5 matches found
CVE-2026-33244
CVE-2026-33244 affects React Router in versions 7.5.1–7.13.1 when using Framework Mode with pre-rendering enabled. The issue is improper neutralization of the HTTP Location header value, allowing Cross-Site Scripting (XSS) in statically generated HTML if the redirect target comes from an untruste...
WordPress plugin WassUp Real Time Analytics security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability in the WordPress...
AZL-11357 CVE-2022-39348 affecting package python-twisted for versions less than 22.10.0-2
Twisted is an event-based framework for internet applications. Started with version 0.9.4, when the host header does not match a configured host twisted.web.vhost.NameVirtualHost will return a NoResource resource which renders the Host header unescaped into the 404 response allowing HTML and scri...
GHSA-WFVX-FX73-3RFJ markdown-it-toc Cross-site Scripting due to title of generated toc and contents of header not being escaped
This affects all versions of package markdown-it-toc. The title of the generated toc and the contents of the header are not escaped...
Apache Host: crossite scripting
404 error message contains unescaped Host: header of HTTP request...