GHSA-JRQM-VMQC-GM93 CKEditor 5 has Cross-site Scripting (XSS) in the HTML Support package

Impact A Cross-Site Scripting XSS vulnerability has been discovered in the General HTML Support feature. This vulnerability could be triggered by inserting specially crafted markup, leading to unauthorized JavaScript code execution, if the editor instance used an unsafe General HTML Support...

CKEditor 5 has Cross-site Scripting (XSS) in the HTML Support package

Impact A Cross-Site Scripting XSS vulnerability has been discovered in the General HTML Support feature. This vulnerability could be triggered by inserting specially crafted markup, leading to unauthorized JavaScript code execution, if the editor instance used an unsafe General HTML Support...

PT-2026-23086

Name of the Vulnerable Software and Affected Versions CKEditor 5 versions prior to 47.6.0 Description CKEditor 5, a JavaScript rich-text editor, contains a cross-site scripting XSS issue within the General HTML Support feature. This issue arises from the insertion of specially crafted markup,...

CVE-2026-0540

DOMPurify 3.1.3 through 3.3.1 and 2.5.3 through 2.5.8, fixed in commit 2726c74, contain a cross-site scripting vulnerability that allows attackers to bypass attribute sanitization by exploiting five missing rawtext elements noscript, xmp, noembed, noframes, iframe in the SAFEFORXML regex. Attacke...

CVE-2026-27169

OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Versions 1.1.2-alpha and below render untrusted user/model content in chat tool UI surfaces using unsafe HTML interpolation patterns, leading to XSS. Stored content can execute JavaScript when...

CVE-2026-27169 OpenSift: Persistent XSS Chat Tool Rendering

OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Versions 1.1.2-alpha and below render untrusted user/model content in chat tool UI surfaces using unsafe HTML interpolation patterns, leading to XSS. Stored content can execute JavaScript when...

CVE-2025-67481 mw.message(…).parse() doesn't output safe HTML, but it's being used as if it does

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.JqueryMsg/mediawiki.JqueryMsg.Js. This issue affects MediaWiki: from before 1.39.1...

CVE-2026-22792

5ire desktop AI assistant (cross-platform) prior to version 0.15.3 is affected by an unsafe HTML rendering vulnerability in the renderer context that allows untrusted HTML (including on* event attributes) to execute JavaScript. An attacker can inject an payload to call exposed bridge APIs (e.g.,...

Linux Distros Unpatched Vulnerability : CVE-2024-45613

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - CKEditor 5 is a JavaScript rich-text editor. Starting in version 40.0.0 and prior to version 43.1.1, a Cross-Site Scripting XSS vulnerability is present in the...

PT-2020-5805 · Mediawiki +1 · Mediawiki +1

Name of the Vulnerable Software and Affected Versions: MediaWiki versions 1.12.0 through 1.35.0 Description: The issue is related to insufficient protection measures in the BlockLogFormatter.php component of MediaWiki, allowing a remote attacker to compromise data integrity. The problem lies in t...

libquartz: XXE attacks via job description

The Terracotta Quartz Scheduler is susceptible to an XML external entity attack XXE through a job description. This issue stems from inadequate handling of XML external entity XXE declarations in the initDocumentParser function within xml/XMLSchedulingDataProcessor.java. By enticing a victim to...

CVE-2019-1903

A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to access sensitive information or cause a denial of service DoS condition. The vulnerability is due to improper restrictions on XML entities. An attacker could exploit this vulnerability by sending maliciou...