3 matches found
CVE-2026-28338 PMD Designer has Stored XSS in VBHTMLRenderer and YAHTMLRenderer via unescaped violation messages
PMD is an extensible multilanguage static code analyzer. Prior to version 7.22.0, PMD's vbhtml and yahtml report formats insert rule violation messages into HTML output without escaping. When PMD analyzes untrusted source code containing crafted string literals, the generated HTML report contains...
Objectplanet Opinio Security Vulnerability
ObjectPlanet Opinio is an online survey system from ObjectPlanet Norway. A security vulnerability exists in Objectplanet Opinio 7.22 and earlier versions, which stems from Ben's use of a cryptographically weak pseudo-random number generator PRNG with predictable seeding, which could lead to the...
ZTE ZXCLOUD iRAI Code Injection Vulnerability
The ZTE ZXCLOUD iRAI is a virtualization appliance from China's ZTE Corporation ZTE. A security vulnerability exists in ZTE ZXCLOUD iRAI version 7.22.11P2 and prior versions, which stems from the program's inability to adequately validate user input. An attacker can exploit the vulnerability to...