BIT-JOOMLA-2026-48905 Joomla! Framework - [20260520] - Inadequate content filtering within the cleanAttributes filter code.

Lack of input filtering leads to an XSS vector in the HTML filter code...

CVE-2026-25900

Lack of output escaping leads to a XSS vector in the feed modules...

CVE-2026-48905 Joomla! Framework - [20260520] - Inadequate content filtering within the cleanAttributes filter code.

Lack of input filtering leads to an XSS vector in the HTML filter code...

CVE-2026-48905 Joomla! Framework - [20260520] - Inadequate content filtering within the cleanAttributes filter code.

Lack of input filtering leads to an XSS vector in the HTML filter code...

CVE-2026-30895

Lack of output escaping leads to a XSS vector in the readmore links for comcontent...

CVE-2026-21631 Joomla! Core - [20260303] - XSS vector in com_associations comparison view

Lack of output escaping leads to a XSS vector in the multilingual associations component...

CVE-2026-30948

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.4 and 8.6.17, a stored cross-site scripting XSS vulnerability allows any authenticated user to upload an SVG file containing JavaScript. The file is served inline with...

CVE-2026-30838

league/commonmark is a PHP Markdown parser. Prior to version 2.8.1, the DisallowedRawHtml extension can be bypassed by inserting a newline, tab, or other ASCII whitespace character between a disallowed HTML tag name and the closing . For example, would pass through unfiltered and be rendered as a...

CVE-2021-41101

wire-server is an open-source back end for Wire, a secure collaboration platform. Before version 2.106.0, the CORS Access-Control-Allow-Origin header set by nginz is set for all subdomains of .wire.com including wire.com. This means that if somebody were to find an XSS vector in any of the...

CVE-2025-63082

Lack of input filtering leads to an XSS vector in the HTML filter code related to data URLs in img tags...

CVE-2025-63083

CVE-2025-63083 is a Joomla! Core issue describing a lack of output escaping that enables a cross-site scripting (XSS) vector in the pagebreak plugin. The connected sources specify affected software (Joomla! core, pagebreak/plugin code paths) and indicate an XSS risk arising from insufficient esca...

EUVD-2024-19346

Malicious code in bioql PyPI...

PT-2025-40003

Name of the Vulnerable Software and Affected Versions Versions prior to 2025-54476 Description Improper handling of input can result in a cross-site scripting XSS vector within the checkAttribute method of the input filter framework class. Recommendations At the moment, there is no information...

CVE-2024-21730

The fancyselect list field layout does not correctly escape inputs, leading to a self-XSS vector...

CKAN has Cross-site Scripting vector in the Datatables view plugin

The Datatables view plugin did not properly escape record data coming from the DataStore, leading to a potential XSS vector. Impact Sites running CKAN = 2.7.0 with the datatablesview plugin activated. This is a plugin included in CKAN core, that not activated by default but it is widely used to...

CVE-2024-21730

The fancyselect list field layout does not correctly escape inputs, leading to a self-XSS vector...

CVE-2024-21731

Improper handling of input could lead to an XSS vector in the StringHelper::truncate method...

CVE-2024-21730

The fancyselect list field layout does not correctly escape inputs, leading to a self-XSS vector...

CVE-2024-21731

Improper handling of input could lead to an XSS vector in the StringHelper::truncate method...

CVE-2024-26278

The Custom Fields component not correctly filter inputs, leading to a XSS vector...