Common Weakness Enumeration

CWE-116

Allowed-with-Review

Improper Encoding or Escaping of Output

Abstraction: Class · Status: Draft

The product prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.

610 vulnerabilities reference this CWE, most recent first.

CVE-2026-62184 (GCVE-0-2026-62184)

Vulnerability from cvelistv5 – Published: 2026-07-13 21:30 – Updated: 2026-07-14 22:03 X_Open Source
VLAI
Title
luci-app-banip Log Monitor IP Extraction Bypass
Summary
luci-app-banip contains a log parsing vulnerability where the awk-based parser extracts the first IPv4 address from log lines regardless of field position, allowing attackers to inject arbitrary IPs via attacker-controlled fields like usernames. An unauthenticated remote attacker can inject an IP address into the login username field, causing banIP to block the wrong target while the real attacker remains unblocked.
CWE
  • CWE-116 - Improper Encoding or Escaping of Output
Assigner
Impacted products
Vendor Product Version
openwrt luci-app-banip Affected: 0 , ≤ 0.11.1 (semver)
Unaffected: d9bbc372e29618a8807b693a1ccf6d0e42cd196c (git)
Create a notification for this product.
Date Public
2026-06-28 00:00
Credits
lujie (@lujiefsi)
Show details on NVD website

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageURL": "pkg:github/openwrt/luci",
          "product": "luci-app-banip",
          "repo": "https://github.com/openwrt/luci",
          "vendor": "openwrt",
          "versions": [
            {
              "lessThanOrEqual": "0.11.1",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "d9bbc372e29618a8807b693a1ccf6d0e42cd196c",
              "versionType": "git"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "lujie (@lujiefsi)"
        }
      ],
      "datePublic": "2026-06-28T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "luci-app-banip contains a log parsing vulnerability where the awk-based parser extracts the first IPv4 address from log lines regardless of field position, allowing attackers to inject arbitrary IPs via attacker-controlled fields like usernames. An unauthenticated remote attacker can inject an IP address into the login username field, causing banIP to block the wrong target while the real attacker remains unblocked."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-116",
              "description": "Improper Encoding or Escaping of Output",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-14T22:03:46.298Z",
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck"
      },
      "references": [
        {
          "name": "GitHub Security Advisory (GHSA-r6hx-4f83-vp8m)",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://github.com/openwrt/luci/security/advisories/GHSA-r6hx-4f83-vp8m"
        },
        {
          "name": "Patch Commit",
          "tags": [
            "patch"
          ],
          "url": "https://github.com/openwrt/luci/commit/d9bbc372e29618a8807b693a1ccf6d0e42cd196c"
        },
        {
          "name": "VulnCheck Advisory: luci-app-banip Log Monitor IP Extraction Bypass",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.vulncheck.com/advisories/luci-app-banip-log-monitor-ip-extraction-bypass"
        }
      ],
      "tags": [
        "x_open-source"
      ],
      "title": "luci-app-banip Log Monitor IP Extraction Bypass",
      "x_generator": {
        "engine": "vulncheck-endgame"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "cveId": "CVE-2026-62184",
    "datePublished": "2026-07-13T21:30:09.248Z",
    "dateReserved": "2026-07-13T16:36:32.094Z",
    "dateUpdated": "2026-07-14T22:03:46.298Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-59895 (GCVE-0-2026-59895)

Vulnerability from cvelistv5 – Published: 2026-07-08 16:09 – Updated: 2026-07-08 19:41
VLAI
Title
Hono: Server-Side XSS via JSX Escaping Bypass in cx() Utility
Summary
Hono is a Web application framework that provides support for any JavaScript runtime. From 4.0.0 before 4.12.27, cx() in hono/css composes class names from plain strings but marks the result as already escaped without HTML-escaping the input, allowing untrusted className values used in a JSX class attribute during server-side rendering to break out of the attribute and inject arbitrary markup. This issue is fixed in version 4.12.27.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
  • CWE-116 - Improper Encoding or Escaping of Output
Assigner
Impacted products
Vendor Product Version
honojs hono Affected: >= 4.0.0, < 4.12.27
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-59895",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-07-08T17:50:18.277447Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-08T19:41:04.292Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "hono",
          "vendor": "honojs",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 4.0.0, \u003c 4.12.27"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Hono is a Web application framework that provides support for any JavaScript runtime. From 4.0.0 before 4.12.27, cx() in hono/css composes class names from plain strings but marks the result as already escaped without HTML-escaping the input, allowing untrusted className values used in a JSX class attribute during server-side rendering to break out of the attribute and inject arbitrary markup. This issue is fixed in version 4.12.27."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-116",
              "description": "CWE-116: Improper Encoding or Escaping of Output",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-08T16:09:51.273Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/honojs/hono/security/advisories/GHSA-w62v-xxxg-mg59",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/honojs/hono/security/advisories/GHSA-w62v-xxxg-mg59"
        },
        {
          "name": "https://github.com/honojs/hono/commit/cd3f6f7194f0e5c9d4b26ae0cf232018d0f388fc",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/honojs/hono/commit/cd3f6f7194f0e5c9d4b26ae0cf232018d0f388fc"
        },
        {
          "name": "https://github.com/honojs/hono/releases/tag/v4.12.27",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/honojs/hono/releases/tag/v4.12.27"
        }
      ],
      "source": {
        "advisory": "GHSA-w62v-xxxg-mg59",
        "discovery": "UNKNOWN"
      },
      "title": "Hono: Server-Side XSS via JSX Escaping Bypass in cx() Utility"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-59895",
    "datePublished": "2026-07-08T16:09:51.273Z",
    "dateReserved": "2026-07-07T16:40:07.983Z",
    "dateUpdated": "2026-07-08T19:41:04.292Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-59833 (GCVE-0-2026-59833)

