5 matches found
CVE-2026-8539
Script injection in SanitizerAPI in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: High...
CVE-2026-7939
CVE-2026-7939 affects Google Chrome’s SanitizerAPI: an inappropriate implementation allows UXSS via a crafted HTML page, prior to Chrome 148.0.7778.96. Remote script/HTML injection is possible. Remediation is to upgrade to Chrome 148.0.7778.96 or later (as per Chrome stable release notes and Debi...
CVE-2020-9322
The /users endpoint in Statamic Core before 2.11.8 allows XSS to add an administrator user. This can be exploited via CSRF. Stored XSS can occur via a JavaScript payload in a username during account registration. Reflected XSS can occur via the /users PATHINFO...
CVE-2025-5209 Ivory Search < 5.5.10 - Admin+ Stored XSS
The Ivory Search WordPress plugin before 5.5.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...
CVE-2022-3420 Official Integration for Billingo < 3.4.0 - ShopManager+ Stored XSS
The Official Integration for Billingo WordPress plugin before 3.4.0 does not sanitise and escape some of its settings, which could allow high privilege users with a role as low as Shop Manager to perform Stored Cross-Site Scripting attacks...