2 matches found
CVE-2023-26131
Summary: CVE-2023-26131 affects the Algernon project’s engine and themes components via an XSS flaw in themes.NoPage(filename, theme) caused by improper user input sanitization when a file/resource is not found. The vulnerability is evidenced by multiple connected sources detailing the same issue...
CVE-2025-65754
CVE-2025-65754 concerns Algernon v1.17.4, where cross-site scripting via a crafted payload in a filename can lead to arbitrary code execution. Multiple sources confirm the issue exists in Algernon, with CVSS-like context indicating attacker interaction and limited privileges. Reported affected co...