Vulnerability from cvelistv5 – Published: 2026-07-09 22:17 – Updated: 2026-07-10 14:17
VLAI
Title
SiYuan: Stored XSS to RCE in SiYuan via a per-attribute URL-scheme sanitizer gap in Lute (form action / SVG xlink:href)
Summary
SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, SiYuan renders note and package content to HTML through the Lute engine with sanitization enabled, but Lute's dangerous javascript scheme block does not check form action or SVG xlink:href attributes, allowing stored cross-site scripting in document export-preview and Bazaar package README render paths that can execute OS commands in the Electron desktop renderer. This issue is fixed in versions 3.7.1.
SSVC
Exploitation: poc Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
  • CWE-94 - Improper Control of Generation of Code ('Code Injection')
  • CWE-116 - Improper Encoding or Escaping of Output
Assigner
Impacted products
Vendor Product Version
siyuan-note siyuan Affected: < 3.7.1
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-59833",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-07-10T14:15:26.840084Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-10T14:17:16.135Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/siyuan-note/siyuan/security/advisories/GHSA-97xv-3v84-h358"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "siyuan",
          "vendor": "siyuan-note",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 3.7.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, SiYuan renders note and package content to HTML through the Lute engine with sanitization enabled, but Lute\u0027s dangerous javascript scheme block does not check form action or SVG xlink:href attributes, allowing stored cross-site scripting in document export-preview and Bazaar package README render paths that can execute OS commands in the Electron desktop renderer. This issue is fixed in versions 3.7.1."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "ACTIVE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-116",
              "description": "CWE-116: Improper Encoding or Escaping of Output",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-09T22:17:05.933Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/siyuan-note/siyuan/security/advisories/GHSA-97xv-3v84-h358",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/siyuan-note/siyuan/security/advisories/GHSA-97xv-3v84-h358"
        },
        {
          "name": "https://github.com/siyuan-note/siyuan/commit/ebe252e61fb93f258d083b9da0fa403679fdf94a",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/siyuan-note/siyuan/commit/ebe252e61fb93f258d083b9da0fa403679fdf94a"
        },
        {
          "name": "https://github.com/siyuan-note/siyuan/releases/tag/v3.7.1",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/siyuan-note/siyuan/releases/tag/v3.7.1"
        }
      ],
      "source": {
        "advisory": "GHSA-97xv-3v84-h358",
        "discovery": "UNKNOWN"
      },
      "title": "SiYuan: Stored XSS to RCE in SiYuan via a per-attribute URL-scheme sanitizer gap in Lute (form action / SVG xlink:href)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-59833",
    "datePublished": "2026-07-09T22:17:05.933Z",
    "dateReserved": "2026-07-07T15:00:50.979Z",
    "dateUpdated": "2026-07-10T14:17:16.135Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-58487 (GCVE-0-2026-58487)

