CVE-2026-3673 Frappe Framework 16.10.0 - Stored DOM XSS in Tag Pill Renderer

An authenticated attacker can store a crafted tag value in usertags and trigger JavaScript execution when a victim opens the list/report view where tags are rendered. The vulnerable renderer interpolates tag content into HTML attributes and element content without escaping. This issue affects...

Frappe 跨站脚本漏洞

Frappe is a web development framework based on Python and Mariadb, with integrated front-end pages, developed by the Indian company Frappe. Version 16.10.10 of Frappe contains a cross-site scripting vulnerability. This vulnerability stems from special tag values stored in user tags that are not...

WordPress plugin Exclusive Addons for Elementor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in the...

UBUNTU-CVE-2017-7840

JavaScript can be injected into an exported bookmarks file by placing JavaScript code into user-supplied tags in saved bookmarks. If the resulting exported HTML file is later opened in a browser this JavaScript will be executed. This could be used in social engineering and self-cross-site-scripti...