Lucene search
K

10 matches found

EUVD
EUVD
added 2026/05/22 5:55 p.m.13 views

EUVD-2026-31478

TypeBot is a chatbot builder tool. Versions 3.15.2 and prior contain a critical stored XSS vulnerability in the app.typebot.io profile picture upload form. The application fails to sanitize or restrict SVG/XML-based uploads and directly renders them when accessed through the domain. By uploading ...

8.5CVSS6AI score0.00276EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/20 7:13 p.m.7 views

CVE-2026-39311

Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. Versions 0.102.1 and prior contain a critical security flaw where lack of SVG sanitization combined with a disabled Content Security Policy CSP and a publicly reachable...

6.8CVSS6.4AI score0.00288EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/02/27 2:17 a.m.3 views

GO-2026-4553 Vikunja: Stored XSS via Unsanitized SVG Attachment Upload Leads to Token Exposure in code.vikunja.io/api

Vikunja: Stored XSS via Unsanitized SVG Attachment Upload Leads to Token Exposure in code.vikunja.io/api...

7.3CVSS5.8AI score0.00453EPSS
Exploits1References3
OSV
OSV
added 2026/02/25 9:37 p.m.4 views

CVE-2026-27616 Vikunja Vulnerable to Stored Cross-Site Scripting (XSS) via Unsanitized SVG Attachment Upload Leading to Token Exposure

Vikunja is an open-source self-hosted task management platform. Prior to version 2.0.0, the application allows users to upload SVG files as task attachments. SVG is an XML-based format that supports JavaScript execution through elements such as tags or event handlers like onload. The application...

7.3CVSS5.7AI score0.00453EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/02/06 7:11 p.m.2 views

CVE-2026-22254 Winter Affected by Stored Cross-Site Scripting (XSS) in Asset Manager

Winter is a free, open-source content management system CMS based on the Laravel PHP framework. Versions of Winter CMS before 1.2.10 allow users with access to the CMS Asset Manager were able to upload SVGs without automatic sanitization. To actively exploit this security issue, an attacker would...

5.6AI score0.00251EPSS
Exploits0References3
EUVD
EUVD
added 2026/02/06 7:11 p.m.5 views

EUVD-2026-5618

Winter is a free, open-source content management system CMS based on the Laravel PHP framework. Versions of Winter CMS before 1.2.10 allow users with access to the CMS Asset Manager were able to upload SVGs without automatic sanitization. To actively exploit this security issue, an attacker would...

5.6AI score0.00251EPSS
Exploits0References3
NVD
NVD
added 2026/01/06 5:15 a.m.3 views

CVE-2025-14120

The URL Image Importer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.7 due to insufficient sanitization of SVG files. This makes it possible for authenticated attackers, with Author-level access and above, to injec...

6.4CVSS0.00197EPSS
Exploits0References4
Veracode
Veracode
added 2025/12/13 7:18 a.m.4 views

Cross Site Scripting (XSS)

NiceGUI is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to the ui.interactiveimage component rendering SVG content using Vue’s v-html directive without sanitization, which allows an attacker to inject malicious HTML or JavaScript via the SVG tag when the image component is...

6.1CVSS5.8AI score0.00232EPSS
Exploits2References3Affected Software1
Positive Technologies
Positive Technologies
added 2023/05/30 12:0 a.m.8 views

PT-2023-24199 · Nextcloud · Nextcloud Contacts

Name of the Vulnerable Software and Affected Versions: Nextcloud Contacts app versions prior to 4.2.4 Nextcloud Contacts app versions prior to 5.0.3 Description: The issue concerns the handling of unsanitized SVG files in the Contacts app for Nextcloud. These files are converted into JavaScript...

4.3CVSS4.4AI score0.00848EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/01/27 12:0 a.m.5 views

Grafana 跨站脚本漏洞

Grafana is Grafana open source set of open source monitoring tools that provide a visual monitoring interface . The tool is mainly used to monitor and analyze Graphite, InfluxDB and Prometheus and so on. Grafana has a cross-site scripting vulnerability that stems from SVG files not properly clean...

7.3CVSS7.1AI score0.00779EPSS
Exploits0References8
Rows per page
Query Builder