CVE-2026-7377

GitLab has remediated an issue in GitLab EE affecting all versions from 18.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that, in customizable analytics dashboards, could have allowed an authenticated user to execute arbitrary JavaScript in the context of other users' browsers d...

GHSA-CV78-6M8Q-PH82 Argo Workflows affected by stored XSS in the artifact directory listing

Summary Stored XSS in the artifact directory listing allows any workflow author to execute arbitrary JavaScript in another user’s browser under the Argo Server origin, enabling API actions with the victim’s privileges. Details The directory listing response in server/artifacts/artifactserver.go...

osCommerce Cross-Site Scripting Vulnerability

osCommerce is an open source online shopping e-commerce solution based on the GNUGPL license. osCommerce suffers from a cross-site scripting vulnerability that stems from susceptibility to a cross-site scripting XSS vulnerability that allows an attacker to execute unauthorized scripts in a user's...

CVE-2018-12246

Symantec Web Isolation WI 1.11 prior to 1.11.21 is susceptible to a reflected cross-site scripting XSS vulnerability. A remote attacker can target end users protected by WI with social engineering attacks using crafted URLs for legitimate web sites. A successful attack allows injecting malicious...

SmallPICT vulnerable to cross-site scripting

Overview SmallPICT contains a cross-site scripting vulnerability. SmallPICT is a bulletin-board software. SmallPICT contains a cross-site scripting vulnerability. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...