Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-44727

Summary
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
Published At-22 Jun, 2026 | 19:56
Updated At-30 Jun, 2026 | 12:10
Rejected At-
Credits

Jupyter Server: Stored XSS in `NbconvertFileHandler` / `NbconvertPostHandler` via missing `sandbox` CSP

Jupyter Server is the backend for Jupyter web applications. Prior to 2.20, the nbconvert HTTP handlers in jupyter_server render user-authored notebook HTML under the Jupyter origin without a sandbox directive in their Content-Security-Policy. Combined with nbconvert.HTMLExporter's default non-sanitizing behavior, a notebook carrying an HTML payload in a display_data output triggers stored XSS with cookie access, full /api/* authority, and kernel RCE. This vulnerability is fixed in 2.20.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:GitHub_M
Assigner Org ID:a0819718-46f1-4df5-94e2-005712e83aaa
Published At:22 Jun, 2026 | 19:56
Updated At:30 Jun, 2026 | 12:10
Rejected At:
▼CVE Numbering Authority (CNA)
Jupyter Server: Stored XSS in `NbconvertFileHandler` / `NbconvertPostHandler` via missing `sandbox` CSP

Jupyter Server is the backend for Jupyter web applications. Prior to 2.20, the nbconvert HTTP handlers in jupyter_server render user-authored notebook HTML under the Jupyter origin without a sandbox directive in their Content-Security-Policy. Combined with nbconvert.HTMLExporter's default non-sanitizing behavior, a notebook carrying an HTML payload in a display_data output triggers stored XSS with cookie access, full /api/* authority, and kernel RCE. This vulnerability is fixed in 2.20.

Affected Products
Vendor
jupyter-server
Product
jupyter_server
Versions
Affected
  • < 2.20
Problem Types
TypeCWE IDDescription
CWECWE-79CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWECWE-1021CWE-1021: Improper Restriction of Rendered UI Layers or Frames
Type: CWE
CWE ID: CWE-79
Description: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Type: CWE
CWE ID: CWE-1021
Description: CWE-1021: Improper Restriction of Rendered UI Layers or Frames
Metrics
VersionBase scoreBase severityVector
4.09.3CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Version: 4.0
Base score: 9.3
Base severity: CRITICAL
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-fcw5-x6j4-ccmp
x_refsource_CONFIRM
https://github.com/jupyter-server/jupyter_server/commit/6cbee8d65e71abac851c4492fea987ad080580bd
x_refsource_MISC
Hyperlink: https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-fcw5-x6j4-ccmp
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/jupyter-server/jupyter_server/commit/6cbee8d65e71abac851c4492fea987ad080580bd
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
2. jupyter-server: Jupyter Server: Remote Code Execution via stored Cross-Site Scripting in nbconvert handlers

A flaw was found in Jupyter Server. The nbconvert HTTP handlers in Jupyter Server render user-authored notebook HTML without a sandbox directive in their Content-Security-Policy. This, combined with nbconvert.HTMLExporter's default non-sanitizing behavior, allows a notebook containing an HTML payload to trigger a stored Cross-Site Scripting (XSS) vulnerability. A remote attacker could exploit this to gain cookie access, full API authority, and achieve kernel Remote Code Execution (RCE).

Affected Products
Vendor
Red Hat, Inc.Red Hat
Product
Migration Toolkit for Applications 8
CPEs
  • cpe:/a:redhat:migration_toolkit_applications:8
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift AI (RHOAI)
CPEs
  • cpe:/a:redhat:openshift_ai
Default Status
affected
Problem Types
TypeCWE IDDescription
CWECWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Type: CWE
CWE ID: CWE-79
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Metrics
VersionBase scoreBase severityVector
3.19.0CRITICAL
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Version: 3.1
Base score: 9.0
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Metrics Other Info
Red Hat severity rating
value:
Important
namespace:
https://access.redhat.com/security/updates/classification/
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Reported to Red Hat.2026-06-22 21:00:50
Made public.2026-06-22 19:56:56
Event: Reported to Red Hat.
Date: 2026-06-22 21:00:50
Event: Made public.
Date: 2026-06-22 19:56:56
Replaced By

Rejected Reason

References
HyperlinkResource
https://access.redhat.com/security/cve/CVE-2026-44727
vdb-entry
x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2491516
issue-tracking
x_refsource_REDHAT
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-44727.json
x_sadp-csaf-vex
Hyperlink: https://access.redhat.com/security/cve/CVE-2026-44727
Resource:
vdb-entry
x_refsource_REDHAT
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=2491516
Resource:
issue-tracking
x_refsource_REDHAT
Hyperlink: https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-44727.json
Resource:
x_sadp-csaf-vex
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security-advisories@github.com
Published At:22 Jun, 2026 | 21:16
Updated At:30 Jun, 2026 | 03:20

Jupyter Server is the backend for Jupyter web applications. Prior to 2.20, the nbconvert HTTP handlers in jupyter_server render user-authored notebook HTML under the Jupyter origin without a sandbox directive in their Content-Security-Policy. Combined with nbconvert.HTMLExporter's default non-sanitizing behavior, a notebook carrying an HTML payload in a display_data output triggers stored XSS with cookie access, full /api/* authority, and kernel RCE. This vulnerability is fixed in 2.20.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.09.3CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary3.15.4MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Secondary3.19.0CRITICAL
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
N/A
Type: Secondary
Version: 4.0
Base score: 9.3
Base severity: CRITICAL
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Primary
Version: 3.1
Base score: 5.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Type: Secondary
Version: 3.1
Base score: 9.0
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Type: N/A
Version:
Base score:
Base severity: N/A
Vector:
CPE Matches

