Search Results (47055 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-6658 1 Jupyter 1 Jupyter Server 2026-06-29 5.4 Medium
A vulnerability in jupyter/nbconvert versions <= 7.17.0 allows for Cross-site Scripting (XSS) via unsanitized `text/vnd.mermaid` output in HTML exports. The `data_mermaid` block in `share/templates/lab/base.html.j2` renders `text/vnd.mermaid` cell output directly into HTML without escaping, enabling attackers to inject arbitrary HTML/JavaScript by breaking out of the `<pre>` tag. This vulnerability impacts any server using nbconvert to render notebooks as HTML, allowing attackers to execute arbitrary JavaScript in the context of users viewing the HTML export.
CVE-2026-57620 2 Timstrifler, Wordpress 2 Exclusive Addons For Elementor, Wordpress 2026-06-29 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tim Strifler Exclusive Addons Elementor allows Stored XSS. This issue affects Exclusive Addons Elementor: from n/a through 2.7.9.8.
CVE-2026-56046 2 Cridio, Wordpress 2 Listingpro, Wordpress 2026-06-29 6.5 Medium
Subscriber Cross Site Scripting (XSS) in ListingPro <= 2.9.11 versions.
CVE-2026-57431 2 Mer.vin, Wordpress 2 Featured Image, Wordpress 2026-06-29 6.5 Medium
Author Cross Site Scripting (XSS) in Featured Image <= 2.1 versions.
CVE-2026-53427 1 Leandrocp 2 Mdex, Mdex Native 2026-06-29 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in leandrocp MDEx allows stored or reflected cross-site scripting via attacker-controlled Markdown. When syntax highlighting and full info-string forwarding (render: [full_info_string: true]) are enabled, the Lumis adapter copies the value of a code fence's highlight_lines_class info-string attribute, unescaped, into the class attribute of every rendered line. comrak_nif::lumis_adapter::LumisAdapter::parse_custom_attributes in native/comrak_nif/src/lumis_adapter.rs shlex-parses the info string and stores each key=value pair verbatim, highlight_lines_config pulls highlight_lines_class into the per-line class value, and write_highlighted interpolates that value directly into the class attribute of the per-line <div>. A single-quoted shell token preserves an inner double quote through shlex parsing, so a value such as '"><script>alert(1)</script>' terminates the class attribute early and the markup that follows is emitted as live HTML. An attacker who can submit Markdown (through comments, posts, wiki pages, documentation, or any user-generated content) can inject arbitrary HTML and JavaScript that runs in the browser of every user who views the rendered output, enabling session theft, account takeover, and other client-side attacks. No authentication or special privileges are required. The vulnerable native code originally shipped inside mdex (in native/comrak_nif/src/lumis_adapter.rs) and was later extracted into the separate mdex_native package (native/mdex_native_nif/src/lumis_adapter.rs), where it remains unpatched. This issue affects mdex from 0.11.3 before 0.12.3, and mdex_native from 0.1.0 before 0.2.3.
CVE-2026-11356 2 Vinod-dalvi, Wordpress 2 Ivory Search – Wordpress Search Plugin, Wordpress 2026-06-29 4.4 Medium
The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'menu_title' and 'menu_magnifier_color' Settings in all versions up to, and including, 5.5.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVE-2026-4610 2 Metagauss, Wordpress 2 Profilegrid – User Profiles, Groups And Communities, Wordpress 2026-06-29 6.4 Medium
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pm_author_message' parameter in the pm_send_message_to_author function in all versions up to, and including, 5.9.9.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The vulnerability was partially patched in version 5.9.8.5.
CVE-2026-9643 2 Joomunited, Wordpress 2 Wp Meta Seo, Wordpress 2026-06-29 7.2 High
The WP Meta SEO plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting via the REQUEST_URI server variable in all versions up to, and including, 4.5.18. When the plugin's `wpmsTemplateRedirect()` hook detects a 404, it concatenates `$_SERVER['HTTP_HOST']` with the raw `$_SERVER['REQUEST_URI']` and inserts that value verbatim into the `wp_wpms_links.link_url` column via `$wpdb->insert()`. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute whenever an administrator views the plugin's 404 & Redirects admin page (`/wp-admin/admin.php?page=metaseo_broken_link`).