Vulnerability from cvelistv5 – Published: 2026-07-13 21:59 – Updated: 2026-07-13 21:59
VLAI
Title
HedgeDoc: Stored HTML injection via email local-part
Summary
HedgeDoc is an open source, real-time, collaborative, markdown notes application. Prior to version 1.11.0, due to unsafe handling of the local-part of registered email addresses, HedgeDoc was vulnerable to stored HTML Injection through its publish and slide views. An attacker could register a specially crafted email address and inject arbitrary HTML into pages viewed by other users. HedgeDoc accepted RFC 5321 quoted-string local-parts in email addresses during registration. The local-part was then reused as the user's display name without escaping and rendered into HTML in multiple places, including publish and slide views as well as the collaborative editor. An attacker could break out of an HTML attribute and inject arbitrary markup into the page. While the deployed Content-Security-Policy prevented straightforward inline JavaScript execution, the injected HTML was still sufficient to alter page content and embed attacker-controlled resources such as cross-origin iframes. This issue was fixed in version 1.11.0.
CWE
  • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
  • CWE-116 - Improper Encoding or Escaping of Output
Assigner
References
Impacted products
Vendor Product Version
hedgedoc hedgedoc Affected: < 1.11.0
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "cna": {
      "affected": [
        {
          "product": "hedgedoc",
          "vendor": "hedgedoc",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.11.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "HedgeDoc is an open source, real-time, collaborative, markdown notes application. Prior to version 1.11.0, due to unsafe handling of the local-part of registered email addresses, HedgeDoc was vulnerable to stored HTML Injection through its publish and slide views. An attacker could register a specially crafted email address and inject arbitrary HTML into pages viewed by other users. HedgeDoc  accepted RFC 5321 quoted-string local-parts in email addresses during registration. The local-part was then reused as the user\u0027s display name without escaping and rendered into HTML in multiple places, including publish and slide views as well as the collaborative editor. An attacker could break out of an HTML attribute and inject arbitrary markup into the page. While the deployed Content-Security-Policy prevented straightforward inline JavaScript execution, the injected HTML was still sufficient to alter page content and embed attacker-controlled resources such as cross-origin iframes. This issue was fixed in version 1.11.0."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "LOW",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "LOW",
            "userInteraction": "PASSIVE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "LOW"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-116",
              "description": "CWE-116: Improper Encoding or Escaping of Output",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-13T21:59:27.436Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/hedgedoc/hedgedoc/security/advisories/GHSA-6c2w-8w96-3pcv",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/hedgedoc/hedgedoc/security/advisories/GHSA-6c2w-8w96-3pcv"
        }
      ],
      "source": {
        "advisory": "GHSA-6c2w-8w96-3pcv",
        "discovery": "UNKNOWN"
      },
      "title": "HedgeDoc: Stored HTML injection via email local-part"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-58487",
    "datePublished": "2026-07-13T21:59:27.436Z",
    "dateReserved": "2026-06-30T20:21:25.812Z",
    "dateUpdated": "2026-07-13T21:59:27.436Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-56379 (GCVE-0-2026-56379)

Vulnerability from cvelistv5 – Published: 2026-06-23 12:13 – Updated: 2026-07-15 00:42
VLAI
Title
ImageMagick - Command Injection via SVG Decoder
Summary
ImageMagick before 7.1.2-15 and 6.9.13-40 contains a command injection vulnerability in the SVG decoder that allows attackers to inject arbitrary MVG drawing commands. Attackers can craft malicious SVG files with injected Magick Vector Graphics commands that execute during rendering.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-116 - Improper Encoding or Escaping of Output
  • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
Impacted products
Vendor Product Version
ImageMagick ImageMagick Affected: 0 , < 7.1.2-15 (semver)
Unaffected: 7.1.2-15 (semver)
Create a notification for this product.
ImageMagick ImageMagick Affected: 0 , < 6.9.13-40 (semver)
Unaffected: 6.9.13-40 (semver)
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 7 Extended Lifecycle Support Unaffected: 0:6.9.10.68-17.el7_9 , < * (rpm)
    cpe:/o:redhat:rhel_els:7
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
Create a notification for this product.
Date Public
2026-02-23 00:00
Credits
phenggeler
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-56379",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-23T13:58:05.952386Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-23T13:58:13.304Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "affected": [
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/o:redhat:rhel_els:7"
            ],
            "defaultStatus": "affected",
            "packageName": "ImageMagick",
            "product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "0:6.9.10.68-17.el7_9",
                "versionType": "rpm"
              }
            ]
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:6"
            ],
            "defaultStatus": "unknown",
            "packageName": "ImageMagick",
            "product": "Red Hat Enterprise Linux 6",
            "vendor": "Red Hat"
          }
        ],
        "datePublic": "2026-06-23T12:13:05.492Z",
        "descriptions": [
          {
            "lang": "en",
            "value": "A flaw was found in ImageMagick. This command injection vulnerability in the SVG (Scalable Vector Graphics) decoder allows a remote attacker to craft malicious SVG files. When these files are processed, the injected Magick Vector Graphics (MVG) commands can execute, potentially leading to arbitrary code execution on the affected system."
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "namespace": "https://access.redhat.com/security/updates/classification/",
                "value": "Important"
              },
              "type": "Red Hat severity rating"
            }
          },
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.1,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            },
            "format": "CVSS"
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-78",
                "description": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-15T00:42:36.269Z",
          "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
          "shortName": "redhat-SADP"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2026-56379"
          },
          {
            "name": "RHBZ#2491700",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2491700"
          },
          {
            "tags": [
              "x_sadp-csaf-vex"
            ],
            "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-56379.json"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:32961"
          }
        ],
        "solutions": [
          {
            "lang": "en",
            "value": "RHSA-2026:32961: Red Hat Enterprise Linux Server (v. 7 ELS), Red Hat Enterprise Linux Server Optional (v. 7 ELS)"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2026-06-23T13:01:13.843Z",
            "value": "Reported to Red Hat."
          },
          {
            "lang": "en",
            "time": "2026-06-23T12:13:05.492Z",
            "value": "Made public."
          }
        ],
        "title": "ImageMagick: ImageMagick: Arbitrary code execution via SVG decoder command injection",
        "workarounds": [
          {
            "lang": "en",
            "value": "Restrict ImageMagick processing capabilities via policy.xml, disabling the SVG coder and restricting delegates to prevent injection escalation to OS command execution. Enforce mandatory access control (SELinux/AppArmor) combined with seccomp syscall filtering to block execve. For systemd services, enable NoNewPrivileges, ProtectSystem=strict, ProtectHome=true, and PrivateDevices=true."
          }
        ],
        "x_adpType": "supplier",
        "x_generator": {
          "engine": "sadp-cli 1.0.0"
        }
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "ImageMagick",
          "vendor": "ImageMagick",
          "versions": [
            {
              "lessThan": "7.1.2-15",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "7.1.2-15",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "ImageMagick",
          "vendor": "ImageMagick",
          "versions": [
            {
              "lessThan": "6.9.13-40",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "6.9.13-40",
              "versionType": "semver"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "7.1.2-15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.13-40",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "phenggeler"
        }
      ],
      "datePublic": "2026-02-23T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "ImageMagick before 7.1.2-15 and 6.9.13-40 contains a command injection vulnerability in the SVG decoder that allows attackers to inject arbitrary MVG drawing commands. Attackers can craft malicious SVG files with injected Magick Vector Graphics commands that execute during rendering."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "HIGH",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 9.2,
            "baseSeverity": "CRITICAL",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH"
          },
          "format": "CVSS"
        },
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-116",
              "description": "Improper Encoding or Escaping of Output",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-02T14:07:01.497Z",
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck"
      },
      "references": [
        {
          "name": "GitHub Security Advisory (GHSA-xpg8-7m6m-jf56)",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-xpg8-7m6m-jf56"
        },
        {
          "name": "VulnCheck Advisory: ImageMagick - Command Injection via SVG Decoder",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.vulncheck.com/advisories/imagemagick-command-injection-via-svg-decoder"
        }
      ],
      "title": "ImageMagick - Command Injection via SVG Decoder",
      "x_generator": {
        "engine": "vulncheck-endgame"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "cveId": "CVE-2026-56379",
    "datePublished": "2026-06-23T12:13:05.492Z",
    "dateReserved": "2026-06-21T02:05:47.495Z",
    "dateUpdated": "2026-07-15T00:42:36.269Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-55659 (GCVE-0-2026-55659)

