Browse and filter security vulnerabilities across ecosystems
Browse and filter security vulnerabilities across ecosystems
Sub2API Vulnerable to Password Reset Poisoning via Host Header Trust Issue, Leading to Account Takeover
OpenEMR allows inconsistent escaping of translation function output
Tenda F3 Reflected Script Execution via Missing nosniff Header
Isso: Stored XSS via comment website field
OpenSift: Persistent XSS Chat Tool Rendering
LibreNMS has Stored XSS in Custom OID - unit parameter missing strip_tags()
Pi-hole Web Interface has Stored HTML Injection via X-Forwarded-For Header in Active Sessions Table
Pi-hole Web Interface has Stored HTML Injection via Local DNS Records (CNAME/Hosts) in data-tag Attribute
Fabric.js Affected by Stored XSS via SVG Export
jsPDF's PDF Injection in AcroForm module allows Arbitrary JavaScript Execution (RadioButton.createOption and "AS" property)
jsPDF has PDF Object Injection via Unsanitized Input in addJS Method
FileRise affected by HTML Injection using color property in file tags
Tanium addressed an improper output sanitization vulnerability in TanOS.
HtmlSanitizer has a bypass via template tag
jsPDF has a PDF Injection in AcroFormChoiceField which allows Arbitrary JavaScript Execution
Discourse allows script execution in uploaded HTML/XML files on S3
Tenda W30E V2 Lacks X-Content-Type-Options Header
Typemill has Reflected XSS via login error view template
Docmost is vulnerable to stored Cross-Site Scripting (XSS) through Mermaid rendering
5ire vulnerable to Remote Code Execution (RCE)
Showing 1 - 20 of 1,000+ results