FortiWeb - Cross Site Scripting

FortiWeb 6.3.0 through 6.3.7 and versions before 6.2.4 contain an unauthenticated cross-site scripting vulnerability. Improper neutralization of input during web page generation can allow a remote attacker to inject malicious payload in vulnerable API end-points. id: CVE-2021-22122 info: name:...

Moodle LTI module Reflected - Cross-Site Scripting

A reflected XSS issue was identified in the LTI module of Moodle. The vulnerability exists due to insufficient sanitization of user-supplied data in the LTI module. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's brows...

Agentejo Cockpit 0.10.2 - Cross-Site Scripting

Agentejo Cockpit 0.10.2 contains a reflected cross-site scripting vulnerability due to insufficient sanitization of the to parameter in the /auth/login route, which allows for injection of arbitrary JavaScript code into a web page's content. id: CVE-2020-14408 info: name: Agentejo Cockpit 0.10.2 ...

CVE-2026-13034

Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.197 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: High...

CVE-2026-13023

Uninitialized Use in GPU in Google Chrome prior to 149.0.7827.197 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

CVE-2026-13034

Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.197 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: High...

CVE-2026-13031

CVE-2026-13031 is a use-after-free in Blink (Chrome) prior to 149.0.7827.197, allowing a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Affected component: Blink in Google Chrome. Root cause: use-after-free in the browser’s rendering engine. Impact: high (arbi...

EUVD-2026-39042

Use after free in FileSystem in Google Chrome prior to 149.0.7827.197 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

EUVD-2026-39040

Race in DevTools in Google Chrome prior to 149.0.7827.197 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

CVE-2026-13038

Use after free in Autofill in Google Chrome on Windows prior to 149.0.7827.197 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...

CVE-2026-10857

CVE-2026-10857 – Reflected XSS in AKINSoft e-Commerce Affected product: AKIN Software Computer Import Export Industry and Trade Ltd. E-Commerce.Vulnerability: Reflected Cross-Site Scripting due to improper neutralization of input during web page generation.Root cause: insufficient sanitization of...

CVE-2026-12621 Cross-Site Scripting (XSS) Vulnerability in Password Reset Redirect in GridTime™ 3000 GNSS Time Server

Improper neutralization of input during web page generation XSS vulnerability in the GridTime 3000 password reset form allows XSS. This issue affects GridTime 3000: from 1.0r0.03 before 1.2r0.0...

EUVD-2026-38038

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Microchip GridTime 3000 allows Cross-Site Scripting XSS. This issue affects GridTime 3000: from 1.0r0.03 through 1.1r0.0...

Astra Linux – Vulnerability in Chromium

Before version 91.0.4472.164, using "after free" in WebSerial with Google Chrome allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...

Astra Linux – Vulnerability in Chromium

The incorrect security UI in the full-screen UI of Google Chrome prior to version 142.0.7444.59 allowed a remote attacker who convinced a user to perform certain UI gestures to perform UI spoofing through a crafted HTML page. Chromium security severity: Low...

Astra Linux – Vulnerability in Chromium

Before version 89.0.4389.114, using screen sharing in Google Chrome allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...

Astra Linux – Vulnerability in Chromium

Before version 91.0.4472.101, using the "after free" mechanism in Google Chrome’s extensions allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption through a crafted HTML page...

Astra Linux – Vulnerability in Chromium

Before version 92.0.4515.107, Autofill in Google Chrome allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption through a crafted HTML page...

Astra Linux – Vulnerability in Chromium

A heap buffer overflow in ANGLE in Google Chrome on Windows, prior to version 90.0.4430.93, allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...

Astra Linux – Vulnerability in Chromium

Before version 88.0.4324.96, using Blink with a "after free" mechanism allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...