Vulnerability from cvelistv5 – Published: 2026-07-10 20:57 – Updated: 2026-07-13 16:01
VLAI
Title
Grist: XSS through unsafe value interpolation in server-rendered pages
Summary
Grist is spreadsheet software using Python as its formula language. Prior to 1.7.15, several server-rendered Grist pages embedded user-controlled values into the page and into inline scripts without fully escaping them, allowing cross-site scripting. On the main application page, a document's name or description, set by a document editor, is rendered into the page that other users load when opening the document. On the OAuth2 end-of-flow page, the openerOrigin request parameter was reflected back into the served page. Injected script runs in the victim's Grist origin and can act through the authenticated session, reading or modifying data and changing sharing settings and access rules. A document editor could therefore escalate to owner-level access. This issue is fixed in version 1.7.15.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
  • CWE-116 - Improper Encoding or Escaping of Output
Assigner
Impacted products
Vendor Product Version
gristlabs grist-core Affected: < 1.7.15
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-55659",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-07-13T16:01:16.076169Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-13T16:01:23.973Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "grist-core",
          "vendor": "gristlabs",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.7.15"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Grist is spreadsheet software using Python as its formula language. Prior to 1.7.15, several server-rendered Grist pages embedded user-controlled values into the page and into inline scripts without fully escaping them, allowing cross-site scripting. On the main application page, a document\u0027s name or description, set by a document editor, is rendered into the page that other users load when opening the document. On the OAuth2 end-of-flow page, the openerOrigin request parameter was reflected back into the served page. Injected script runs in the victim\u0027s Grist origin and can act through the authenticated session, reading or modifying data and changing sharing settings and access rules. A document editor could therefore escalate to owner-level access. This issue is fixed in version 1.7.15."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-116",
              "description": "CWE-116: Improper Encoding or Escaping of Output",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-10T20:57:39.281Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/gristlabs/grist-core/security/advisories/GHSA-6qrq-h2h6-cw54",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/gristlabs/grist-core/security/advisories/GHSA-6qrq-h2h6-cw54"
        },
        {
          "name": "https://github.com/gristlabs/grist-core/commit/4ced8064b7ea0e1763d5a6a2588b22774ce7efbc",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/gristlabs/grist-core/commit/4ced8064b7ea0e1763d5a6a2588b22774ce7efbc"
        },
        {
          "name": "https://github.com/gristlabs/grist-core/releases/tag/v1.7.15",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/gristlabs/grist-core/releases/tag/v1.7.15"
        }
      ],
      "source": {
        "advisory": "GHSA-6qrq-h2h6-cw54",
        "discovery": "UNKNOWN"
      },
      "title": "Grist: XSS through unsafe value interpolation in server-rendered pages"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-55659",
    "datePublished": "2026-07-10T20:57:39.281Z",
    "dateReserved": "2026-06-17T00:05:03.777Z",
    "dateUpdated": "2026-07-13T16:01:23.973Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-55570 (GCVE-0-2026-55570)