jupyter
jupyter
>>jupyter_server>>Versions before 2.20.0(exclusive)
cpe:2.3:a:jupyter:jupyter_server:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-79Primarysecurity-advisories@github.com
CWE-1021Primarysecurity-advisories@github.com
CWE-79Secondarynvd@nist.gov
CWE-79Secondary0b0ca135-0b70-47e7-9f44-1890c2a1c46c
CWE ID: CWE-79
Type: Primary
Source: security-advisories@github.com
CWE ID: CWE-1021
Type: Primary
Source: security-advisories@github.com
CWE ID: CWE-79
Type: Secondary
Source: nvd@nist.gov
CWE ID: CWE-79
Type: Secondary
Source: 0b0ca135-0b70-47e7-9f44-1890c2a1c46c
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://github.com/jupyter-server/jupyter_server/commit/6cbee8d65e71abac851c4492fea987ad080580bdsecurity-advisories@github.com
Patch
https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-fcw5-x6j4-ccmpsecurity-advisories@github.com
Mitigation
Patch
Vendor Advisory
https://access.redhat.com/security/cve/CVE-2026-447270b0ca135-0b70-47e7-9f44-1890c2a1c46c
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=24915160b0ca135-0b70-47e7-9f44-1890c2a1c46c
N/A
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-44727.json0b0ca135-0b70-47e7-9f44-1890c2a1c46c
N/A
Hyperlink: https://github.com/jupyter-server/jupyter_server/commit/6cbee8d65e71abac851c4492fea987ad080580bd
Source: security-advisories@github.com
Resource:
Patch
Hyperlink: https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-fcw5-x6j4-ccmp
Source: security-advisories@github.com
Resource:
Mitigation
Patch
Vendor Advisory
Hyperlink: https://access.redhat.com/security/cve/CVE-2026-44727
Source: 0b0ca135-0b70-47e7-9f44-1890c2a1c46c
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=2491516
Source: 0b0ca135-0b70-47e7-9f44-1890c2a1c46c
Resource: N/A
Hyperlink: https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-44727.json
Source: 0b0ca135-0b70-47e7-9f44-1890c2a1c46c
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

10716Records found

CVE-2024-11831
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-5.4||MEDIUM
EPSS-1.01% / 58.76%
||
7 Day CHG~0.00%
Published-10 Feb, 2025 | 15:27
Updated-01 Jul, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Npm-serialize-javascript: cross-site scripting (xss) in serialize-javascript

A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly sanitize certain inputs, such as regex or other JavaScript object types, allowing an attacker to inject malicious code. This code could be executed when deserialized by a web browser, causing Cross-site scripting (XSS) attacks. This issue is critical in environments where serialized data is sent to web clients, potentially compromising the security of the website or web application using this package.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat OpenShift Pipelines 1.18.0Red Hat Ceph Storage 7.1Red Hat Advanced Cluster Security 4.5RHODF-4.15-RHEL-9Red Hat build of Apicurio Registry 2Red Hat Process Automation 7RHODF-4.14-RHEL-9Red Hat OpenShift Pipelines 1.14.6.NET 6.0 on Red Hat Enterprise LinuxRed Hat Discovery 1Red Hat Quay 3Red Hat Developer HubOpenShift PipelinesRed Hat OpenShift Pipelines 1.16Red Hat Ceph Storage 7Red Hat 3scale API Management Platform 2Red Hat Integration Camel K 1Red Hat JBoss Enterprise Application Platform 7Red Hat Satellite 6Red Hat Ceph Storage 8Red Hat build of OptaPlanner 8RHODF-4.16-RHEL-9Red Hat Advanced Cluster Security 4.4Red Hat JBoss Enterprise Application Platform 8Red Hat OpenShift AI (RHOAI)Migration Toolkit for VirtualizationOpenShift Service Mesh 2RHODF-4.18-RHEL-9Red Hat Trusted Profile AnalyzerRed Hat OpenShift Dev SpacesRed Hat Fuse 7Red Hat OpenShift Pipelines 1.17Red Hat Enterprise Linux 10Red Hat Ceph Storage 8.1Red Hat JBoss Enterprise Application Platform Expansion PackRed Hat Advanced Cluster Management for Kubernetes 2Logging Subsystem for Red Hat OpenShiftRed Hat Enterprise Linux 9RHODF-4.17-RHEL-9Red Hat Data Grid 8Red Hat OpenShift distributed tracing 3Red Hat Enterprise Linux 8Red Hat Ansible Automation Platform 2Red Hat build of Apache Camel - HawtIO 4Cryostat 3OpenShift ServerlessRed Hat Advanced Cluster Security 4Red Hat Ceph Storage 9OpenShift LightspeedRed Hat Single Sign-On 7Red Hat OpenShift Pipelines 1.15Red Hat OpenShift Container Platform 3.11Red Hat OpenShift Pipelines 1.19Red Hat Ceph Storage 9.0Red Hat OpenShift Container Platform 4
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-6134
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-4.6||MEDIUM
EPSS-0.91% / 55.68%
||
7 Day CHG~0.00%
Published-14 Dec, 2023 | 21:42
Updated-25 Feb, 2026 | 18:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Keycloak: reflected xss via wildcard in oidc redirect_uri

A flaw was found in Keycloak that prevents certain schemes in redirects, but permits them if a wildcard is appended to the token. This issue could allow an attacker to submit a specially crafted request leading to cross-site scripting (XSS) or further attacks. This flaw is the result of an incomplete fix for CVE-2020-10748.

Action-Not Available
Vendor-Red Hat, Inc.
Product-single_sign-onopenshift_container_platform_ibm_z_systemsopenshift_container_platformkeycloakenterprise_linuxopenshift_container_platform_for_powerRed Hat Single Sign-On 7Red Hat Single Sign-On 7.6 for RHEL 7RHEL-8 based Middleware ContainersRed Hat Single Sign-On 7.6 for RHEL 9Single Sign-On 7.6.6Red Hat Single Sign-On 7.6 for RHEL 8Red Hat build of Keycloak 22.0.7Red Hat build of Keycloak 22
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-3971
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-7.3||HIGH
EPSS-0.67% / 47.54%
||
7 Day CHG~0.00%
Published-04 Oct, 2023 | 14:26
Updated-20 Nov, 2025 | 19:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Controller: html injection in custom login info

An HTML injection flaw was found in Controller in the user interface settings. This flaw allows an attacker to capture credentials by creating a custom login page by injecting HTML, resulting in a complete compromise.

Action-Not Available
Vendor-Red Hat, Inc.
Product-ansible_developeransible_automation_platformenterprise_linuxansible_insideansible_automation_controllerRed Hat Ansible Automation Platform 2.4 for RHEL 8Red Hat Ansible Automation Platform 2.3 for RHEL 8Red Hat Ansible Automation Platform 2.4 for RHEL 9Red Hat Ansible Automation Platform 2.3 for RHEL 9
CWE ID-CWE-80
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-3384
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.38% / 29.57%
||
7 Day CHG~0.00%
Published-24 Jul, 2023 | 15:19
Updated-07 Nov, 2025 | 00:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Quay: stored cross site scripting

A flaw was found in the Quay registry. While the image labels created through Quay undergo validation both in the UI and backend by applying a regex (validation.py), the same validation is not performed when the label comes from an image. This flaw allows an attacker to publish a malicious image to a public registry containing a script that can be executed via Cross-site scripting (XSS).

