Linux Distros Unpatched Vulnerability : CVE-2023-26487

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs.lassoAppend' function accepts 3...

Joomla! 3.x < 3.10.20 Multiple Vulnerabilities

According to its self-reported version, the instance of Joomla! running on the remote web server is 3.x prior to 3.10.20, 4.x prior to 4.4.10 or 5.x prior to 5.2.3. It is, therefore, affected by multiple vulnerabilities. - Various module chromes didn't properly process inputs, leading to XSS...

Joomla! 5.x < 5.2.3 Multiple Vulnerabilities

According to its self-reported version, the instance of Joomla! running on the remote web server is 3.x prior to 3.10.20, 4.x prior to 4.4.10 or 5.x prior to 5.2.3. It is, therefore, affected by multiple vulnerabilities. - Various module chromes didn't properly process inputs, leading to XSS...

CVE-2024-40747 [20250101] - Core - XSS vectors in module chromes

Various module chromes didn't properly process inputs, leading to XSS vectors...

CVE-2024-40747

CVE-2024-40747 affects Joomla! core module chromes, where inputs are not properly processed, enabling cross-site scripting (XSS). The vulnerability is described across multiple feeds as applying to module chromes and is categorized with CVSS 3.1: AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N, base score 6....

Joomla 3.0.x < 3.10.17 / 4.0.x < 4.4.7 / 5.0.x < 5.1.3 Multiple Vulnerabilities (5910-joomla-5-1-3-and-4-4-7-security-and-bug-fix-release)

According to its self-reported version, the instance of Joomla! running on the remote web server is 3.0.x prior to 3.10.17, 4.0.x prior to 4.4.7, or 5.0.x prior to 5.1.3. It is, therefore, affected by multiple vulnerabilities. - Inadequate validation of URLs could result into an invalid check...

CVE-2024-40743

The stripImages and stripIframes methods didn't properly process inputs, leading to XSS vectors...

CVE-2024-27186

The mail template feature lacks an escaping mechanism, causing XSS vectors in multiple extensions...

CVE-2024-27186

The mail template feature lacks an escaping mechanism, causing XSS vectors in multiple extensions...

CVE-2024-27186

CVE-2024-27186 affects Joomla! via the mail template feature lacking an escaping mechanism, enabling XSS vectors across multiple extensions. The vulnerability stems from insufficient input escaping in mail templates, with CVSSv3.1 base score 6.1 (MEDIUM). Affected component: the HTML mail templat...

CVE-2024-40743

CVE-2024-40743 affects Joomla core Outputfilter::stripImages and Outputfilter::stripIframes: inputs are not properly processed, enabling XSS vectors. Root cause is improper handling in stripImages/stripIframes; impact is XSS exposure as described in multiple sources (e.g., BIT-JOOMLA-2024-40743, ...

PT-2024-21721 · Joomla +2 · Joomla! +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The mail template feature lacks an escaping mechanism, causing XSS vectors in multiple extensions. No information is provided about the estimated number...

CVE-2024-26279

The wrapper extensions do not correctly validate inputs, leading to XSS vectors...

PT-2023-32976 · Silverstripe · Silverstripe Cms

Name of the Vulnerable Software and Affected Versions: Silverstripe CMS version 4 TinyMCE versions 4.x Description: The issue concerns several XSS vectors in TinyMCE 4.x that have been patched in later versions. Two of these vectors affect the silverstripe/admin module. The security patches from...

CVE-2023-37467

Discourse is an open source discussion platform. Prior to version 3.1.0.beta7 of the beta and tests-passed branches, a CSP Content Security Policy nonce reuse vulnerability was discovered could allow cross-site scripting XSS attacks to bypass CSP protection for anonymous i.e. unauthenticated user...

HTML injection in search results via plaintext message highlighting

Impact Plain text messages containing HTML tags are rendered as HTML in the search results. To exploit this, an attacker needs to trick a user into searching for a specific message containing an HTML injection payload. Cross-site scripting is possible by including resources from recaptcha.net and...

CVE-2023-26487

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs.lassoAppend' function accepts 3 arguments and internally invokes push function on the 1st argument specifying array consisting of 2nd and 3rd arguments as push call argument...

SUSE CVE-2008-6682

Multiple cross-site scripting XSS vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of 1 " double quote characters in the href attribute of an s:a tag and 2...

Inconsistent input sanitisation leads to XSS vectors

Background A variety of templates do not perform proper sanitization through HTML escaping. Due to the lack of sanitization and use of jQuery.html, there are a whole host of XSS possibilities with specially crafted input to a variety of fields. Impact OMERO.web before 5.11.0 and OMERO.figure befo...

GHSA-G67G-HVC3-XMVF Inconsistent input sanitisation leads to XSS vectors

Background A variety of templates do not perform proper sanitization through HTML escaping. Due to the lack of sanitization and use of jQuery.html, there are a whole host of XSS possibilities with specially crafted input to a variety of fields. Impact OMERO.web before 5.11.0 and OMERO.figure befo...