CVE-2026-10856

A URL validation flaw in the MISP dashboard button widget allowed a crafted relative-looking URL to be accepted as a local path while being interpreted by browsers as an external URL. The validation rejected URLs containing an explicit scheme, host, or user component, but did not reject paths...

Unfixed XSS vulnerability at www.gamebattles.com

Security researcher army, has submitted on 10/07/2007 a cross-site-scripting XSS vulnerability affecting www.gamebattles.com, which at the time of submission ranked 12648 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 26/07/2007. It is current...