Action-Not Available
Vendor-Red Hat, Inc.
Product-quayRed Hat Quay 3
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-41134
Matching Score-10
Assigner-GitHub, Inc.
ShareView Details
Matching Score-10
Assigner-GitHub, Inc.
CVSS Score-8.7||HIGH
EPSS-0.68% / 47.90%
||
7 Day CHG~0.00%
Published-03 Nov, 2021 | 17:50
Updated-04 Aug, 2024 | 02:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stored XSS in Jupyter nbdime

nbdime provides tools for diffing and merging of Jupyter Notebooks. In affected versions a stored cross-site scripting (XSS) issue exists within the Jupyter-owned nbdime project. It appears that when reading the file name and path from disk, the extension does not sanitize the string it constructs before returning it to be displayed. The diffNotebookCheckpoint function within nbdime causes this issue. When attempting to display the name of the local notebook (diffNotebookCheckpoint), nbdime appears to simply append .ipynb to the name of the input file. The NbdimeWidget is then created, and the base string is passed through to the request API function. From there, the frontend simply renders the HTML tag and anything along with it. Users are advised to patch to the most recent version of the affected product.

Action-Not Available
Vendor-jupyterjupyter
Product-nbdimenbdime-jupyterlabnbdime
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-23960
Matching Score-10
Assigner-GitHub, Inc.
ShareView Details
Matching Score-10
Assigner-GitHub, Inc.
CVSS Score-7.3||HIGH
EPSS-0.34% / 25.63%
||
7 Day CHG+0.09%
Published-21 Jan, 2026 | 22:02
Updated-30 Jun, 2026 | 12:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Argo Workflows affected by stored XSS in the artifact directory listing

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to versions 3.6.17 and 3.7.8, stored XSS in the artifact directory listing allows any workflow author to execute arbitrary JavaScript in another user’s browser under the Argo Server origin, enabling API actions with the victim’s privileges. Versions 3.6.17 and 3.7.8 fix the issue.

Action-Not Available
Vendor-argoprojargoprojRed Hat, Inc.
Product-argo_workflowsargo-workflowsRed Hat OpenShift AI (RHOAI)
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-6710
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-5.4||MEDIUM
EPSS-2.24% / 80.71%
||
7 Day CHG~0.00%
Published-12 Dec, 2023 | 22:01
Updated-20 Nov, 2025 | 01:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Mod_cluster/mod_proxy_cluster: stored cross site scripting

A flaw was found in the mod_proxy_cluster in the Apache server. This issue may allow a malicious user to add a script in the 'alias' parameter in the URL to trigger the stored cross-site scripting (XSS) vulnerability. By adding a script on the alias parameter on the URL, it adds a new virtual host and adds the script to the cluster-manager page.

Action-Not Available
Vendor-modclusterRed Hat, Inc.
Product-mod_proxy_clusterenterprise_linuxRed Hat Enterprise Linux 9Red Hat JBoss Core ServicesText-Only JBCSJBoss Core Services for RHEL 8JBoss Core Services on RHEL 7
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-11569
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.14% / 3.56%
||
7 Day CHG~0.00%
Published-08 Jun, 2026 | 10:54
Updated-08 Jun, 2026 | 14:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Quay: quay: stored xss via filedrop svg upload

A flaw was found in Quay. The filedrop endpoint accepts any mime type without validation, allowing an authenticated user with repository write access to upload a malicious SVG file containing JavaScript. The file is stored and served inline through the CDN, enabling stored cross-site scripting when a victim visits the archive URL.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Quay 3
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-9222
Matching Score-10
Assigner-GitLab Inc.
ShareView Details
Matching Score-10
Assigner-GitLab Inc.
CVSS Score-8.7||HIGH
EPSS-0.38% / 29.64%
||
7 Day CHG+0.02%
Published-09 Jan, 2026 | 10:04
Updated-30 Jun, 2026 | 12:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2.2 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to achieve stored cross-site scripting by exploiting GitLab Flavored Markdown.

Action-Not Available
Vendor-Red Hat, Inc.GitLab Inc.
Product-gitlabGitLabRed Hat OpenShift Container Platform 4OpenShift Pipelines
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-32862
Matching Score-10
Assigner-GitHub, Inc.
ShareView Details
Matching Score-10
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-1.10% / 61.68%
||
7 Day CHG~0.00%
Published-18 Aug, 2022 | 00:00
Updated-02 Sep, 2024 | 21:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
nbconvert vulnerable to cross-site scripting (XSS) via multiple exploit paths

The GitHub Security Lab discovered sixteen ways to exploit a cross-site scripting vulnerability in nbconvert. When using nbconvert to generate an HTML version of a user-controllable notebook, it is possible to inject arbitrary HTML which may lead to cross-site scripting (XSS) vulnerabilities if these HTML notebooks are served by a web server (eg: nbviewer).

Action-Not Available
Vendor-jupyterjupyterDebian GNU/Linux
Product-nbconvertdebian_linuxnbconvert
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-5198
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-0.23% / 13.42%
||
7 Day CHG~0.00%
Published-27 May, 2025 | 20:51
Updated-27 Feb, 2026 | 16:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stackrox: xss in stackrox

A flaw was found in Stackrox, where it is vulnerable to Cross-site scripting (XSS) if the script code is included in a small subset of table cells. The only known potential exploit is if the script is included in the name of a Kubernetes “Role” object* that is applied to a secured cluster. This object can be used by a user with access to the cluster or through a compromised third-party product.

Action-Not Available
Vendor-stackroxRed Hat, Inc.
Product-advanced_cluster_securitystackroxRed Hat Advanced Cluster Security 4
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-0119
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.56% / 42.25%
||
7 Day CHG~0.00%
Published-12 Sep, 2023 | 15:14
Updated-02 Aug, 2024 | 05:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foreman: stored cross-site scripting in host tab

A stored Cross-site scripting vulnerability was found in foreman. The Comment section in the Hosts tab has incorrect filtering of user input data. As a result of the attack, an attacker with an existing account on the system can steal another user's session, make requests on behalf of the user, and obtain user credentials.

Action-Not Available
Vendor-Red Hat, Inc.
Product-satelliteenterprise_linuxRed Hat Satellite 6.13 for RHEL 8Red Hat Satellite 6.14 for RHEL 8
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2018-10854
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.61% / 44.76%
||
7 Day CHG~0.00%
Published-22 Nov, 2019 | 11:51
Updated-05 Aug, 2024 | 07:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

cloudforms version, cloudforms 5.8 and cloudforms 5.9, is vulnerable to a cross-site-scripting. A flaw was found in CloudForms's v2v infrastructure mapping delete feature. A stored cross-site scripting due to improper sanitization of user input in Name field.

