5 matches found
EUVD-2026-30134
A cross-site scripting XSS vulnerability exists in Alinto SOGo, version 5.12.7. A maliciously crafted ICS calendar invitation files allows arbitrary JavaScript execution within the authenticated SOGo webmail session. The issue occurs because SVG content embedded in the description field of an ICS...
CVE-2026-33738
Lychee is a free, open-source photo-management tool. Prior to version 7.5.3, the photo description field is stored without HTML sanitization and rendered using !! $item-summary !! Blade unescaped output in the RSS, Atom, and JSON feed templates. The /feed endpoint is publicly accessible without...
CVE-2022-2391
The Inspiro PRO WordPress plugin does not sanitize the portfolio slider description, allowing users with privileges as low as Contributor to inject JavaScript into the description...
CVE-2021-24539
The Coming Soon, Under Construction & Maintenance Mode By Dazzler WordPress plugin before 1.6.7 does not sanitise or escape its description setting when outputting it in the frontend when the Coming Soon mode is enabled, even when the unfilteredhtml capability is disallowed, leading to an...
Billwerx RC v3.1 Multiple Vulnerabilities
No description provided by source. Billwerx RC v3.1 Multiple Vulnerabilities Found By: mrme Download: http://www.billwerx.com/download.php Tested On: Windows Vista Note: For educational purposes only XSS POC: A regular employee can embed javascript code that could be executed within the context o...