CVE-2026-45249

A cross-site scripting XSS vulnerability exists in Apache ECharts in the Lines series tooltip rendering logic. This issue affects Apache ECharts: from before 6.1.0. In versions prior to 6.1.0, if both Lines series and tooltip are used, and no user-specified tooltip.formatter is provided, and...

EUVD-2022-4220

Malicious code in bioql PyPI...

CVE-2020-2236

Jenkins Yet Another Build Visualizer Plugin 1.11 and earlier does not escape tooltip content, resulting in a stored cross-site scripting XSS vulnerability exploitable by users with Run/Update permission...

Cross-site Scripting (XSS)

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Cross-site Scripting XSS in tooltip content rendering. An attacker can perform operations with the victim's privileges, such as stealing chat history and deleting chats, by convincing the victim to interact...

jenkins: Stored XSS vulnerability in 'keep forever' badge icons

A flaw was found in jenkins in versions prior to 2.244 and versions prior to LTS 2.235.1. Job names in the 'Keep this build forever' badge tooltip are not properly escaped which results in a stored cross-site scripting XSS vulnerability exploitable by users able to configure job names. The highes...