Action-Not Available
Vendor-Linux Kernel Organization, IncRed Hat, Inc.
Product-cloudforms_management_enginelinux_kernelcloudforms
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-1697
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.76% / 50.70%
||
7 Day CHG~0.00%
Published-10 Feb, 2020 | 14:13
Updated-04 Aug, 2024 | 06:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

It was found in all keycloak versions before 9.0.0 that links to external applications (Application Links) in the admin console are not validated properly and could allow Stored XSS attacks. An authed malicious user could create URLs to trick users in other realms, and possibly conduct further attacks.

Action-Not Available
Vendor-Red Hat, Inc.
Product-single_sign-onkeycloakkeycloak
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-3889
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-4.6||MEDIUM
EPSS-0.88% / 54.59%
||
7 Day CHG+0.01%
Published-11 Jul, 2019 | 18:27
Updated-04 Aug, 2024 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A reflected XSS vulnerability exists in authorization flow of OpenShift Container Platform versions: openshift-online-3, openshift-enterprise-3.4 through 3.7 and openshift-enterprise-3.9 through 3.11. An attacker could use this flaw to steal authorization data by getting them to click on a malicious link.

Action-Not Available
Vendor-Red Hat, Inc.
Product-openshift_container_platformatomic-openshift
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-15379
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-9||CRITICAL
EPSS-1.99% / 78.27%
||
7 Day CHG-0.36%
Published-30 Mar, 2026 | 07:16
Updated-30 Jun, 2026 | 12:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Command Injection in mlflow/mlflow

A command injection vulnerability exists in MLflow's model serving container initialization code, specifically in the `_install_model_dependencies_to_env()` function. When deploying a model with `env_manager=LOCAL`, MLflow reads dependency specifications from the model artifact's `python_env.yaml` file and directly interpolates them into a shell command without sanitization. This allows an attacker to supply a malicious model artifact and achieve arbitrary command execution on systems that deploy the model. The vulnerability affects versions 3.8.0 and is fixed in version 3.8.2.

Action-Not Available
Vendor-lfprojectsmlflowRed Hat, Inc.
Product-mlflowmlflow/mlflowRed Hat OpenShift AI (RHOAI)
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-12548
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-9||CRITICAL
EPSS-1.16% / 63.41%
||
7 Day CHG~0.00%
Published-13 Jan, 2026 | 15:35
Updated-21 Jan, 2026 | 22:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Github.com/che-incubator/che-code: eclipse che — unauthenticated rce and secret exfiltration via tcp/3333

A flaw was found in Eclipse Che che-machine-exec. This vulnerability allows unauthenticated remote arbitrary command execution and secret exfiltration (SSH keys, tokens, etc.) from other users' Developer Workspace containers, via an unauthenticated JSON-RPC / websocket API exposed on TCP port 3333.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat OpenShift Dev Spaces (RHOSDS) 3.23Red Hat OpenShift Dev Spaces (RHOSDS) 3.22Red Hat OpenShift Dev Spaces (RHOSDS) 3.24
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-34078
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-9.3||CRITICAL
EPSS-1.68% / 74.12%
||
7 Day CHG+0.04%
Published-07 Apr, 2026 | 21:27
Updated-30 Jun, 2026 | 12:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Flatpak has a complete sandbox escape leading to host file access and code execution in the host context

Flatpak is a Linux application sandboxing and distribution framework. Prior to 1.16.4, the Flatpak portal accepts paths in the sandbox-expose options which can be app-controlled symlinks pointing at arbitrary paths. Flatpak run mounts the resolved host path in the sandbox. This gives apps access to all host files and can be used as a primitive to gain code execution in the host context. This vulnerability is fixed in 1.16.4.

Action-Not Available
Vendor-flatpakflatpakRed Hat, Inc.
Product-flatpakflatpakRed Hat Enterprise Linux CRB (v. 8)Red Hat Enterprise Linux AppStream EUS (v. 10.0)Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)Red Hat Enterprise Linux AppStream EUS (v.9.6)Red Hat Enterprise Linux AppStream AUS (v.8.6)Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)Red Hat Enterprise Linux 7Red Hat Enterprise Linux AppStream E4S (v.9.4)Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)Red Hat Enterprise Linux AppStream TUS (v.8.8)Red Hat Enterprise Linux AppStream (v. 9)Red Hat Enterprise Linux AppStream (v. 8)Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)Red Hat Enterprise Linux AppStream (v. 10)Red Hat Enterprise Linux AppStream E4S (v.9.2)Red Hat Enterprise Linux AppStream E4S (v.8.8)Red Hat CodeReady Linux Builder EUS (v.9.6)Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.6)Red Hat Enterprise Linux AppStream AUS (v.8.4)
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CWE ID-CWE-61
UNIX Symbolic Link (Symlink) Following
CVE-2026-27140
Matching Score-8
Assigner-Go Project
ShareView Details
Matching Score-8
Assigner-Go Project
CVSS Score-8.8||HIGH
EPSS-0.66% / 47.01%
||
7 Day CHG+0.13%
Published-08 Apr, 2026 | 01:06
Updated-30 Jun, 2026 | 03:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Code execution vulnerability in SWIG code generation in cmd/go

SWIG file names containing 'cgo' and well-crafted payloads could lead to code smuggling and arbitrary code execution at build time due to trust layer bypass.

Action-Not Available
Vendor-Go toolchainGoRed Hat, Inc.
Product-gocmd/goRed Hat Enterprise Linux AppStream EUS (v. 10.0)Red Hat OpenShift Container Platform 4.18Red Hat Enterprise Linux AppStream EUS (v.9.6)Red Hat Enterprise Linux AppStream AUS (v.8.6)Red Hat Enterprise Linux AppStream E4S (v.8.6)Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)Red Hat Hardened ImagesRed Hat Enterprise Linux AppStream TUS (v.8.8)Red Hat Enterprise Linux AppStream (v. 9)Red Hat Enterprise Linux AppStream (v. 8)Red Hat Enterprise Linux AppStream (v. 10)Red Hat Enterprise Linux AppStream E4S (v.9.2)Red Hat OpenShift Container Platform 4Red Hat OpenShift Virtualization 4Red Hat Enterprise Linux AppStream TUS (v.8.6)Red Hat Enterprise Linux AppStream E4S (v.8.8)Red Hat Enterprise Linux AppStream EUS (v.9.4)Red Hat Enterprise Linux 8Red Hat Enterprise Linux AppStream AUS (v.8.4)Red Hat Enterprise Linux AppStream E4S (v.9.0)OpenShift Service Mesh 2OpenShift Service Mesh 3Red Hat OpenShift Container Platform 4.19
CWE ID-CWE-641
Improper Restriction of Names for Files and Other Resources
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-2651
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-9||CRITICAL
EPSS-0.34% / 26.49%
||
7 Day CHG-0.02%
Published-25 May, 2026 | 06:00
Updated-29 Jun, 2026 | 12:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing Authorization Validation in mlflow/mlflow

A vulnerability in MLflow versions <=3.10.1.dev0 allows unauthorized access to multipart upload (MPU) endpoints when the `--serve-artifacts` mode is enabled. The authorization logic does not enforce resource-level permission checks for `/mlflow-artifacts/mpu/*` endpoints, enabling attackers to overwrite artifacts belonging to other users. This can lead to unauthorized cross-user writes, model supply chain poisoning, and arbitrary code execution when compromised models are loaded. The issue is resolved in version 3.10.0.