CVE-2026-8622 2 Pixelwelt, Wordpress 2 Image Sizes On Demand, Wordpress 2026-06-29 6.1 Medium
The Image Sizes on Demand plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHP_SELF Server Variable in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. The injected payload only executes in the context of an administrator, as the settings page requires the manage_options capability to render.
CVE-2026-56051 2 Tablepress, Wordpress 2 Tablepress, Wordpress 2026-06-29 7.1 High
Unauthenticated Cross Site Scripting (XSS) in TablePress <= 3.3.1 versions.
CVE-2026-50766 1 Koha 1 Koha 2026-06-29 5.4 Medium
A stored cross-site scripting (XSS) vulnerability in the OPAC item detail page of Koha Library Management System 0 through 25.11 versions allow an authenticated remote attacker with edit_items permission to inject arbitrary web scripts via the item public notes field (items.itemnotes).
CVE-2026-56041 2 Dfactory, Wordpress 2 Responsive Lightbox, Wordpress 2026-06-29 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Responsive Lightbox <= 2.7.6 versions.
CVE-2026-57314 2 Surecart, Wordpress 2 Surecart, Wordpress 2026-06-29 7.1 High
Unauthenticated Cross Site Scripting (XSS) in SureCart <= 4.3.2 versions.
CVE-2026-57629 2 Statcounter, Wordpress 2 Statcounter, Wordpress 2026-06-29 6.5 Medium
Contributor Cross Site Scripting (XSS) in StatCounter <= 2.1.1 versions.
CVE-2026-13558 1 Codeastro 1 Complaint Management System 2026-06-29 3.5 Low
A security flaw has been discovered in CodeAstro Complaint Management System 1.0. This issue affects some unknown processing of the file /report/addreport of the component Report Handler. Performing a manipulation of the argument Report Title results in cross site scripting. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks.
CVE-2026-13567 1 Code-projects 1 Online Music Site 2026-06-29 4.3 Medium
A security flaw has been discovered in code-projects Online Music Site 1.0. This affects an unknown part of the file /Frontend/Feedback.php of the component POST Request Handler. The manipulation of the argument fname/femail/faddress/fmessage results in cross site scripting. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks.
CVE-2026-13570 1 Sourcecodester 1 Inventory Management System 2026-06-29 3.5 Low
A vulnerability was detected in SourceCodester Inventory Management System 1.0. Impacted is an unknown function of the file /api/users_handler.php of the component User Registration Endpoint. Performing a manipulation of the argument full_name results in cross site scripting. The attack is possible to be carried out remotely. The exploit is now public and may be used.
CVE-2026-13557 1 Itsourcecode 1 Online Hotel Management System 2026-06-29 4.3 Medium
A vulnerability was identified in itsourcecode Online Hotel Management System 1.0. This vulnerability affects unknown code of the file /admin/mod_room/controller.php?action=add of the component POST Request Handler. Such manipulation of the argument Name leads to cross site scripting. The attack may be launched remotely. The exploit is publicly available and might be used.
CVE-2026-52781 1 Opf 1 Openproject 2026-06-29 6.4 Medium
OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, the HTML sanitizer grants <macro> elements unrestricted data-* attributes via :data wildcard. An attacker injects data-controller="poll-for-changes" into a work package description, causing Stimulus.js to mount a controller that fetches an attacker-uploaded attachment and passes it to renderStreamMessage(). This executes arbitrary Turbo Stream actions — including redirect_to — in every victim's authenticated browser session, redirecting them to an attacker-controlled server. This vulnerability is fixed in 17.3.3 and 17.4.1.
CVE-2026-46386 1 Opf 1 Openproject 2026-06-29 9.9 Critical
OpenProject is open-source, web-based project management software. Prior to , the official openproject/openproject Docker image ships ENV SECRET_KEY_BASE=OVERWRITE_ME as the default Rails master key. Combined with cookies_serializer = :marshal, this gives any logged-in user a deterministic Marshal-deserialization path reachable via the /my/two_factor_devices cookie reader This vulnerability is fixed in .