Cross-Site Scripting Archives • Daily CyberSecurity

Multiple Security Flaws Fixed in Major Framework Release CVE-2024-22257 Spring security vulnerabilities, cross-site scripting, CVE-2026-41003, CVE-2026-40999, CVE-2026-40998

CVE-2024-22257 Spring security vulnerabilities, cross-site scripting, CVE-2026-41003, CVE-2026-40999, CVE-2026-40998

Multiple Security Flaws Fixed in Major Framework Release

Do Son June 12, 2026

The development groups responsible for maintaining the Java application ecosystem deployed critical updates. Several new patches fix...

Important Security Flaw Patched in Apache ECharts Library Apache ECharts XSS vulnerability

Important Security Flaw Patched in Apache ECharts Library

Do Son May 26, 2026

Apache ECharts is a free, powerful JavaScript charting and visualization library that developers use globally. Recently, security...

Critical PrestaShop Flaw Allows Hijacking via “Contact Us” Form PrestaShop XSS Vulnerability CVE-2026-44212

Critical PrestaShop Flaw Allows Hijacking via “Contact Us” Form

Do Son May 12, 2026

PrestaShop, the global open-source e-commerce powerhouse known for its highly customizable PHP architecture and responsive design, has...

Invisible Ink: Critical 9.6 CVSS jsPDF Flaw Turns Generated Documents into XSS Traps

Do Son March 19, 2026

A critical-severity vulnerability has been identified in jsPDF, the popular JavaScript library used by developers worldwide to...

High-Severity Angular XSS Flaw Bypasses Built-In Sanitization Angular hostname hijacking vulnerability Angular SSRF Origin Hijacking Angular XSS Vulnerability CVE-2026-32635 Angular i18n XSS CVE-2026-27970 Angular SSR SSRF CVE-2026-27739 Angular Vulnerability CVE-2026-22610 CVE-2025-59052 Angular security Angular XSS Bypass, SVG Injection

Angular hostname hijacking vulnerability Angular SSRF Origin Hijacking Angular XSS Vulnerability CVE-2026-32635 Angular i18n XSS CVE-2026-27970 Angular SSR SSRF CVE-2026-27739 Angular Vulnerability CVE-2026-22610 CVE-2025-59052 Angular security Angular XSS Bypass, SVG Injection

High-Severity Angular XSS Flaw Bypasses Built-In Sanitization

Do Son March 17, 2026

A significant security vulnerability has been unearthed in the Angular runtime and compiler, potentially exposing thousands of...

Industrial Alert: Critical Stored XSS Vulnerability Discovered in Siemens SIMATIC S7-1500 Siemens SIMATIC Vulnerability CVE-2025-40943 CVE-2024-47901 - Siemens InterMesh system CVE-2025-40804 Siemens SIVaaS

Siemens SIMATIC Vulnerability CVE-2025-40943 CVE-2024-47901 - Siemens InterMesh system CVE-2025-40804 Siemens SIVaaS

Industrial Alert: Critical Stored XSS Vulnerability Discovered in Siemens SIMATIC S7-1500

Do Son March 11, 2026

A high-severity security flaw has been uncovered in the Siemens SIMATIC S7-1500 CPU family, a cornerstone of...

Critical 9.3 CVSS Flaw in SiYuan Lets Hackers Steal Private Notes via SVG Injection SiYuan XSS Vulnerability CVE-2026-29183

Critical 9.3 CVSS Flaw in SiYuan Lets Hackers Steal Private Notes via SVG Injection

Do Son March 9, 2026

Security researchers have disclosed a high-severity vulnerability in SiYuan, the popular privacy-first personal knowledge management system. The...

1-Click to Compromise: Critical 9.3 CVSS Flaw in ZITADEL Exposes Accounts to Full Takeover ZITADEL Vulnerability CVE-2026-29191 CVE-2025-27507 ZITADEL SSRF, Login UI Hijack

ZITADEL Vulnerability CVE-2026-29191 CVE-2025-27507 ZITADEL SSRF, Login UI Hijack

1-Click to Compromise: Critical 9.3 CVSS Flaw in ZITADEL Exposes Accounts to Full Takeover

Do Son March 9, 2026

Security researchers have disclosed a high-severity vulnerability in ZITADEL, the popular open-source identity and access management (IAM)...