Action-Not Available
Vendor-lfprojectsmlflowRed Hat, Inc.
Product-mlflowmlflow/mlflowRed Hat OpenShift AI (RHOAI)
CWE ID-CWE-1220
Insufficient Granularity of Access Control
CWE ID-CWE-862
Missing Authorization
CVE-2026-2376
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4.9||MEDIUM
EPSS-0.16% / 5.20%
||
7 Day CHG~0.00%
Published-12 Mar, 2026 | 19:11
Updated-02 Jun, 2026 | 19:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Mirror-registry: quay: quay: server-side request forgery via open redirect vulnerability in web interface

A flaw was found in mirror-registry where an authenticated user can trick the system into accessing unintended internal or restricted systems by providing malicious web addresses. When the application processes these addresses, it automatically follows redirects without verifying the final destination, allowing attackers to route requests to systems they should not have access to.

Action-Not Available
Vendor-Red Hat, Inc.
Product-enterprise_linuxquaymirror_registrymirror registry for Red Hat OpenShiftmirror registry for Red Hat OpenShift 2Red Hat Quay 3
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2020-26232
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-4.1||MEDIUM
EPSS-0.82% / 52.86%
||
7 Day CHG~0.00%
Published-24 Nov, 2020 | 21:10
Updated-04 Aug, 2024 | 15:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Open redirect in Jupyter Server

Jupyter Server before version 1.0.6 has an Open redirect vulnerability. A maliciously crafted link to a jupyter server could redirect the browser to a different website. All jupyter servers are technically affected, however, these maliciously crafted links can only be reasonably made for known jupyter server hosts. A link to your jupyter server may appear safe, but ultimately redirect to a spoofed server on the public internet.

Action-Not Available
Vendor-jupyterjupyter
Product-jupyter_serverjupyter_server
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2026-8948
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-9.1||CRITICAL
EPSS-0.42% / 33.80%
||
7 Day CHG+0.03%
Published-19 May, 2026 | 12:29
Updated-30 Jun, 2026 | 03:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Same-origin policy bypass in the DOM: Networking component

Same-origin policy bypass in the DOM: Networking component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.

Action-Not Available
Vendor-Red Hat, Inc.Mozilla Corporation
Product-firefoxthunderbirdThunderbirdFirefoxRed Hat Enterprise Linux 7Red Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8Red Hat Enterprise Linux 6
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-942
Permissive Cross-domain Policy with Untrusted Domains
CVE-2026-9086
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7.3||HIGH
EPSS-0.42% / 33.75%
||
7 Day CHG+0.01%
Published-25 Jun, 2026 | 16:16
Updated-01 Jul, 2026 | 17:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Keycloak: keycloak: cross-site scripting (xss) via case-insensitive uri validation bypass

A flaw was found in Keycloak. A remote attacker with administrative privileges, specifically those with `manage-client` permission or access to client registration endpoints, could bypass client Uniform Resource Identifier (URI) validation. This is achieved by registering a malicious client with a specially crafted redirect URI using a case-insensitive `javascript:` or `data:` scheme. This Cross-Site Scripting (XSS) vulnerability allows for arbitrary code execution in the Keycloak origin when a victim clicks the crafted link, such as in the logout flow or the Admin Console.

Action-Not Available
Vendor-Red Hat, Inc.
Product-build_of_keycloakRed Hat build of Keycloak 26.4Red Hat build of Keycloak 26.6Red Hat build of Keycloak 26.4.13Red Hat build of Keycloak 26.6.4Red Hat build of Keycloak 26.4Red Hat build of Keycloak 26.6Red Hat build of Keycloak 26.4.13Red Hat build of Keycloak 26.6.4
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-23366
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.43% / 34.28%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 17:41
Updated-01 Jun, 2026 | 17:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Org.jboss.hal:hal-console: wildfly hal console cross-site scripting

A flaw was found in the HAL Console in the Wildfly component, which does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output used as a web page that is served to other users. The attacker must be authenticated as a user that belongs to management groups “SuperUser”, “Admin”, or “Maintainer”.

Action-Not Available
Vendor-Red Hat, Inc.
Product-hal_management_consoleRed Hat JBoss Enterprise Application Platform 8Red Hat JBoss Data Grid 7Red Hat JBoss Enterprise Application Platform Expansion PackRed Hat JBoss Enterprise Application Platform 7
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-8391
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.30% / 21.54%
||
7 Day CHG+0.08%
Published-12 May, 2026 | 12:36
Updated-30 Jun, 2026 | 03:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Other issue in the JavaScript Engine component

Other issue in the JavaScript Engine component. This vulnerability was fixed in Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 140.11, and Thunderbird 140.11.

Action-Not Available
Vendor-Red Hat, Inc.Mozilla Corporation
Product-firefoxThunderbirdFirefoxRed Hat Enterprise Linux AppStream EUS (v. 10.0)Red Hat Enterprise Linux AppStream EUS (v.9.6)Red Hat Enterprise Linux AppStream AUS (v.8.6)Red Hat Enterprise Linux 7Red Hat Enterprise Linux AppStream E4S (v.9.4)Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)Red Hat Enterprise Linux AppStream TUS (v.8.8)Red Hat Enterprise Linux 10Red Hat Enterprise Linux AppStream (v. 9)Red Hat Enterprise Linux AppStream (v. 8)Red Hat Enterprise Linux Server (v. 7 ELS)Red Hat Enterprise Linux 6Red Hat Enterprise Linux AppStream (v. 10)Red Hat Enterprise Linux AppStream E4S (v.9.2)Red Hat Enterprise Linux AppStream E4S (v.8.8)Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.6)Red Hat Enterprise Linux AppStream AUS (v.8.4)
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-475
Undefined Behavior for Input to API
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-6658
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-5.4||MEDIUM
EPSS-0.13% / 3.23%
||
7 Day CHG-0.09%
Published-26 Jun, 2026 | 09:40
Updated-26 Jun, 2026 | 20:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-site Scripting (XSS) in jupyter/nbconvert

A vulnerability in jupyter/nbconvert versions <= 7.17.0 allows for Cross-site Scripting (XSS) via unsanitized `text/vnd.mermaid` output in HTML exports. The `data_mermaid` block in `share/templates/lab/base.html.j2` renders `text/vnd.mermaid` cell output directly into HTML without escaping, enabling attackers to inject arbitrary HTML/JavaScript by breaking out of the `<pre>` tag. This vulnerability impacts any server using nbconvert to render notebooks as HTML, allowing attackers to execute arbitrary JavaScript in the context of users viewing the HTML export.

