| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The BetterDocs - Knowledge Base Docs & FAQ Solution for Elementor & Block Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the blockId attribute of the betterdocs/category-slate-layout Gutenberg block in versions up to, and including, 4.5.3. This is due to insufficient input sanitization and output escaping in the CategorySlateLayout::render() method, which echoes the blockId block attribute directly into an HTML class attribute without esc_attr(). This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
| The Transbank Webpay WordPress plugin before 1.14.0 does not sanitize and escape logs to be displayed, allowing unauthenticated users to perform Stored XSS attacks against logged in administrator |
| Crawl4AI before 0.8.7 contains an authentication bypass vulnerability due to a hardcoded default JWT signing key in the Docker API server. Attackers who know the default key can forge valid authentication tokens for any user, bypassing authentication and gaining full access to protected functionality. |
| SiYuan before v3.6.1 fails to sanitize package metadata and README content in the Bazaar marketplace, allowing malicious package authors to inject arbitrary HTML and JavaScript. Attackers can achieve remote code execution on any user browsing the Bazaar by embedding XSS payloads in package displayName, description, or README fields, exploiting Electron's nodeIntegration setting to execute OS commands. |
| SiYuan before v3.6.1 fails to sanitize package metadata and README content in the Bazaar marketplace, allowing malicious package authors to inject arbitrary HTML and JavaScript. Attackers can achieve remote code execution on any user browsing the Bazaar by embedding XSS payloads in package displayName, description, or README fields, exploiting Electron's nodeIntegration setting to execute OS commands. |
| Worksnaps before version 1.6.20260201 contains hardcoded cloud credentials and related secret material in the Worksnaps client application binaries. The exposed credentials included AWS access keys, S3 bucket names, and related cloud access information. The originally exposed AWS credentials authenticated as the AWS account root identity and provided access to Worksnaps production cloud resources, including S3 buckets containing sensitive data such as screenshots of user desktops. An attacker with access to the affected client binaries could extract or recover the credentials and use them to access affected Worksnaps cloud resources. |
| Unauthenticated Cross Site Scripting (XSS) in MagOne <= 9.0 versions. |
| Remark42 is a self-hosted comment engine for blogs, articles, or any other place where readers can add comments. Versions 1.6.0 through 1.15.0 contain a Cross-Site Scripting (XSS) vulnerability exploitable through content-type spoofing. The Remark42 image proxy fetches an arbitrary remote URL and re-serves the response from Remark42's own origin. During the download phase, the proxy determines whether the resource is an image by inspecting only the Content-Type header advertised by the remote server, never examining the actual bytes; during the serving phase, it instead derives the response Content-Type by sniffing those bytes with http.DetectContentType. An attacker can exploit this inconsistency by hosting a URL that advertises Content-Type: image/png while returning an HTML/JavaScript body: the download check accepts it as an image, the serving path sniffs the body and emits Content-Type: text/html, and the browser renders the attacker-controlled HTML/JavaScript as a document within Remark42's origin. Exploitation requires no Remark42 account on the target instance; the attacker only needs to host the malicious upstream URL and deliver the proxy link to a victim by any means, such as email, direct message, or a link on another website. This issue has been fixed in version 1.16.0. |
| Unauthenticated Cross Site Scripting (XSS) in my flatonica <= 0.0.8 versions. |
| Unauthenticated Cross Site Scripting (XSS) in Sonaar <= 4.27.4 versions. |
| Unauthenticated Cross Site Scripting (XSS) in Auto Repair <= 22.6 versions. |
| Unauthenticated Cross Site Scripting (XSS) in Skillate <= 1.2.10 versions. |
| Unauthenticated Cross Site Scripting (XSS) in WPJobster <= 6.3.5 versions. |
| Unauthenticated Cross Site Scripting (XSS) in collectchat <= 2.4.9 versions. |
| Unauthenticated Cross Site Scripting (XSS) in Kapee < 1.7.1 versions. |
| Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.9.1 versions. |
| Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.10 versions. |
| Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.10 versions. |
| Unauthenticated Cross Site Scripting (XSS) in Avante < 3.0.5 versions. |
| Shaarli is a personal bookmarking service. Versions 0.16.1 and prior contain a stored Cross-Site Scripting (XSS) vulnerability in the Markdown-to-HTML conversion process used in the Bookmark Description field. An authenticated user can inject a malicious javascript: URI inside a Markdown link. The vulnerability originates in the filterProtocols method within BookmarkMarkdownFormatter.php.This method attempts to sanitize Markdown links by filtering dangerous protocols (such as javascript:) before rendering. It uses the following regular expression: (#]\((.*?)\)#is). This regex is designed to detect inline Markdown links, but it fails to detect Markdown reference-style links because reference-style links are resolved by the Markdown parser after preprocessing. The filterProtocols method never inspects the actual URL used in these references and as a result, an attacker can supply a javascript: URI inside a reference definition. This issue has been fixed in version 0.16.2. |