High-Severity XSS Flaw in Angular i18n Turns Language Files into Backdoors Angular hostname hijacking vulnerability Angular SSRF Origin Hijacking Angular XSS Vulnerability CVE-2026-32635 Angular i18n XSS CVE-2026-27970 Angular SSR SSRF CVE-2026-27739 Angular Vulnerability CVE-2026-22610 CVE-2025-59052 Angular security Angular XSS Bypass, SVG Injection

High-Severity XSS Flaw in Angular i18n Turns Language Files into Backdoors

Do Son March 3, 2026

A newly security flaw was found in the widely used Angular web building platform. Identified as CVE-2026-27970...

Death of the XSS Bug? Firefox 148 Debuts the Sanitizer API to Neutralize Malicious Scripts Sanitizer API Firefox 148 Security Firefox WebRTC Vulnerability CVE-2025-14321 PoC Firefox VPN Feature, Browser-Only VPN Firefox Add-ons Rollback Firefox Encryption Firefox MKV support Firefox ESR, Windows 7

Sanitizer API Firefox 148 Security Firefox WebRTC Vulnerability CVE-2025-14321 PoC Firefox VPN Feature, Browser-Only VPN Firefox Add-ons Rollback Firefox Encryption Firefox MKV support Firefox ESR, Windows 7

Death of the XSS Bug? Firefox 148 Debuts the Sanitizer API to Neutralize Malicious Scripts

Do Son February 25, 2026

Cross-site scripting (XSS) has haunted web developers for decades, consistently ranking as one of the most pervasive...

shell-quote command injection AI-Driven Vulnerabilities Q1 2026 Cyber Threats vm2 Sandbox Escape Node.js RCE upKeeper Privilege Escalation CVE-2026-2449 Pharos Controls Vulnerability Root Access Exploit Cybersecurity Vulnerability Roundup CVSS 10.0 Flaws Shadow Archives CVE-2026-0866 MS-Agent Prompt Injection CVE-2026-2256 basic-ftp Path Traversal CVE-2026-27699 telnetd Root Vulnerability CVE-1999-0073 Regression USR-W610 Vulnerabilities End-of-Life IoT Security IceWarp Security Update IceWarp Vulnerabilities Airleader Master Vulnerability CVE-2026-1358 ZLAN5143D Vulnerability CISA ICS Advisory Acronis Cyber Protect Vulnerability CVE-2025-30411 WAGO 852 Vulnerability OT Network Security SandboxJS Vulnerability Sandbox Escape (CVSS 10.0) Kubernetes Local Path Provisioner CVE-2025-62878 CISA Unresponsive Vendors Avation & RISS Vulnerabilities KiloView Vulnerability CVE-2026-1453 OpenClaw RCE vulnerability Johnson Controls Vulnerability CVE-2025-26385 SandboxJS Vulnerability CVE-2026-23830 ibaPDA Vulnerability CVE-2025-14988 Protobuf Vulnerability CVE-2026-0994 AVEVA Process Optimization Vulnerability CVE-2025-61937 ConnectWise PSA Vulnerability CVE-2026-0695 Aruba VIA Vulnerability CVE-2025-37186 aiohttp v3.13.3, Denial of Service (DoS) SmarterMail RCE, CVE-2025-52691 Airoha RACE, Headphone Jacking HPE OneView RCE CVE-2025-37164 FreePBX Auth Bypass, PBX Takeover ScreenConnect Config Flaw, Untrusted Extensions Ruby SAML Auth Bypass, XML Parser Differential Devolutions SQL Injection, Password Manager Flaw Vivotek Unauthenticated RCE, EOL IP Camera Flaw Lynx+ Critical Flaw, Unauthenticated Reset Firebox Default Credentials, CVE-2025-59396 Veeder-Root RCE, Critical ATG Flaw ArcGIS Server SQLi Watchdoc RCE, CVE-2025-58384 Delta DIALink Daikin Security Gateway, authentication bypass Frostbyte10, industrial controller security SunPower, vulnerability Ubiquiti UniFi Connect, EV Station Vulnerabilities Adobe Experience Manager, RCE Vulnerability UniFi Access, Command Injection LDAPNightmare - CVE-2025-1316

Total Takeover Threat: Critical IceWarp Flaws Trigger Emergency Server Patches

Do Son February 23, 2026

Enterprise email and collaboration platform IceWarp has issued a high-alert security update, urging its on-premises customers to...

