256 matches found
Apache ECharts 安全漏洞
Apache ECharts is a data visualization charting library from the Apache USA Foundation. A security vulnerability exists in Apache ECharts versions prior to 6.1.0, which stems from a failure to escape HTML strings in the rendering logic of the Lines family of tooltips, potentially leading to a...
Astra Linux - уязвимость в firefox
While the text displayed in Autofill tooltips cannot be directly read by JavaScript, it was rendered using page fonts. Side-channel attacks on the text using specially crafted fonts could have led to this text being interpreted by the webpage. This vulnerability affects Firefox versions earlier...
Zabbix 跨站脚本漏洞
Zabbix is a set of open-source monitoring systems developed by Zabbix Inc. This system supports network monitoring, server monitoring, cloud monitoring, and application monitoring. Zabbix has a cross-site scripting vulnerability. This vulnerability arises because non-super administrators who have...
CVE-2026-40179 Prometheus: Stored XSS via metric names and label values in web UI tooltips and metrics explorer
Prometheus is an open-source monitoring system and time series database. Versions 3.0 through 3.5.1 and 3.6.0 through 3.11.1 have stored cross-site scripting vulnerabilities in multiple components of the Prometheus web UI where metric names and label values are injected into innerHTML without...
CVE-2026-40179 Prometheus: Stored XSS via metric names and label values in web UI tooltips and metrics explorer
Prometheus is an open-source monitoring system and time series database. Versions 3.0 through 3.5.1 and 3.6.0 through 3.11.1 have stored cross-site scripting vulnerabilities in multiple components of the Prometheus web UI where metric names and label values are injected into innerHTML without...
GHSA-VFFH-X6R8-XX99 Prometheus has Stored XSS via metric names and label values in Prometheus web UI tooltips and metrics explorer
Impact Stored cross-site scripting XSS via crafted metric names in the Prometheus web UI: Old React UI + New Mantine UI: When a user hovers over a chart tooltip on the Graph page, metric names containing HTML/JavaScript are injected into innerHTML without escaping, causing arbitrary script...
Cross-site Scripting (XSS)
Overview github.com/prometheus/prometheus/web/ui is a systems and service monitoring system Affected versions of this package are vulnerable to Cross-site Scripting XSS via various UI components whose innerHTML is rendered unsanitized, based on user input. The metric names and label values used b...
Prometheus has Stored XSS via metric names and label values in Prometheus web UI tooltips and metrics explorer
Impact Stored cross-site scripting XSS via crafted metric names in the Prometheus web UI: Old React UI + New Mantine UI: When a user hovers over a chart tooltip on the Graph page, metric names containing HTML/JavaScript are injected into innerHTML without escaping, causing arbitrary script...
CVE-2026-33404
Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. From 6.0 to before 6.5, client hostnames and IP addresses from the FTL database are rendered into the DOM without escaping in network.js Network page and charts.js/index....
CVE-2026-33404
Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. From 6.0 to before 6.5, client hostnames and IP addresses from the FTL database are rendered into the DOM without escaping in network.js Network page and charts.js/index....
CVE-2026-33404 Pi-hole has a Stored XSS / HTML injection in the Network page/Dashboard
Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. From 6.0 to before 6.5, client hostnames and IP addresses from the FTL database are rendered into the DOM without escaping in network.js Network page and charts.js/index....
CVE-2026-33404
Pi-hole Admin Interface (Pi-hole) up to version 6.5 is affected by a stored XSS in the Network page and Dashboard tooltips due to unescaped DOM rendering of client hostnames and IPs from the FTL database in network.js and charts.js/index.js. The issue occurs for 6.0 through before 6.5, when user-...
Pi-Hole Adminlte 跨站脚本漏洞
Pi-Hole Adminlte is a control panel used for collecting more data. Versions of Pi-Hole Adminlte from 6.0 to 6.5 had a cross-site scripting vulnerability. This vulnerability stemmed from the lack of escaping of client hostname and IP address values in tooltips for web pages and dashboard charts,...
Hoppscotch 跨站脚本漏洞
Hoppscotch is an open-source API development environment created by Hoppscotch. Versions of Hoppscotch prior to 2026.3.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from the display names in tooltips created by team members, which had a storage-based cross-site...
CVE-2023-25958
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Justin Saad Simple Tooltips plugin = 2.1.4 versions...
CVE-2025-63005
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Tomas WordPress Tooltips wordpress-tooltips allows Stored XSS.This issue affects WordPress Tooltips: from n/a through = 10.9.3...
CVE-2025-63005
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Tomas WordPress Tooltips wordpress-tooltips allows Stored XSS.This issue affects WordPress Tooltips: from n/a through = 10.9.3...
CVE-2025-63005 WordPress WordPress Tooltips plugin <= 10.9.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Tomas WordPress Tooltips wordpress-tooltips allows Stored XSS.This issue affects WordPress Tooltips: from n/a through = 10.9.3...
EUVD-2025-205908
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Tomas WordPress Tooltips allows Stored XSS.This issue affects WordPress Tooltips: from n/a through 10.7.9...
CVE-2025-63005
CVE-2025-63005 corresponds to the WordPress Tooltips plugin vulnerability. Connected sources confirm a Stored Cross-Site Scripting (XSS) issue in Tooltips for WordPress, affecting versions up to 10.8.3 (i.e.,