Lack of output escaping leads to a XSS vector in the readmore links for com_content.
Lack of output escaping for article titles leads to XSS vectors in various locations.
Lack of output escaping leads to a XSS vector in the content history component.
Lack of output escaping leads to a XSS vector in the feed modules.
Lack of output escaping leads to a XSS vector in the multilingual associations component.
Lack of output escaping leads to a XSS vector in the multilingual associations component.
Lack of output escaping leads to a XSS vector in the pagebreak plugin.
CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a tag's attribute. If the URL content were to insert ASCII whitespaces around the '=' rune insi
Lack of input filtering leads to an XSS vector in the HTML filter code.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zack Katz Links in Captions links-in-captions allows Stored XSS.This issue affects Links in Captio
A Cross-site-scripting (XSS) vulnerability exists in the Reporter Widgets that allows HTML injection.
Lack of input filtering leads to an XSS vector in the HTML filter code related to data URLs in img tags.
A reflected cross-site scripting (XSS) vulnerability exists in WebFileSys version before 2.32.0 and fixed in v.2.32.0. User-controlled input is reflected into HTML and JavaScript contexts without prop
Improper handling of input could lead to an XSS vector in the checkAttribute method of the input filter framework class.
In Concrete CMS below version 9.4.8, A stored cross-site scripting (XSS) vulnerability exists in the search block where page names and content are rendered without proper HTML encoding in search resul
Inconsistent tag parsing allows for XSS in Froala WYSIWYG editor 4.3.0 and earlier.
Webmin allows unauthenticated attackers to read the contents of any file ending in .conf within module directories, due to a bypassable regex pattern.
Inadequate content filtering within the checkAttribute methods leads to XSS vulnerabilities in various components.
Inadequate input validation leads to XSS vulnerabilities in the accessiblemedia field.
A stored cross-site scripting (XSS) vulnerability in the Forums module of Tendenci CMS v15.3.7 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload.
Page 1+ Next →