Vulnerability from cvelistv5 – Published: 2026-06-24 21:24 – Updated: 2026-06-25 13:49
VLAI
Title
SiYuan: Stored XSS results to Electron RCE in SiYuan marketplace via unescaped `data-obj` attribute (Bypass for CVE-2026-45375's patch)
Summary
SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, it does not escape the untrusted fields (name, version, author, description) when they are serialized into the data-obj HTML attribute of each marketplace card. Because the attribute is single-quoted and the value is produced with JSON.stringify() (which does not escape ', <, or >), a package whose name contains a single quote breaks out of the attribute and injects arbitrary HTML. In the desktop client the main BrowserWindow runs with nodeIntegration: true, contextIsolation: false, so the injected markup escalates from DOM XSS to arbitrary OS command execution. This is the same root cause and same impact as the original advisory, reached through a sibling sink the patch did not cover. This vulnerability is fixed in 3.7.0.
SSVC
Exploitation: poc Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
  • CWE-94 - Improper Control of Generation of Code ('Code Injection')
  • CWE-116 - Improper Encoding or Escaping of Output
Assigner
References
Impacted products
Vendor Product Version
siyuan-note siyuan Affected: < 3.7.0
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-55570",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-25T13:49:21.857553Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-25T13:49:44.646Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/siyuan-note/siyuan/security/advisories/GHSA-x88j-wgpr-h22x"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "siyuan",
          "vendor": "siyuan-note",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 3.7.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, it does not escape the untrusted fields (name, version, author, description) when they are serialized into the data-obj HTML attribute of each marketplace card. Because the attribute is single-quoted and the value is produced with JSON.stringify() (which does not escape \u0027, \u003c, or \u003e), a package whose name contains a single quote breaks out of the attribute and injects arbitrary HTML. In the desktop client the main BrowserWindow runs with nodeIntegration: true, contextIsolation: false, so the injected markup escalates from DOM XSS to arbitrary OS command execution. This is the same root cause and same impact as the original advisory, reached through a sibling sink the patch did not cover.  This vulnerability is fixed in 3.7.0."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-116",
              "description": "CWE-116: Improper Encoding or Escaping of Output",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-24T21:24:21.266Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/siyuan-note/siyuan/security/advisories/GHSA-x88j-wgpr-h22x",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/siyuan-note/siyuan/security/advisories/GHSA-x88j-wgpr-h22x"
        }
      ],
      "source": {
        "advisory": "GHSA-x88j-wgpr-h22x",
        "discovery": "UNKNOWN"
      },
      "title": "SiYuan: Stored XSS results to Electron RCE in SiYuan marketplace via unescaped `data-obj` attribute (Bypass for CVE-2026-45375\u0027s patch)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-55570",
    "datePublished": "2026-06-24T21:24:21.266Z",
    "dateReserved": "2026-06-16T23:11:20.214Z",
    "dateUpdated": "2026-06-25T13:49:44.646Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-54893 (GCVE-0-2026-54893)

