Lack of output escaping leads to a XSS vector in the content history component.
Lack of output escaping leads to a XSS vector in the readmore links for com_content.
Lack of output escaping leads to a XSS vector in the feed modules.
Lack of output escaping leads to a XSS vector in the multilingual associations component.
Lack of output escaping for article titles leads to XSS vectors in various locations.
Lack of output escaping leads to a XSS vector in the pagebreak plugin.
Lack of output escaping leads to a XSS vector in the multilingual associations component.
Lack of input filtering leads to an XSS vector in the HTML filter code.
CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a tag's attribute. If the URL content were to insert ASCII whitespaces around the '=' rune insi
A Cross-site-scripting (XSS) vulnerability exists in the Reporter Widgets that allows HTML injection.
Inadequate content filtering within the checkAttribute methods leads to XSS vulnerabilities in various components.
Improper handling of input could lead to an XSS vector in the checkAttribute method of the input filter framework class.
An issue was discovered in MISP before 2.4.158. There is stored XSS in the event graph via a tag name.
A stored XSS can be exploited by leveraging the usernames as an attack vector. When an admin user viewed the audit log details for affected entries, any malicious JavaScript payload embedded in the us
Lack of input filtering leads to an XSS vector in the HTML filter code related to data URLs in img tags.
An issue was discovered in Logpoint before 7.7.0. Insufficient input validation and a lack of output escaping in multiple components leads to a cross-site scripting (XSS) vulnerability.
The stripImages and stripIframes methods didn't properly process inputs, leading to XSS vectors.
Lack of input filterung leads to a persistent XSS vulnerability in the user avatar text handling of the Easy Discuss component for Joomla.
In Concrete CMS below version 9.4.8, A stored cross-site scripting (XSS) vulnerability exists in the search block where page names and content are rendered without proper HTML encoding in search resul
A reflected cross-site scripting (XSS) vulnerability exists in WebFileSys version before 2.32.0 and fixed in v.2.32.0. User-controlled input is reflected into HTML and JavaScript contexts without prop
Page 1+ Next →