PT-2026-31136

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Josh Kohlbach Advanced Coupons for WooCommerce Coupons advanced-coupons-for-woocommerce-free allows DOM-Based XSS.This issue affects Advanced Coupons for WooCommerce Coupons: from n/a through =...

cross-site-scripting-lab

XSS Lab Documentation Overview What Is Cross-Site Scr...

CVE-2026-25465

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in codepeople CP Multi View Event Calendar cp-multi-view-calendar allows Stored XSS.This issue affects CP Multi View Event Calendar : from n/a through = 1.4.37...

EUVD-2018-0807

Malware in sbrugna...

EUVD-2025-31276

Malicious code in bioql PyPI...

GHSA-RX7M-68VC-PPXH PhpSpreadsheet vulnerable to SSRF when reading and displaying a processed HTML document in the browser

Product: PhpSpreadsheet Version: 3.8.0 CWE-ID: CWE-918: Server-Side Request Forgery SSRF CVSS vector v.3.1: 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS vector v.4.0: 8.7 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Description: SSRF occurs when a processed HTML document is read and...

CVE-2025-55009 AuthKit: Sensitive auth data rendered in HTML

The AuthKit library for Remix provides convenient helpers for authentication and session management using WorkOS & AuthKit with Remix. In versions 0.14.1 and below, @workos-inc/authkit-remix exposed sensitive authentication artifacts — specifically sealedSession and accessToken — by returning the...

The vulnerability of the web page rendering modules in WebKitGTK and WPE WebKit, related to the occurrence of operations outside the buffer in memory, allows attackers to trigger a service failure.

The vulnerability of the Web page rendering modules in WebKitGTK and WPE WebKit relates to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow a malicious actor to cause service interruptions by processing or loading specially created web...

The vulnerability of the WPE WebKit and WebKitGTK web page rendering modules, related to access to memory cells before the buffer is initialized, allows attackers to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the WPE WebKit and WebKitGTK page rendering modules relates to access to memory cells before the buffer is initialized. Exploiting this vulnerability can allow a remote attacker to gain access to confidential data, compromise its integrity, and cause service failures...

The vulnerability of the WPE WebKit and WebKitGTK web page rendering modules, related to the use of memory after it is freed, allows attackers to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the WPE WebKit and WebKitGTK page rendering modules is related to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to gain access to confidential data, compromise its integrity, and cause service failures...

Cross Site Scripting

typo3/cms is vulnerable to Cross Site Scripting. The vulnerability is caused due to a missing sanitization while rendering web page on the browser. This can lead to an authorized editors insert javascript commands by using the url scheme javascript:...

The vulnerability of the Web page rendering modules in WebKitGTK and WPE WebKit, related to insecure management of privileges, allows attackers to compromise the integrity of protected information.

The vulnerability of the Web page rendering modules in WebKitGTK and WPE WebKit is related to insecure management of privileges. Exploiting this vulnerability can allow an attacker to compromise the integrity of protected information...

Cross site scripting

A reflected cross-site scripting XSS vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code in the application session or in database, via remote injection, while rendering content in a web page...

The vulnerability of the web page rendering modules in WebKitGTK+ and WPE WebKit, caused by buffer overflows, allows attackers to trigger a service failure.

The vulnerability of the Web page rendering modules in WebKitGTK+ and WPE WebKit is caused by buffer overflow. Exploiting this vulnerability can allow a malicious actor to cause a service failure...

The vulnerability of the Web page rendering module in Safari web browsers, as well as in operating systems such as watchOS, tvOS, iPadOS, iOS, macOS, allows attackers to execute XSS attacks.

The vulnerability of the Web page rendering module in Safari browsers running WebKit, as well as in operating systems such as watchOS, tvOS, iPadOS, iOS, and macOS, is related to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious act...

The vulnerability of the web page rendering modules in WebKitGTK and WPE for iOS, iPadOS, tvOS, macOS, watchOS allows a hacker to execute arbitrary code.

The vulnerability of the web page rendering modules in WebKitGTK and WPE for iOS, iPadOS, tvOS, macOS, watchOS systems is related to the execution of operations outside of the buffer in memory. Exploiting this vulnerability can allow a remote attacker to execute arbitrary code...

Stored cross site scripting

Hi Team, I have found a stored cross-site scripting vulnerability in the Create event section. Description What is stored cross site scripting attack? Stored XSS, occurs when user supplied input is stored and then rendered within a web page. Typical entry points for stored XSS are: message forums...

The vulnerability of the WPE WebKit web page rendering module, related to copying buffers without checking input data, allows attackers to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the WPE WebKit web page rendering module is related to the copying of buffers without checking the input data. Exploiting this vulnerability can allow an attacker to gain access to confidential data, compromise its integrity, and cause service failures...

The vulnerability of the web page rendering modules in WebKitGTK and WPE WebKit, related to the use of memory after it is freed, allows attackers to execute arbitrary code or cause service interruptions.

The vulnerability of the Web page rendering modules in WebKitGTK and WPE WebKit relates to the use of memory after it is freed. Exploiting this vulnerability can allow a remote attacker to execute arbitrary code or cause a service failure...

The vulnerability of the web page rendering modules in WebKitGTK and WPE WebKit, related to insufficient validation of input data, allows attackers to execute arbitrary code or cause service failures.

The vulnerability of the Web page rendering modules in WebKitGTK and WPE WebKit is related to insufficient validation of input data. Exploiting this vulnerability allows an attacker to execute arbitrary code or cause service failures...