Action-Not Available
Vendor-jupyter
Product-jupyter/jupyter
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-4137
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-8.1||HIGH
EPSS-1.15% / 62.98%
||
7 Day CHG~0.00%
Published-25 Sep, 2023 | 19:17
Updated-03 Aug, 2024 | 01:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Keycloak: reflected xss attack

A reflected cross-site scripting (XSS) vulnerability was found in the 'oob' OAuth endpoint due to incorrect null-byte handling. This issue allows a malicious link to insert an arbitrary URI into a Keycloak error page. This flaw requires a user or administrator to interact with a link in order to be vulnerable. This may compromise user details, allowing it to be changed or collected by an attacker.

Action-Not Available
Vendor-Red Hat, Inc.
Product-single_sign-onkeycloakenterprise_linuxRed Hat Single Sign-On 7.6 for RHEL 8Red Hat Single Sign-On 7.6 for RHEL 7Red Hat Single Sign-On 7.6 for RHEL 9Red Hat Single Sign-On 7
CWE ID-CWE-81
Improper Neutralization of Script in an Error Message Web Page
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-13761
Matching Score-6
Assigner-GitLab Inc.
ShareView Details
Matching Score-6
Assigner-GitLab Inc.
CVSS Score-8||HIGH
EPSS-0.62% / 45.31%
||
7 Day CHG+0.05%
Published-09 Jan, 2026 | 10:04
Updated-30 Jun, 2026 | 12:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an unauthenticated user to execute arbitrary code in the context of an authenticated user's browser by convincing the legitimate user to visit a specially crafted webpage.

Action-Not Available
Vendor-Red Hat, Inc.GitLab Inc.
Product-gitlabGitLabRed Hat OpenShift Container Platform 4OpenShift Pipelines
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-10044
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.29% / 20.82%
||
7 Day CHG~0.00%
Published-05 Sep, 2025 | 19:59
Updated-19 Dec, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Keycloak: keycloak error_description injection on error pages

A flaw was found in Keycloak. Keycloak’s account console and other pages accept arbitrary text in the error_description query parameter. This text is directly rendered in error pages without validation or sanitization. While HTML encoding prevents XSS, an attacker can craft URLs with misleading messages (e.g., fake support phone numbers or URLs), which are displayed within the trusted Keycloak UI. This creates a phishing vector, potentially tricking users into contacting malicious actors.

Action-Not Available
Vendor-KeycloakRed Hat, Inc.
Product-keycloakRed Hat build of Keycloak 26.0Red Hat build of Keycloak 26.2Red Hat build of Keycloak 26.2.9Red Hat build of Keycloak 26.0.17
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-25640
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-7.1||HIGH
EPSS-0.32% / 24.23%
||
7 Day CHG+0.05%
Published-06 Feb, 2026 | 20:01
Updated-30 Jun, 2026 | 12:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Pydantic AI affected by Stored XSS via Path Traversal in Web UI CDN URL

Pydantic AI is a Python agent framework for building applications and workflows with Generative AI. From 1.34.0 to before 1.51.0, a path traversal vulnerability in the Pydantic AI web UI allows an attacker to serve arbitrary JavaScript in the context of the application by crafting a malicious URL. In affected versions, the CDN URL is constructed using a version query parameter from the request URL. This parameter is not validated, allowing path traversal sequences that cause the server to fetch and serve attacker-controlled HTML/JavaScript from an arbitrary source on the same CDN, instead of the legitimate chat UI package. If a victim clicks the link or visits it via an iframe, attacker-controlled code executes in their browser, enabling theft of chat history and other client-side data. This vulnerability only affects applications that use Agent.to_web to serve a chat interface and clai web to serve a chat interface from the CLI. These are typically run locally (on localhost), but may also be deployed on a remote server. This vulnerability is fixed in 1.51.0.

Action-Not Available
Vendor-pydanticpydanticRed Hat, Inc.
Product-pydantic_aipydantic-aiRed Hat Enterprise Linux AI (RHEL AI) 3
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2011-3344
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-5.4||MEDIUM
EPSS-1.47% / 70.66%
||
7 Day CHG~0.00%
Published-05 Feb, 2014 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Spacewalk: spacewalk: cross-site scripting via uri in lookup login/password form

A flaw was found in Spacewalk. A remote attacker can exploit a cross-site scripting (XSS) vulnerability in the Lookup Login/Password form by injecting arbitrary web script or HTML via the URI. This can lead to information disclosure or unauthorized actions within the user's browser session.

Action-Not Available
Vendor-Red Hat, Inc.
Product-network_satellitespacewalkRed Hat Enterprise Linux 7Red Hat Enterprise Linux 6
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-25896
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-9.3||CRITICAL
EPSS-0.45% / 35.69%
||
7 Day CHG-0.00%
Published-20 Feb, 2026 | 20:57
Updated-02 Jul, 2026 | 12:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
fast-xml-parser has an entity encoding bypass via regex injection in DOCTYPE entity names

fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. From 4.1.3to before 5.3.5, a dot (.) in a DOCTYPE entity name is treated as a regex wildcard during entity replacement, allowing an attacker to shadow built-in XML entities (&lt;, &gt;, &amp;, &quot;, &apos;) with arbitrary values. This bypasses entity encoding and leads to XSS when parsed output is rendered. This vulnerability is fixed in 5.3.5.