CI/CD at Risk: High-Severity Jenkins XSS Flaw Exposes Build Environments Jenkins Security Update CVE-2026-27099 Jenkins security - CVE-2023-35141 Jenkins plugins, CVE-2025-47884

Jenkins Security Update CVE-2026-27099 Jenkins security - CVE-2023-35141 Jenkins plugins, CVE-2025-47884

CI/CD at Risk: High-Severity Jenkins XSS Flaw Exposes Build Environments

Do Son February 19, 2026

Maintainers of Jenkins, the world’s leading open-source automation server, have issued critical security updates to address two...

Critical OpenCode Flaws Let Websites Hijack Your PC OpenCode Vulnerability CVE-2026-22813

Critical OpenCode Flaws Let Websites Hijack Your PC

Do Son January 14, 2026

Two vulnerabilities were found in the open-source OpenCode agent that let attackers write malicious code directly onto...

Visualizations Weaponized: New Kibana Flaw Allows XSS Attacks via Vega Charts Kibana Vega XSS, Elastic Stack Security CVE-2024-37287 - Kibana security update

Kibana Vega XSS, Elastic Stack Security CVE-2024-37287 - Kibana security update

Visualizations Weaponized: New Kibana Flaw Allows XSS Attacks via Vega Charts

Do Son December 19, 2025

Elastic has issued important security updates for Kibana, the popular data visualization dashboard for the Elastic Stack,...

Roundcube Alert: High-Severity SVG XSS and CSS Sanitizer Flaws Threaten Webmail Privacy Roundcube SVG XSS, HTML Style Sanitizer Roundcube Phishing Roundcube webmail vulnerability

Roundcube SVG XSS, HTML Style Sanitizer Roundcube Phishing Roundcube webmail vulnerability

Roundcube Alert: High-Severity SVG XSS and CSS Sanitizer Flaws Threaten Webmail Privacy

Do Son December 19, 2025

The maintainers of Roundcube Webmail, one of the world’s most widely used open-source email solutions, have issued...

High-Severity Angular Flaw (CVE-2025-66412) Allows Stored XSS via SVG and MathML Bypass Angular hostname hijacking vulnerability Angular SSRF Origin Hijacking Angular XSS Vulnerability CVE-2026-32635 Angular i18n XSS CVE-2026-27970 Angular SSR SSRF CVE-2026-27739 Angular Vulnerability CVE-2026-22610 CVE-2025-59052 Angular security Angular XSS Bypass, SVG Injection

High-Severity Angular Flaw (CVE-2025-66412) Allows Stored XSS via SVG and MathML Bypass

Do Son December 3, 2025

The maintainers of Angular, the popular platform for building mobile and desktop web applications, have released an...

GitLab Update: High-Severity XSS & Data Exposure Flaws Patched GitLab Security Update CVE-2025-7659 CVE-2024-5655 GitLab Vulnerabilities, XSS & Data Exposure

GitLab Security Update CVE-2025-7659 CVE-2024-5655 GitLab Vulnerabilities, XSS & Data Exposure

GitLab Update: High-Severity XSS & Data Exposure Flaws Patched

Do Son July 23, 2025

GitLab has released security updates for Community Edition (CE) and Enterprise Edition (EE), fixing multiple vulnerabilities—including high-severity...

Grafana Patches XSS (CVE-2025-6023) and Open Redirect (CVE-2025-6197) Flaws in Recent Security Release Grafana SCIM Flaw CVE-2025-41115 Grafana Vulnerabilities, XSS Flaw Grafana security alert, XSS patch

Grafana Patches XSS (CVE-2025-6023) and Open Redirect (CVE-2025-6197) Flaws in Recent Security Release

Do Son July 18, 2025

Grafana Labs has released important security patches for multiple versions of its observability platform, addressing two significant...

Zoom Patches 6 Flaws: DoS, Info Disclosure & XSS Across All Platforms Zoom Security, Vulnerabilities CVE-2023-34120 Zoom outage, domain error

Zoom Patches 6 Flaws: DoS, Info Disclosure & XSS Across All Platforms

Do Son July 9, 2025

Zoom has rolled out a security update patching six newly disclosed vulnerabilities affecting its Workplace, Rooms, and...

Security Flaws in Frappe Framework Expose Self-Hosted ERPNext Users to Takeovers, XSS, and SQL Injection Frappe Framework, Critical Vulnerabilities

Frappe Framework, Critical Vulnerabilities

Security Flaws in Frappe Framework Expose Self-Hosted ERPNext Users to Takeovers, XSS, and SQL Injection

Do Son July 2, 2025

The Frappe Framework, a widely used full-stack application platform that powers ERPNext, has been found vulnerable to...

Critical Alert 1 Active Exploit Detected Today