Vulnerability from cvelistv5 – Published: 2026-07-06 14:04 – Updated: 2026-07-07 04:32
VLAI
Title
Email-derived URL path injection in the Swoosh Microsoft Graph adapter
Summary
URL path injection in the Microsoft Graph adapter of Swoosh. Swoosh.Adapters.MsGraph builds its Microsoft Graph API request URL by interpolating the sender's email address into the URL path (/users/{from}/sendMail) without percent-encoding or validation. In applications that derive the from address from untrusted or user-influenced input (for example a relay, a contact form, or a "send as" feature), an attacker can place URL-special characters such as /, ?, or # in the local part of the address to escape the intended path segment and rewrite the path and query string of the request. Because the same authenticated POST is sent with the application's Microsoft Graph bearer token, the attacker can redirect it to other Graph endpoints within the token's scopes and control the request's query string. Applications that always use a fixed, trusted from address are not affected. This issue affects swoosh from 1.12.0 before 1.26.3.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-116 - Improper Encoding or Escaping of Output
Assigner
EEF
Impacted products
Vendor Product Version
swoosh swoosh Affected: 1.12.0 , < 1.26.3 (semver)
    cpe:2.3:a:swoosh:swoosh:*:*:*:*:*:*:*:*
Create a notification for this product.
swoosh swoosh Affected: 23bfcdab71aee4613858ba6d116bb3311b72aa58 , < e38235453e81d1727bfc8d91e69ec4cb211ccf61 (git)
    cpe:2.3:a:swoosh:swoosh:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
Peter Ullrich Po Chen Jonatan Männchen
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-54893",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-07-06T15:36:04.140981Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-06T15:36:16.097Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://repo.hex.pm",
          "cpes": [
            "cpe:2.3:a:swoosh:swoosh:*:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "modules": [
            "\u0027Elixir.Swoosh.Adapters.MsGraph\u0027"
          ],
          "packageName": "swoosh",
          "packageURL": "pkg:hex/swoosh",
          "product": "swoosh",
          "programFiles": [
            "lib/swoosh/adapters/ms_graph.ex"
          ],
          "programRoutines": [
            {
              "name": "\u0027Elixir.Swoosh.Adapters.MsGraph\u0027:deliver/2"
            },
            {
              "name": "\u0027Elixir.Swoosh.Adapters.MsGraph\u0027:api_endpoint_url/2"
            }
          ],
          "repo": "https://github.com/swoosh/swoosh",
          "vendor": "swoosh",
          "versions": [
            {
              "lessThan": "1.26.3",
              "status": "affected",
              "version": "1.12.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://github.com",
          "cpes": [
            "cpe:2.3:a:swoosh:swoosh:*:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "modules": [
            "\u0027Elixir.Swoosh.Adapters.MsGraph\u0027"
          ],
          "packageName": "swoosh/swoosh",
          "packageURL": "pkg:github/swoosh/swoosh",
          "product": "swoosh",
          "programFiles": [
            "lib/swoosh/adapters/ms_graph.ex"
          ],
          "programRoutines": [
            {
              "name": "\u0027Elixir.Swoosh.Adapters.MsGraph\u0027:deliver/2"
            },
            {
              "name": "\u0027Elixir.Swoosh.Adapters.MsGraph\u0027:api_endpoint_url/2"
            }
          ],
          "repo": "https://github.com/swoosh/swoosh",
          "vendor": "swoosh",
          "versions": [
            {
              "lessThan": "e38235453e81d1727bfc8d91e69ec4cb211ccf61",
              "status": "affected",
              "version": "23bfcdab71aee4613858ba6d116bb3311b72aa58",
              "versionType": "git"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThis vulnerability only affects applications that use \u003ctt\u003eSwoosh.Adapters.MsGraph\u003c/tt\u003e and derive the email \u003ctt\u003efrom\u003c/tt\u003e address from untrusted or user-influenced input (for example a relay, a contact form, or a \"send as\" feature). Applications that always send with a fixed, trusted \u003ctt\u003efrom\u003c/tt\u003e address are not affected.\u003c/p\u003e"
            }
          ],
          "value": "This vulnerability only affects applications that use Swoosh.Adapters.MsGraph and derive the email \"from\" address from untrusted or user-influenced input (for example a relay, a contact form, or a \"send as\" feature). Applications that always send with a fixed, trusted \"from\" address are not affected."
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:swoosh:swoosh:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.26.3",
                  "versionStartIncluding": "1.12.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Peter Ullrich"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Po Chen"
        },
        {
          "lang": "en",
          "type": "analyst",
          "value": "Jonatan M\u00e4nnchen"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eURL path injection in the Microsoft Graph adapter of Swoosh. \u003ctt\u003eSwoosh.Adapters.MsGraph\u003c/tt\u003e builds its Microsoft Graph API request URL by interpolating the sender\u0027s email address into the URL path (\u003ctt\u003e/users/{from}/sendMail\u003c/tt\u003e) without percent-encoding or validation.\u003c/p\u003e\u003cp\u003eIn applications that derive the \u003ctt\u003efrom\u003c/tt\u003e address from untrusted or user-influenced input (for example a relay, a contact form, or a \"send as\" feature), an attacker can place URL-special characters such as \u003ctt\u003e/\u003c/tt\u003e, \u003ctt\u003e?\u003c/tt\u003e, or \u003ctt\u003e#\u003c/tt\u003e in the local part of the address to escape the intended path segment and rewrite the path and query string of the request. Because the same authenticated \u003ctt\u003ePOST\u003c/tt\u003e is sent with the application\u0027s Microsoft Graph bearer token, the attacker can redirect it to other Graph endpoints within the token\u0027s scopes and control the request\u0027s query string. Applications that always use a fixed, trusted \u003ctt\u003efrom\u003c/tt\u003e address are not affected.\u003c/p\u003e\u003cp\u003eThis issue affects swoosh from 1.12.0 before 1.26.3.\u003c/p\u003e"
            }
          ],
          "value": "URL path injection in the Microsoft Graph adapter of Swoosh. Swoosh.Adapters.MsGraph builds its Microsoft Graph API request URL by interpolating the sender\u0027s email address into the URL path (/users/{from}/sendMail) without percent-encoding or validation.\n\nIn applications that derive the from address from untrusted or user-influenced input (for example a relay, a contact form, or a \"send as\" feature), an attacker can place URL-special characters such as /, ?, or # in the local part of the address to escape the intended path segment and rewrite the path and query string of the request. Because the same authenticated POST is sent with the application\u0027s Microsoft Graph bearer token, the attacker can redirect it to other Graph endpoints within the token\u0027s scopes and control the request\u0027s query string. Applications that always use a fixed, trusted from address are not affected.\n\nThis issue affects swoosh from 1.12.0 before 1.26.3."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-664",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-664 Server Side Request Forgery"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "LOCAL",
            "baseScore": 2.1,
            "baseSeverity": "LOW",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "LOW",
            "subIntegrityImpact": "LOW",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "LOW"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-116",
              "description": "CWE-116 Improper Encoding or Escaping of Output",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-07T04:32:26.465Z",
        "orgId": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db",
        "shortName": "EEF"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory",
            "related"
          ],
          "url": "https://github.com/swoosh/swoosh/security/advisories/GHSA-754j-98wh-57rf"
        },
        {
          "tags": [
            "related"
          ],
          "url": "https://cna.erlef.org/cves/CVE-2026-54893.html"
        },
        {
          "tags": [
            "related"
          ],
          "url": "https://osv.dev/vulnerability/EEF-CVE-2026-54893"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/swoosh/swoosh/commit/e38235453e81d1727bfc8d91e69ec4cb211ccf61"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Email-derived URL path injection in the Swoosh Microsoft Graph adapter",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eValidate or reject sender addresses that contain characters outside the allowed RFC 5321 set (in particular \u003ctt\u003e/\u003c/tt\u003e, \u003ctt\u003e?\u003c/tt\u003e, \u003ctt\u003e#\u003c/tt\u003e, and \u003ctt\u003e..\u003c/tt\u003e) before passing the email to the adapter. Alternatively, set a static \u003ctt\u003e:url\u003c/tt\u003e in the adapter configuration, which bypasses interpolation of the \u003ctt\u003efrom\u003c/tt\u003e address into the request path.\u003c/p\u003e"
            }
          ],
          "value": "Validate or reject sender addresses that contain characters outside the allowed RFC 5321 set (in particular /, ?, #, and ..) before passing the email to the adapter. Alternatively, set a static :url in the adapter configuration, which bypasses interpolation of the from address into the request path."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db",
    "assignerShortName": "EEF",
    "cveId": "CVE-2026-54893",
    "datePublished": "2026-07-06T14:04:16.486Z",
    "dateReserved": "2026-06-16T10:47:13.915Z",
    "dateUpdated": "2026-07-07T04:32:26.465Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-54699 (GCVE-0-2026-54699)

