PT-2026-22592

A reflected Cross-Site Scripting XSS vulnerability in the RaiseError function of Skrol29 TbsZip version 2.17 and earlier allows remote attackers to execute arbitrary web script or HTML via a crafted payload in a filename parameter e.g., to the FileRead function. This occurs because the error...

CVE-2025-71241

SPIP before 4.3.6, 4.2.17, and 4.1.20 allows Cross-Site Scripting XSS in the private area. The content of the error message displayed by the 'transmettre' API is not properly sanitized, allowing an attacker to inject malicious scripts. This vulnerability is mitigated by the SPIP security screen...

CVE-2025-71241

SPIP before 4.3.6, 4.2.17, and 4.1.20 allows Cross-Site Scripting XSS in the private area. The content of the error message displayed by the 'transmettre' API is not properly sanitized, allowing an attacker to inject malicious scripts. This vulnerability is mitigated by the SPIP security screen...

Cross-site Scripting (XSS)

Overview open-web-calendar is an Embed a highly customizable web calendar into your website using ICal source links Affected versions of this package are vulnerable to Cross-site Scripting XSS due to missing validations in URL protocols and unsanitized error messages, leading to data theft or...

PT-2026-20839

Name of the Vulnerable Software and Affected Versions SPIP versions prior to 4.3.6 SPIP versions prior to 4.2.17 SPIP versions prior to 4.1.20 Description SPIP versions prior to 4.3.6, 4.2.17, and 4.1.20 contain a Cross-Site Scripting XSS issue within the private area. The error message displayed...