2 matches found
Discourse cross-site scripting vulnerability (CNVD-2026-17264)
Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from a cross-site scripting vulnerability that stems from the onebox method in the SharedAiConversation model rendering...
CVE-2026-3492 Gravity Forms <= 2.9.28.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Form Title
The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.9.28.1. This is due to a compound failure involving missing authorization on the createfromtemplate AJAX endpoint allowing any authenticated user to create forms, insufficie...