Search Vulnerabilities

md-fileserver: Stored/Reflected XSS when viewing Markdown (raw HTML allowed)

CVE-2026-25688

Apache Answer: XSS in AI Answer Rendering

CVE-2026-45314

Open WebUI: XSS via SVG in /api/v1/channels/webhooks/{webhook_id}/profile/image

CVE-2026-42458

Magento LTS: Reflected XSS - Import -> Data Flow (profiles)

CVE-2026-42235

n8n: XSS via MCP OAuth client

May 4, 2026

CVE-2026-40321

DotNetNuke.Core has stored cross-site-scripting (XSS) via SVG upload

Apr 17, 2026

CVE-2025-14732

Elementor Website Builder <= 3.35.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via REST API

Apr 8, 2026

CVE-2026-22711

Stored XSS through system messages in WikiLove

CVE-2026-35534

ChurchCRM has Stored XSS in PersonView.php via Facebook Field Attribute Injection

CVE-2026-33510

DOM-Based XSS in Homarr /auth/login Redirect

Apr 6, 2026

CVE-2026-34598

YesWiki has Persistant Blind XSS at "/?BazaR&vue=consulter"

Apr 2, 2026

CVE-2026-33506

DOM-Based XSS in Ory Polis Login Page

Mar 26, 2026

CVE-2025-52563

Chamilo: Reflected XSS via page parameter

Mar 2, 2026

CVE-2026-27120

Leaf-kit html escaping does not work on characters that are part of extended grapheme cluster

Feb 20, 2026

CVE-2025-54369

Node-SAML SAML Authentication Bypass

Dec 12, 2025

CVE-2025-65961

LOW

Contao is vulnerable to cross-site scripting in templates

Nov 25, 2025

CVE-2025-48076

Galette is vulnerable to Cross-site Scripting

Nov 4, 2025

CVE-2025-62415

bagisto - Cross Site Scripting (XSS) in TinyMCE Image Upload (HTML)

CVE-2025-62418

bagisto - Cross Site Scripting (XSS) in TinyMCE Image Upload (SVG)

CVE-2025-62414

bagisto - Cross Site Scripting (XSS) in Create New Customer

Showing 1 - 20 of 1,000+ results

...

Searching...

Filters

1,000+ results

CVE-2026-46492

md-fileserver: Stored/Reflected XSS when viewing Markdown (raw HTML allowed)

CVE-2026-25688

Apache Answer: XSS in AI Answer Rendering

CVE-2026-45314

Open WebUI: XSS via SVG in /api/v1/channels/webhooks/{webhook_id}/profile/image

CVE-2026-42458

Magento LTS: Reflected XSS - Import -> Data Flow (profiles)

CVE-2026-42235

n8n: XSS via MCP OAuth client

May 4, 2026

CVE-2026-40321

DotNetNuke.Core has stored cross-site-scripting (XSS) via SVG upload

Apr 17, 2026

CVE-2025-14732

Elementor Website Builder <= 3.35.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via REST API

Apr 8, 2026

CVE-2026-22711

Stored XSS through system messages in WikiLove

CVE-2026-35534

ChurchCRM has Stored XSS in PersonView.php via Facebook Field Attribute Injection

CVE-2026-33510

DOM-Based XSS in Homarr /auth/login Redirect

Apr 6, 2026

CVE-2026-34598

YesWiki has Persistant Blind XSS at "/?BazaR&vue=consulter"

Apr 2, 2026

CVE-2026-33506

DOM-Based XSS in Ory Polis Login Page

Mar 26, 2026

CVE-2025-52563

Chamilo: Reflected XSS via page parameter

Mar 2, 2026

CVE-2026-27120

Leaf-kit html escaping does not work on characters that are part of extended grapheme cluster

Feb 20, 2026

CVE-2025-54369

Node-SAML SAML Authentication Bypass

Dec 12, 2025

CVE-2025-65961

LOW

Contao is vulnerable to cross-site scripting in templates

Nov 25, 2025

CVE-2025-48076

Galette is vulnerable to Cross-site Scripting

Nov 4, 2025

CVE-2025-62415

bagisto - Cross Site Scripting (XSS) in TinyMCE Image Upload (HTML)

CVE-2025-62418

bagisto - Cross Site Scripting (XSS) in TinyMCE Image Upload (SVG)

CVE-2025-62414

bagisto - Cross Site Scripting (XSS) in Create New Customer