Action-Not Available
Vendor-naturalintelligenceNaturalIntelligenceRed Hat, Inc.
Product-fast-xml-parserfast-xml-parserRed Hat Advanced Cluster Security for Kubernetes 4.9Red Hat Developer Hub 1.8Self-service automation portal 2Red Hat Openshift Data Foundation 4Red Hat OpenShift Virtualization 4Red Hat Satellite 6Red Hat OpenShift GitOpsMigration Toolkit for Applications 8Red Hat Developer Hub 1.9Red Hat Advanced Cluster Security for Kubernetes 4.8
CWE ID-CWE-185
Incorrect Regular Expression
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2011-2927
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-5.4||MEDIUM
EPSS-1.47% / 70.66%
||
7 Day CHG~0.00%
Published-05 Feb, 2014 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Spacewalk: spacewalk and red hat network satellite: cross-site scripting vulnerability via search forms

A flaw was found in Spacewalk and Red Hat Network Satellite. This vulnerability, known as cross-site scripting (XSS), allows remote attackers to inject malicious web scripts or HTML into web pages viewed by other users. The flaw is triggered through vectors related to Search forms, enabling attackers to potentially steal sensitive information or perform actions on behalf of the victim.

Action-Not Available
Vendor-Red Hat, Inc.
Product-network_satellitespacewalkRed Hat Enterprise Linux 7Red Hat Enterprise Linux 6
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-3205
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-4.6||MEDIUM
EPSS-0.42% / 33.81%
||
7 Day CHG~0.00%
Published-13 Sep, 2022 | 19:19
Updated-03 Aug, 2024 | 01:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Controller: cross site scripting in automation controller ui

Cross site scripting in automation controller UI in Red Hat Ansible Automation Platform 1.2 and 2.0 where the project name is susceptible to XSS injection

Action-Not Available
Vendor-Red Hat, Inc.
Product-ansible_automation_platformRed Hat Ansible Automation Platform 1.2Red Hat Ansible Automation Platform 2
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-4812
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-4.8||MEDIUM
EPSS-0.27% / 19.05%
||
7 Day CHG~0.00%
Published-05 Jun, 2024 | 15:06
Updated-20 Nov, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Katello: potential cross-site scripting exploit in ui

A flaw was found in the Katello plugin for Foreman, where it is possible to store malicious JavaScript code in the "Description" field of a user. This code can be executed when opening certain pages, for example, Host Collections.

Action-Not Available
Vendor-katello_projectRed Hat, Inc.
Product-satellitekatelloRed Hat Satellite 6
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-14862
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-6.1||MEDIUM
EPSS-1.99% / 78.21%
||
7 Day CHG~0.00%
Published-02 Jan, 2020 | 14:18
Updated-05 Aug, 2024 | 00:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a vulnerability in knockout before version 3.5.0-beta, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it.

Action-Not Available
Vendor-knockoutjsOracle CorporationRed Hat, Inc.
Product-knockoutprocess_automationbusiness_intelligencegoldengatedecision_managerknockout
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-14863
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7.1||HIGH
EPSS-1.38% / 68.83%
||
7 Day CHG~0.00%
Published-02 Jan, 2020 | 14:20
Updated-20 Nov, 2025 | 18:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a vulnerability in all angular versions before 1.5.0-beta.0, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it.

Action-Not Available
Vendor-Red Hat, Inc.AngularJS
Product-angularjsprocess_automationdecision_managerangular:
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-35225
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-9.7||CRITICAL
EPSS-0.44% / 35.48%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 21:45
Updated-10 Apr, 2025 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Jupyter Server Proxy has a reflected XSS issue in host parameter

Jupyter Server Proxy allows users to run arbitrary external processes alongside their notebook server and provide authenticated web access to them. Versions of 3.x prior to 3.2.4 and 4.x prior to 4.2.0 have a reflected cross-site scripting (XSS) issue. The `/proxy` endpoint accepts a `host` path segment in the format `/proxy/<host>`. When this endpoint is called with an invalid `host` value, `jupyter-server-proxy` replies with a response that includes the value of `host`, without sanitization [2]. A third-party actor can leverage this by sending a phishing link with an invalid `host` value containing custom JavaScript to a user. When the user clicks this phishing link, the browser renders the response of `GET /proxy/<host>`, which runs the custom JavaScript contained in `host` set by the actor. As any arbitrary JavaScript can be run after the user clicks on a phishing link, this issue permits extensive access to the user's JupyterLab instance for an actor. Patches are included in versions 4.2.0 and 3.2.4. As a workaround, server operators who are unable to upgrade can disable the `jupyter-server-proxy` extension.

Action-Not Available
Vendor-jupyterjupyterhubjupyterjupyterhub
Product-jupyter_server_proxyjupyter-server-proxyjupyter_server_proxy
CWE ID-CWE-116
Improper Encoding or Escaping of Output
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-15125
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.93% / 56.39%
||
7 Day CHG~0.00%
Published-27 Jul, 2018 | 15:00
Updated-05 Aug, 2024 | 19:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in CloudForms before 5.9.0.22 in the self-service UI snapshot feature where the name field is not properly sanitized for HTML and JavaScript input. An attacker could use this flaw to execute a stored XSS attack on an application administrator using CloudForms. Please note that CSP (Content Security Policy) prevents exploitation of this XSS however not all browsers support CSP.

Action-Not Available
Vendor-Red Hat, Inc.
Product-cloudforms_management_enginecloudforms
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-28233
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-8.1||HIGH
EPSS-0.33% / 24.78%
||
7 Day CHG~0.00%
Published-27 Mar, 2024 | 18:16
Updated-02 Sep, 2025 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
XSS in JupyterHub via Self-XSS leveraged by Cookie Tossing

JupyterHub is an open source multi-user server for Jupyter notebooks. By tricking a user into visiting a malicious subdomain, the attacker can achieve an XSS directly affecting the former's session. More precisely, in the context of JupyterHub, this XSS could achieve full access to JupyterHub API and user's single-user server. The affected configurations are single-origin JupyterHub deployments and JupyterHub deployments with user-controlled applications running on subdomains or peer subdomains of either the Hub or a single-user server. This vulnerability is fixed in 4.1.0.

Action-Not Available
Vendor-jupyterjupyterhubjupyterhub
Product-jupyterhubjupyterhubjupyterhub
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CWE ID-CWE-565
Reliance on Cookies without Validation and Integrity Checking
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-10146
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-4.7||MEDIUM
EPSS-0.66% / 47.09%
||
7 Day CHG~0.00%
Published-18 Mar, 2020 | 14:47
Updated-04 Aug, 2024 | 22:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Reflected Cross Site Scripting flaw was found in all pki-core 10.x.x versions module from the pki-core server due to the CA Agent Service not properly sanitizing the certificate request page. An attacker could inject a specially crafted value that will be executed on the victim's browser.

Action-Not Available
Vendor-dogtagpkiRed Hat, Inc.
Product-enterprise_linuxdogtagpkipki-core
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-10177
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.96% / 57.20%
||
7 Day CHG~0.00%
Published-27 Jun, 2019 | 20:50
Updated-04 Aug, 2024 | 22:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stored cross-site scripting (XSS) vulnerability was found in the PDF export component of CloudForms, versions 5.9 and 5.10, due to user input is not properly sanitized. An attacker with least privilege to edit compute is able to execute a XSS attack against other users, which could lead to malicious code execution and extraction of the anti-CSRF token of higher privileged users.

