 9.2.1 allows XSS via the Color theme name. This is related to DocumentServer...

CVE-2025-68936

Summary: CVE-2025-68936 affects ONLYOFFICE Docs prior to 9.2.1 (DocumentServer relation) and is referenced across multiple feeds as a cross-site scripting (XSS) vulnerability. Affected software: ONLYOFFICE Docs (DocumentServer component referenced in the CVE). Vulnerability details: XSS via the C...

PT-2025-53412

Name of the Vulnerable Software and Affected Versions ONLYOFFICE Docs versions prior to 9.2.1 Description ONLYOFFICE Docs contains a flaw that allows for Cross-Site Scripting XSS through the Color theme name within DocumentServer. Recommendations Update to version 9.2.1 or later...

EUVD-2025-27257

Malicious code in bioql PyPI...

CVE-2025-43774

A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.17 allows a remote authenticated user to inject JavaScript code via Style Book theme name. This malicious payload is then reflected and executed within the user's browser...

CVE-2025-43774

Rejected reason: This CVE ID is rejected. The reported vulnerability was found to be present only in a feature that was under development and protected by a beta feature flag. As a result, the issue was not exploitable in the official or public releases within the specified affected ranges, makin...

CVE-2025-43774

...

Linux Distros Unpatched Vulnerability : CVE-2017-5490

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cross-site scripting XSS vulnerability in the theme-name fallback functionality in wp-includes/class-wp- theme.php in WordPress before 4.7.1 allows remote...

Mars: SQLi At `███████` via `theme_name`

A SQL injection vulnerability was discovered in a web application's theme selection endpoint through the "themename" parameter. Using SQLMap, the vulnerability was demonstrated to be exploitable through both error-based and time-based blind injection attacks against a MySQL database version 5.1 o...

Malicious code in theme-name (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-3119 Malicious code in theme-name (npm)

--- -= Per source details. Do not edit below this line.=-...

SUSE CVE-2008-1284

Directory traversal vulnerability in Horde 3.1.6, Groupware before 1.0.5, and Groupware Webmail Edition before 1.0.6, when running with certain configurations, allows remote authenticated users to read and execute arbitrary files via ".." sequences and a null byte in the theme name...

Xwiki Platform 跨站脚本漏洞

Xwiki Platform is a suite of Wiki platforms for creating web collaboration applications from the French company Xwiki. A security vulnerability exists in XWiki Platform Flamingo Theme UI versions after 6.2.4, 6.3-rc-1, which stems from the presence of a cross-site scripting vector in the...