Résumé
Sveltia CMS: Stored XSS in Markdown/RichText preview via unsandboxed same-origin iframe
Références
Vulnérabilités liées
Tout Supply chain →- HIGHGHSA-X975-RGX4-5FH4
appium-mcp: Unescaped Locator Data XSS in MCP-UI Resource (createLocatorGeneratorUI)
- MEDIUMGHSA-6V8J-33HC-MV84
symfony/ux-icons: XSS via unsanitized SVG content in local files and Iconify on-demand responses
- HIGHGHSA-5C7P-G73Q-RPG5
StarCitizenWiki Extension Embed Video: Stored XSS via malformed src url with $wgEmbedVideoRequireConsent enabled
- MEDIUMGHSA-WWF9-7JRC-RV4Q
Outerbase Studio: Stored XSS in Text Widget Leads to Authentication Token Exposure
- MEDIUMGHSA-GX93-M64W-5M6H
Allure Report: Stored XSS via unescaped ANSI helper in status message/trace rendering
- HIGHGHSA-G5QX-H5F3-MP2F
TinaCMS: Cross-origin postMessage handlers and rich-text URL-sanitization bypass enable stored XSS and session takeover