8 matches found
PT-2026-40837
Name of the Vulnerable Software and Affected Versions Translate Drupal with GTranslate versions 0.0.0 through 3.0.4 Description A Modification of Assumed-Immutable Data MAID issue in the GTranslate module allows Resource Location Spoofing. The module's widget JavaScript fails to sufficiently...
@aedwards/ohif-viewer (>=5.0.1 <=5.0.14), @bitrefill/airfill-widget (>=3.6.0 <=4.1.7) +55 more potentially affected by CVE-2026-41885 via i18next-locize-backend (>=0.0.1 <=9.0.1)
i18next-locize-backend NPM version =0.0.1, =5.0.1, =3.6.0, =1.7.5, =1.0.5, =9.14.0, =1.0.0, =1.0.1, =0.8.1, =0.8.1, =1.0.0, =1.0.0, =0.0.11, =0.53.0-14, =0.53.3 and more Source cves: CVE-2026-41885 Source advisory: OSV:GHSA-MGCP-MFP8-3Q45...
@voiceflow/widget (>=1.0.3 <=1.7.13) potentially affected by unknown CVE via @voiceflow/react-chat (>=1.0.3 <=1.47.4)
@voiceflow/react-chat NPM version =1.0.3, =1.0.3, =1.7.13 Source cves: unknown CVE Source advisory: SNYK:JS-VOICEFLOWREACTCHAT-14103429...
CVE-2024-49660
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CampusExplorer Campus Explorer Widget campus-explorer-widget allows Reflected XSS.This issue affects Campus Explorer Widget: from n/a through = 1.4...
PT-2024-32940 · Unknown · Restaurant Reservations Widget
Name of the Vulnerable Software and Affected Versions: Restaurant Reservations Widget versions n/a through 1.0 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Reflected XSS. Recommendations:...
CVE-2020-13628
Cross-site scripting XSS vulnerability allows remote attackers to inject arbitrary web script or HTML via the widgetId parameter to host-monitoring/src/toolbar.php. This vulnerability is fixed in versions 1.6.4, 18.10.3, 19.04.3, and 19.0.1 of the Centreon host-monitoring widget; 1.6.4, 18.10.5,...
CVE-2020-10946
Cross-site scripting XSS vulnerability allows remote attackers to inject arbitrary web script or HTML via the page parameter to service-monitoring/src/index.php. This vulnerability is fixed in versions 1.6.4, 18.10.3, 19.04.3, and 19.0.1 of the Centreon host-monitoring widget; 1.6.4, 18.10.5,...
UBUNTU-CVE-2020-10946
Cross-site scripting XSS vulnerability allows remote attackers to inject arbitrary web script or HTML via the page parameter to service-monitoring/src/index.php. This vulnerability is fixed in versions 1.6.4, 18.10.3, 19.04.3, and 19.0.1 of the Centreon host-monitoring widget; 1.6.4, 18.10.5,...