Vulnerability from cvelistv5 – Published: 2026-06-24 17:26 – Updated: 2026-06-25 13:18
VLAI
Title
Warp: OS command injection when opening terminal links from WSL
Summary
Warp is an agentic development environment. From 0.2024.03.12.08.02.stable_01 until 0.2026.05.06.15.42.stable_01, Warp contains an OS command injection vulnerability in the WSL URL-opening fallback. When Warp is running under WSL and cannot open a URL through wslview, it falls back to a Windows command processor path. A URL controlled through terminal output can reach that fallback when the user opens the link. This vulnerability is fixed in 0.2026.05.06.15.42.stable_01.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
  • CWE-116 - Improper Encoding or Escaping of Output
Assigner
References
Impacted products
Vendor Product Version
warpdotdev warp Affected: >= 0.2024.03.12.08.02.stable_01, < 0.2026.05.13.09.15.stable_01
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-54699",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-25T13:18:26.007037Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-25T13:18:33.202Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "warp",
          "vendor": "warpdotdev",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 0.2024.03.12.08.02.stable_01, \u003c 0.2026.05.13.09.15.stable_01"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Warp is an agentic development environment. From 0.2024.03.12.08.02.stable_01 until 0.2026.05.06.15.42.stable_01, Warp contains an OS command injection vulnerability in the WSL URL-opening fallback. When Warp is running under WSL and cannot open a URL through wslview, it falls back to a Windows command processor path. A URL controlled through terminal output can reach that fallback when the user opens the link. This vulnerability is fixed in 0.2026.05.06.15.42.stable_01."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-116",
              "description": "CWE-116: Improper Encoding or Escaping of Output",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-24T17:26:57.170Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/warpdotdev/warp/security/advisories/GHSA-xmw3-wj6r-48m4",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/warpdotdev/warp/security/advisories/GHSA-xmw3-wj6r-48m4"
        },
        {
          "name": "https://github.com/warpdotdev/warp/commit/c66cff48afba73bb1f26f82e5d524018bacb748e",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/warpdotdev/warp/commit/c66cff48afba73bb1f26f82e5d524018bacb748e"
        }
      ],
      "source": {
        "advisory": "GHSA-xmw3-wj6r-48m4",
        "discovery": "UNKNOWN"
      },
      "title": "Warp: OS command injection when opening terminal links from WSL"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-54699",
    "datePublished": "2026-06-24T17:26:57.170Z",
    "dateReserved": "2026-06-15T22:58:06.562Z",
    "dateUpdated": "2026-06-25T13:18:33.202Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-54287 (GCVE-0-2026-54287)