Action-Not Available
Vendor-Red Hat, Inc.
Product-cloudforms_management_engineCloudForms
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-1438
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-6.4||MEDIUM
EPSS-0.66% / 47.06%
||
7 Day CHG~0.00%
Published-20 Sep, 2023 | 13:34
Updated-24 Sep, 2024 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Keycloak: xss on impersonation under specific circumstances

A flaw was found in Keycloak. Under specific circumstances, HTML entities are not sanitized during user impersonation, resulting in a Cross-site scripting (XSS) vulnerability.

Action-Not Available
Vendor-Red Hat, Inc.
Product-keycloakRed Hat Single Sign-On 7.6 for RHEL 7Red Hat Single Sign-On 7.6 for RHEL 9Red Hat Single Sign-On 7.6 for RHEL 8RHEL-8 based Middleware ContainersRed Hat Single Sign-On 7
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-10215
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-6.1||MEDIUM
EPSS-1.53% / 71.73%
||
7 Day CHG+0.01%
Published-08 Oct, 2019 | 18:44
Updated-04 Aug, 2024 | 22:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Bootstrap-3-Typeahead after version 4.0.2 is vulnerable to a cross-site scripting flaw in the highlighter() function. An attacker could exploit this via user interaction to execute code in the user's browser.

Action-Not Available
Vendor-bootstrap-3-typeahead_projectRed Hat, Inc.
Product-bootstrap-3-typeaheadbootstrap3-typeahead.js
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-22420
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.57% / 42.90%
||
7 Day CHG~0.00%
Published-19 Jan, 2024 | 20:49
Updated-30 May, 2025 | 14:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stored cross site scripting in Markdown Preview in JupyterLab

JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook and Architecture. This vulnerability depends on user interaction by opening a malicious Markdown file using JupyterLab preview feature. A malicious user can access any data that the attacked user has access to as well as perform arbitrary requests acting as the attacked user. JupyterLab version 4.0.11 has been patched. Users are advised to upgrade. Users unable to upgrade should disable the table of contents extension.

Action-Not Available
Vendor-jupyterjupyterlabFedora Project
Product-jupyterlabfedoranotebookjupyterlab
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2016-8608
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-5.4||MEDIUM
EPSS-1.26% / 66.00%
||
7 Day CHG~0.00%
Published-01 Aug, 2018 | 14:00
Updated-06 Aug, 2024 | 02:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

JBoss BRMS 6 and BPM Suite 6 are vulnerable to a stored XSS via business process editor. The flaw is due to an incomplete fix for CVE-2016-5398. Remote, authenticated attackers that have privileges to create business processes can store scripts in them, which are not properly sanitized before showing to other users, including admins.

Action-Not Available
Vendor-Red Hat, Inc.
Product-jboss_bpm_suitejboss_business_rules_management_systemBRMS
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-50556
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-8.6||HIGH
EPSS-0.23% / 13.47%
||
7 Day CHG-0.12%
Published-22 Jun, 2026 | 15:38
Updated-03 Jul, 2026 | 13:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Angular: Missing `<noscript>` Raw-Text Serialization Escaping leads to Cross-Site Scripting (XSS) in Angular SSR

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.16, 20.3.24, and 19.2.25, a Cross-Site Scripting (XSS) vulnerability exists in @angular/platform-server's DOM emulation dependency (domino) when serializing the content of <noscript> elements. When rendering dynamic text content inside a <noscript> element via template bindings (such as {{ value }} or [textContent]), the template engine expects the browser to render the content safely. Under Server-Side Rendering (SSR), domino is configured with scripting enabled, meaning <noscript> is treated as a raw-text element. However, domino's serializer completely omitted <noscript> from the list of raw-text elements requiring closing-tag escaping during DOM serialization. As a result, any occurrence of </noscript> in the bound dynamic text was never escaped under any circumstances. The unescaped closing tag was serialized directly into the output HTML (e.g. <noscript></noscript><script>alert(1)</script></noscript>). When parsed by a browser, it closes the <noscript> block early, allowing the injected <script> block to execute in the user's browser context, causing same-origin Cross-Site Scripting (XSS). This vulnerability is fixed in 22.0.0-rc.2, 21.2.16, 20.3.24, and 19.2.25.

Action-Not Available
Vendor-angularAngularJSRed Hat, Inc.
Product-angularjsangularRed Hat Fuse 7Red Hat Enterprise Linux 8
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-10033
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.38% / 30.04%
||
7 Day CHG~0.00%
Published-16 Oct, 2024 | 16:59
Updated-20 Nov, 2025 | 18:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Aap-gateway: xss on aap-gateway

A vulnerability was found in aap-gateway. A Cross-site Scripting (XSS) vulnerability exists in the gateway component. This flaw allows a malicious user to perform actions that impact users by using the "?next=" in a URL, which can lead to redirecting, injecting malicious script, stealing sessions and data.

Action-Not Available
Vendor-Red Hat, Inc.
Product-enterprise_linuxansible_developeransible_insideansible_automation_platformRed Hat Ansible Automation Platform 2.5 for RHEL 8Red Hat Ansible Automation Platform 2.5 for RHEL 9
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-10234
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.65% / 46.72%
||
7 Day CHG~0.00%
Published-22 Oct, 2024 | 13:17
Updated-11 Nov, 2025 | 16:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Wildfly: wildfly vulnerable to cross-site scripting (xss)

A vulnerability was found in Wildfly, where a user may perform Cross-site scripting in the Wildfly deployment system. This flaw allows an attacker or insider to execute a deployment with a malicious payload, which could trigger undesired behavior against the server.

Action-Not Available
Vendor-Red Hat, Inc.
Product-build_of_keycloakjboss_enterprise_application_platformRed Hat Single Sign-On 7Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8Red Hat JBoss Enterprise Application Platform Expansion PackRed Hat JBoss Enterprise Application Platform 7.4 for RHEL 9Red Hat JBoss Enterprise Application Platform 7.4.23Red Hat Fuse 7Red Hat Single Sign-On 7.6 for RHEL 7Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9Red Hat JBoss Enterprise Application Platform 8RHEL-8 based Middleware ContainersRed Hat Build of KeycloakRed Hat Single Sign-On 7.6 for RHEL 9Red Hat JBoss Data Grid 7Red Hat Single Sign-On 7.6 for RHEL 8
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 214
  • 215
  • Next
Details not found