16333 matches found
Moodle LTI module Reflected - Cross-Site Scripting
A reflected XSS issue was identified in the LTI module of Moodle. The vulnerability exists due to insufficient sanitization of user-supplied data in the LTI module. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's brows...
Agentejo Cockpit 0.10.2 - Cross-Site Scripting
Agentejo Cockpit 0.10.2 contains a reflected cross-site scripting vulnerability due to insufficient sanitization of the to parameter in the /auth/login route, which allows for injection of arbitrary JavaScript code into a web page's content. id: CVE-2020-14408 info: name: Agentejo Cockpit 0.10.2 ...
FortiWeb - Cross Site Scripting
FortiWeb 6.3.0 through 6.3.7 and versions before 6.2.4 contain an unauthenticated cross-site scripting vulnerability. Improper neutralization of input during web page generation can allow a remote attacker to inject malicious payload in vulnerable API end-points. id: CVE-2021-22122 info: name:...
CVE-2026-52870
creationtimestamp| type| source ---|---|--- 2026-07-15 21:00:25+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mqpmifoxio25...
CVE-2026-9007 Reflected XSS in HCL Notes
Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in HCL Notes from HCL Software allows reflected Cross-Site Scripting XSS. Successful exploitation allows an attacker to execute arbitrary JavaScript in the context of another user. This issue affects...
CVE-2026-59838
A improper neutralization of script-related html tags in a web page basic xss vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4, FortiSIEM 7.2.0 through 7.2.6, FortiSIEM 7.1 all versions, FortiSIEM 7.0 all versions, FortiSIEM 6.7 all versions, FortiSIEM 6.6 all versions,...
CVE-2026-59838
CVE-2026-59838 is an XSS-type vulnerability described as improper neutralization of script-related HTML tags in Fortinet FortiSIEM. Affected versions span FortiSIEM 7.4.0; 7.3.0–7.3.4; 7.2.0–7.2.6; 7.1.x; 7.0.x; and all 6.x versions (6.4–6.7). The issue could allow an attacker to execute unauthor...
CVE-2026-49458
A flaw was found in DOMPurify, a tool designed to prevent cross-site scripting XSS attacks by sanitizing HTML, MathML, and SVG content. When processing certain types of web page elements, DOMPurify failed to properly identify and sanitize malicious code. This oversight could allow an attacker to...
CVE-2026-48287
CAI Content Credentials is affected by an Untrusted Search Path vulnerability that could result in arbitrary code execution in the context of the current user. Exploit depends on conditions beyond the attacker's control. Exploitation of this issue requires user interaction in that a victim must...
CVE-2026-48290
CAI Content Credentials is affected by a Server-Side Request Forgery SSRF vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated access o...
CVE-2026-15772
Use after free in GPU in Google Chrome on Android prior to 150.0.7871.125 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...
CVE-2026-15768
Insufficient policy enforcement in HTML-in-Canvas in Google Chrome prior to 150.0.7871.125 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: High...
CVE-2026-15774
CVE-2026-15774 is a Use-after-free in Skia affecting Google Chrome prior to 150.0.7871.125. The issue could allow a remote attacker (with renderer access) to escape the Chrome sandbox via a crafted HTML page. Public references show a Chrome security update (Stable Channel) and list this CVE among...
CVE-2026-58647
CVE-2026-58647 affects Microsoft Power BI Power BI Report Server. The issue is an improper neutralization of input during web page generation, enabling cross-site scripting. Attackers must be authorized, require user interaction, and can exploit over the network to perform spoofing with high impa...
CVE-2026-55008
CVE-2026-55008 affects Microsoft Exchange Server and is caused by improper neutralization of input during web page generation, enabling cross-site scripting. The NVD entry lists a high-severity CVSS 3.1 base score of 9.6 (NETWORK, LOW attack complexity, NONE privileges, user interaction required,...
Microsoft PowerBI Report Server Spoofing Vulnerability
Improper neutralization of input during web page generation 'cross-site scripting' in Power BI allows an authorized attacker to perform spoofing over a network...
Microsoft SharePoint Server Spoofing Vulnerability
Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...
Microsoft SharePoint Server Spoofing Vulnerability
Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...
Visual Studio Code Security Feature Bypass Vulnerability
Improper neutralization of input during web page generation 'cross-site scripting' in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally...
PT-2026-58504
Name of the Vulnerable Software and Affected Versions Active Directory Federation Services affected versions not specified Description Improper neutralization of input during web page generation leads to cross-site scripting, which allows an authorized attacker to perform spoofing over a network...