Browse and filter security vulnerabilities across ecosystems
Browse and filter security vulnerabilities across ecosystems
Quest NetVault Backup viewclient Cross-Site Scripting Authentication Bypass Vulnerability
Quest NetVault Backup addclient3 Cross-Site Scripting Authentication Bypass Vulnerability
Cacti: Reflected XSS via tab parameter in auth_profile.php JavaScript context
Cacti has a Reflected XSS Vulnerability via html_auth_footer
SiYuan: Stored XSS results to Electron RCE in SiYuan marketplace via unescaped `data-obj` attribute (Bypass for CVE-2026-45375's patch)
SiYuan: Lute HTML sanitizer allows `<iframe>` tags in Bazaar package README, leading to arbitrary command execution via SiYuan Electron client
SiYuan: Stored XSS to RCE via Unsanitized Attribute View Asset Cell Content
SiYuan: Stored XSS to RCE via attribute-view cell rendering in genAVValueHTML()
SiYuan: Stored XSS in Bazaar marketplace via package README event handlers
SiYuan: Stored XSS to RCE via CSS-snippet <style> breakout in renderSnippet()
Rocket.Chat: Missing URL protocol sanitization in ImageElement allows javascript: URLs in markdown images
Gogs: DOM-based XSS via Milestone Name on New Issue Page
Gogs: Stored XSS in `.ipynb` Preview
Jellyfin: Potential XSS in user management
@tryghost/activitypub: XSS in Ghost's ActivityPub client
Frappe Framework 17.0.0-dev - Stored XSS in Tree View node label rendering
Frappe Framework 17.0.0-dev - Stored XSS in Number Card filter fields rendering
Frappe Framework 17.0.0-dev - Stored XSS via eval in Number Card filters_config
Frappe Framework 17.0.0-dev - Stored XSS in Notifications Events color rendering
Frappe Framework 17.0.0-dev - Stored XSS in Multi Select Dialog result rendering
Showing 1 - 20 of 1,000+ results