PT-2026-31136

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Josh Kohlbach Advanced Coupons for WooCommerce Coupons advanced-coupons-for-woocommerce-free allows DOM-Based XSS.This issue affects Advanced Coupons for WooCommerce Coupons: from n/a through =...

cross-site-scripting-lab

XSS Lab Documentation Overview What Is Cross-Site Scr...

CVE-2026-25465

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in codepeople CP Multi View Event Calendar cp-multi-view-calendar allows Stored XSS.This issue affects CP Multi View Event Calendar : from n/a through = 1.4.37...

EUVD-2018-0807

Malware in sbrugna...

EUVD-2025-31276

Malicious code in bioql PyPI...

GHSA-RX7M-68VC-PPXH PhpSpreadsheet vulnerable to SSRF when reading and displaying a processed HTML document in the browser

Product: PhpSpreadsheet Version: 3.8.0 CWE-ID: CWE-918: Server-Side Request Forgery SSRF CVSS vector v.3.1: 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS vector v.4.0: 8.7 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Description: SSRF occurs when a processed HTML document is read and...

CVE-2025-55009 AuthKit: Sensitive auth data rendered in HTML

The AuthKit library for Remix provides convenient helpers for authentication and session management using WorkOS & AuthKit with Remix. In versions 0.14.1 and below, @workos-inc/authkit-remix exposed sensitive authentication artifacts — specifically sealedSession and accessToken — by returning the...

Cross Site Scripting

typo3/cms is vulnerable to Cross Site Scripting. The vulnerability is caused due to a missing sanitization while rendering web page on the browser. This can lead to an authorized editors insert javascript commands by using the url scheme javascript:...

Cross site scripting

A reflected cross-site scripting XSS vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code in the application session or in database, via remote injection, while rendering content in a web page...

Stored cross site scripting

Hi Team, I have found a stored cross-site scripting vulnerability in the Create event section. Description What is stored cross site scripting attack? Stored XSS, occurs when user supplied input is stored and then rendered within a web page. Typical entry points for stored XSS are: message forums...

Erroneous Stylesheet Caching

SeaMonkey is vulnerable to erroneous stylesheet caching. The CSSLoaderImpl::DoSheetComplete function in layout/style/nsCSSLoader.cpp changes the case of certain strings in a stylesheet before adding this stylesheet to the XUL cache, which might allow remote attackers to modify the browser's font...

GHSA-9FCP-VCQ9-9H2H OS Command Injection in craftercms:crafter-studio

A Server-Side Template Injection issue was discovered in Crafter CMS 3.0.18. Attackers with developer privileges may execute OS commands by Creating/Editing a template file .ftl filetype that triggers a call to freemarker.template.utility.Execute in the FreeMarker library during rendering of a we...

CVE-2018-19907

A Server-Side Template Injection issue was discovered in Crafter CMS 3.0.18. Attackers with developer privileges may execute OS commands by Creating/Editing a template file .ftl filetype that triggers a call to freemarker.template.utility.Execute in the FreeMarker library during rendering of a we...

CVE-2018-19907

Crafter CMS 3.0.18 is affected by a Server-Side Template Injection vulnerability. Attackers with developer privileges can cause the FreeMarker library call freemarker.template.utility.Execute while rendering a webpage by creating/editing a template file (.ftl), leading to OS command execution. Th...

CVE-2018-8578

An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages, aka "Microsoft SharePoint Information Disclosure Vulnerability." This affects Microsoft SharePoint...

Apple OS X History Search Vulnerability

Apple OS X is a BSD-based operating system distributed by Apple. Apple OS X Quicklook has a security vulnerability that allows local users to search for previously viewed visited WEB sites, launch a WEB browser, and render WEB sites...

"Recently updated" plugin can be used to reflect arbitrary static content to browser

This request: noformat /plugins/recently-updated/changes.action?theme=XXXXXXXX noformat results in the response: noformat HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Cache-Control: no-cache, must-revalidate Expires: Thu, 01 Jan 1970 00:00:00 GMT X-Confluence-Request-Time: 1412654577325...

Code injection

The CSSLoaderImpl::DoSheetComplete function in layout/style/nsCSSLoader.cpp in Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 changes the case of certain strings in a stylesheet before adding this stylesheet to...

Fedora Core 5 : firefox-1.5.0.9-1.fc5 (2006-1499)

Mozilla Firefox is an open source Web browser. Several flaws were found in the way Firefox processes certain malformed JavaScript code. A malicious web page could cause the execution of JavaScript code in such a way that could cause Firefox to crash or execute arbitrary code as the user running...

firefox security update

CentOS Errata and Security Advisory CESA-2006:0758 Updated firefox packages that fix several security bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web...