Vulnerability from cvelistv5 – Published: 2026-06-22 17:13 – Updated: 2026-06-22 17:36
VLAI
Title
Hono: AWS Lambda adapter merges multiple `Set-Cookie` headers into one value, dropping cookies on ALB single-header and Lattice
Summary
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.25, on AWS Lambda, the ALB single-header response and the VPC Lattice v2 response join multiple Set-Cookie headers into one comma-separated value. Because commas also appear inside cookie attributes (for example Expires dates), clients cannot split the value back into individual cookies and silently drop or misparse them. This vulnerability is fixed in 4.12.25.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-116 - Improper Encoding or Escaping of Output
Assigner
References
Impacted products
Vendor Product Version
honojs hono Affected: < 4.12.25
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-54287",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-22T17:36:53.535644Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-22T17:36:59.514Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "hono",
          "vendor": "honojs",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 4.12.25"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.25, on AWS Lambda, the ALB single-header response and the VPC Lattice v2 response join multiple Set-Cookie headers into one comma-separated value. Because commas also appear inside cookie attributes (for example Expires dates), clients cannot split the value back into individual cookies and silently drop or misparse them. This vulnerability is fixed in 4.12.25."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-116",
              "description": "CWE-116: Improper Encoding or Escaping of Output",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-22T17:13:14.947Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/honojs/hono/security/advisories/GHSA-j6c9-x7qj-28xf",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/honojs/hono/security/advisories/GHSA-j6c9-x7qj-28xf"
        }
      ],
      "source": {
        "advisory": "GHSA-j6c9-x7qj-28xf",
        "discovery": "UNKNOWN"
      },
      "title": "Hono: AWS Lambda adapter merges multiple `Set-Cookie` headers into one value, dropping cookies on ALB single-header and Lattice"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-54287",
    "datePublished": "2026-06-22T17:13:14.947Z",
    "dateReserved": "2026-06-12T17:46:37.292Z",
    "dateUpdated": "2026-06-22T17:36:59.514Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Mitigation MIT-4.3
Architecture and Design

Strategy: Libraries or Frameworks

  • Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
  • For example, consider using the ESAPI Encoding control [REF-45] or a similar tool, library, or framework. These will help the programmer encode outputs in a manner less prone to error.
  • Alternately, use built-in functions, but consider using wrappers in case those functions are discovered to have a vulnerability.
Mitigation MIT-27
Architecture and Design

Strategy: Parameterization

  • If available, use structured mechanisms that automatically enforce the separation between data and code. These mechanisms may be able to provide the relevant quoting, encoding, and validation automatically, instead of relying on the developer to provide this capability at every point where output is generated.
  • For example, stored procedures can enforce database query structure and reduce the likelihood of SQL injection.
Mitigation
Architecture and Design Implementation

Understand the context in which your data will be used and the encoding that will be expected. This is especially important when transmitting data between different components, or when generating outputs that can contain multiple encodings at the same time, such as web pages or multi-part mail messages. Study all expected communication protocols and data representations to determine the required encoding strategies.

Mitigation
Architecture and Design

In some cases, input validation may be an important strategy when output encoding is not a complete solution. For example, you may be providing the same output that will be processed by multiple consumers that use different encodings or representations. In other cases, you may be required to allow user-supplied input to contain control information, such as limited HTML tags that support formatting in a wiki or bulletin board. When this type of requirement must be met, use an extremely strict allowlist to limit which control sequences can be used. Verify that the resulting syntactic structure is what you expect. Use your normal encoding methods for the remainder of the input.

Mitigation
Architecture and Design

Use input validation as a defense-in-depth measure to reduce the likelihood of output encoding errors (see CWE-20).

Mitigation
Requirements

Fully specify which encodings are required by components that will be communicating with each other.

Mitigation
Implementation

When exchanging data between components, ensure that both components are using the same character encoding. Ensure that the proper encoding is applied at each interface. Explicitly set the encoding you are using whenever the protocol allows you to do so.

CAPEC-104: Cross Zone Scripting

An attacker is able to cause a victim to load content into their web-browser that bypasses security zone controls and gain access to increased privileges to execute scripting code or other web objects such as unsigned ActiveX controls or applets. This is a privilege elevation attack targeted at zone-based web-browser security.

CAPEC-73: User-Controlled Filename

An attack of this type involves an adversary inserting malicious characters (such as a XSS redirection) into a filename, directly or indirectly that is then used by the target software to generate HTML text or other potentially executable content. Many websites rely on user-generated content and dynamically build resources like files, filenames, and URL links directly from user supplied data. In this attack pattern, the attacker uploads code that can execute in the client browser and/or redirect the client browser to a site that the attacker owns. All XSS attack payload variants can be used to pass and exploit these vulnerabilities.

CAPEC-81: Web Server Logs Tampering

Web Logs Tampering attacks involve an attacker injecting, deleting or otherwise tampering with the contents of web logs typically for the purposes of masking other malicious behavior. Additionally, writing malicious data to log files may target jobs, filters, reports, and other agents that process the logs in an asynchronous attack pattern. This pattern of attack is similar to "Log Injection-Tampering-Forging" except that in this case, the attack is targeting the logs of the web server and not the application.

CAPEC-85: AJAX Footprinting

This attack utilizes the frequent client-server roundtrips in Ajax conversation to scan a system. While Ajax does not open up new vulnerabilities per se, it does optimize them from an attacker point of view. A common first step for an attacker is to footprint the target environment to understand what attacks will work. Since footprinting relies on enumeration, the conversational pattern of rapid, multiple requests and responses that are typical in Ajax applications enable an attacker to look for many vulnerabilities, well-known ports, network locations and so on. The knowledge gained through Ajax fingerprinting can be used to support other attacks, such as XSS.