CVE-2026-47358

Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery SSRF via external URL resolution in uploaded IaC templates when running in server mode. When Terrascan parses uploaded ARM templates or CloudFormation templates, it resolves external URLs referenced within those templates v...

EUVD-2026-20846

The UsersWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 1.2.60. This is due to insufficient input sanitization of user-supplied URL fields and improper output escaping when rendering user profile data in badge widgets. This makes it possible f...

GHSA-PPWQ-6V66-5M6J OpenClaw Exposes Credentials Embedded in baseUrl Fields via config.get and channels.status

Summary Read-scoped gateway snapshots could expose credentials embedded in channel baseUrl and related endpoint fields. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.3.22 - Latest released tag checked: v2026.3.23-2 630f1479c44f78484dfa21bb407cbe6f171dac87 - Latest...

CVE-2025-26391 SolarWinds Observability Self-Hosted XSS Vulnerability

SolarWinds Observability Self-Hosted XSS Vulnerability. The SolarWinds Platform was susceptible to a XSS vulnerability that affects user-created URL fields. This vulnerability requires authentication from a low-level account...

EUVD-2004-1206

Malware in sbrugna...

EUVD-2017-3099

Malware in sbrugna...

EUVD-2023-41176

Malicious code in bioql PyPI...

CVE-2023-37256

An issue was discovered in the Cargo extension for MediaWiki through 1.39.3. It allows one to store javascript: URLs in URL fields, and automatically links these URLs...

BIT-MEDIAWIKI-2023-37256

An issue was discovered in the Cargo extension for MediaWiki through 1.39.3. It allows one to store javascript: URLs in URL fields, and automatically links these URLs...

PT-2024-12554 · Craft Cms +1 · Craft Cms +1

Name of the Vulnerable Software and Affected Versions: Feed Me plugin version 4.6.1 Craft CMS version 4.6.1 Craft CMS version 4.6.1.1 Description: An issue was discovered that allows remote attackers to cause a denial of service DoS via crafted strings to Feed-Me Name and Feed-Me URL fields, due ...

CVE-2023-38911

A Cross-Site Scripting XSS vulnerability in CSZ CMS 1.3.0 allows attackers to execute arbitrary code via a crafted payload to the Gallery parameter in the YouTube URL fields...

CVE-2023-37256

An issue was discovered in the Cargo extension for MediaWiki through 1.39.3. It allows one to store javascript: URLs in URL fields, and automatically links these URLs...

CVE-2023-37256

An issue was discovered in the Cargo extension for MediaWiki through 1.39.3. It allows one to store javascript: URLs in URL fields, and automatically links these URLs...

Design/Logic Flaw

An issue was discovered in the Cargo extension for MediaWiki through 1.39.3. It allows one to store javascript: URLs in URL fields, and automatically links these URLs...

SUSE CVE-2017-11481

Kibana versions prior to 6.0.1 and 5.6.5 had a cross-site scripting XSS vulnerability via URL fields that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users...

CVE-2022-38374

A improper neutralization of input during web page generation 'cross-site scripting' in Fortinet FortiADC 7.0.0 - 7.0.2 and 6.2.0 - 6.2.4 allows an attacker to execute unauthorized code or commands via the URL and User fields observed in the traffic and event logviews...

Openmct 跨站脚本漏洞

Nasa Openmct is an open source open mission control technology from NASA, Inc. It is used to visualize data on desktop and mobile devices. A cross-site scripting vulnerability exists in Openmct up to version 1.7.7, which stems from the software's lack of effective filtering and escaping of...

Cross-site Scripting (XSS)

kibana is vulnerable to cross-site scripting XSS attacks. These attacks are possible because URL fields are not correctly sanitized, allowing attackers to execute actions on behalf of other users or obtain sensitive information...

Elasticsearch Kibana Cross-Site Scripting Vulnerability (CNVD-2018-00860)

Elasticsearch Kibana formerly known as elasticsearch-dashboard is a suite of open-source, browser-based analytics and search Elasticsearch dashboard tools from the Dutch company Elasticsearch. A cross-site scripting vulnerability exists in Elasticsearch Kibana versions prior to 6.0.1 and prior to...

CVE-2017-11481

CVE-2017-11481 is an XSS vulnerability in Kibana triggered via URL fields in versions older than 6.0.1 and 5.6.5. The connected documents confirm Kibana was fixed (e.g., via patches and security updates) and note a Kibana-specific patch was applied (CVE-2017-11481.patch) as part of the Kibana upd...