VYPR

CWE-87

Improper Neutralization of Alternate XSS Syntax

VariantDraft

Description

The product does not neutralize or incorrectly neutralizes user-controlled input for alternate script syntax.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-199

CVEs mapped to this weakness (43)

page 1 of 3
  • CVE-2026-42235CriMay 4, 2026
    risk 0.62cvss 9.6epss 0.00

    n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an unauthenticated attacker could register a malicious MCP OAuth client with a crafted client_name. If a victim user authorized the OAuth consent dialog and a second user…

  • CVE-2025-54369CriJul 24, 2025
    risk 0.53cvss epss 0.00

    Node-SAML is a SAML library not dependent on any frameworks that runs in Node. In versions 5.0.1 and below, Node-SAML loads the assertion from the (unsigned) original response document. This is different than the parts that are verified when checking signature. This allows an…

  • CVE-2026-33510HigApr 6, 2026
    risk 0.50cvss 8.8epss 0.00

    Homarr is an open-source dashboard. Prior to 1.57.0, a DOM-based Cross-Site Scripting (XSS) vulnerability has been discovered in Homarr's /auth/login page. The application improperly trusts a URL parameter (callbackUrl), which is passed to redirect and router.push. An attacker…

  • CVE-2026-33506HigMar 26, 2026
    risk 0.50cvss 8.8epss 0.00

    Ory Polis, formerly known as BoxyHQ Jackson, bridges or proxies a SAML login flow to OAuth 2.0 or OpenID Connect. Versions prior to 26.2.0 contain a DOM-based Cross-Site Scripting (XSS) vulnerability in Ory Polis's login functionality. The application improperly trusts a URL…

  • CVE-2026-40321HigApr 17, 2026
    risk 0.45cvss 8.0epss 0.08

    DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.2.2, a user could upload a specially crafted SVG file that could include scripts that can target both authenticated and unauthenticated DNN users.…

  • CVE-2026-22711MedApr 7, 2026
    risk 0.45cvss epss 0.00

    Improper neutralization of alternate XSS syntax vulnerability in The Wikimedia Foundation Mediawiki - Wikilove Extension allows Cross-Site Scripting (XSS).The issue has been remediated on the `master` branch, and in the release branches for MediaWiki versions 1.43, 1.44, and…

  • CVE-2026-35534HigApr 7, 2026
    risk 0.42cvss 7.6epss 0.00

    ChurchCRM is an open-source church management system. Prior to 7.1.0, a stored cross-site scripting vulnerability exists in PersonView.php due to incorrect use of sanitizeText() as an output sanitizer for HTML attribute context. The function only strips HTML tags, it does not…

  • CVE-2025-8561MedOct 15, 2025
    risk 0.42cvss 6.4epss 0.00

    The Ova Advent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for…

  • CVE-2024-4459MedJun 6, 2024
    risk 0.42cvss 6.4epss 0.00

    The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widget's titles in all versions up to, and including, 2.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes…

  • CVE-2024-2618MedMay 24, 2024
    risk 0.42cvss 6.4epss 0.00

    The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the size attribute in all versions up to, and including, 1.6.26 due to insufficient input sanitization and output escaping. This makes it possible for authenticated…

  • CVE-2024-3666MedMay 22, 2024
    risk 0.42cvss 6.4epss 0.00

    The Opal Estate Pro – Property Management and Submission plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the agent latitude and longitude parameters in all versions up to, and including, 1.7.6 due to insufficient input sanitization and output escaping.…

  • CVE-2026-46492HigJun 9, 2026
    risk 0.40cvss 7.2epss 0.00

    md-fileserver allows for local viewing of markdown files in a browser. Prior to version 1.10.3, a cross-site scripting (XSS) vulnerability exists in the application’s Markdown rendering logic. When user-supplied Markdown content is rendered, embedded raw HTML—including…

  • CVE-2026-34598MedApr 2, 2026
    risk 0.40cvss 6.1epss 0.00

    YesWiki is a wiki system written in PHP. Prior to version 4.6.0, a stored and blind XSS vulnerability exists in the form title field. A malicious attacker can inject JavaScript without any authentication via a form title that is saved in the backend database. When any user…

  • CVE-2024-3519MedMay 22, 2024
    risk 0.40cvss 6.1epss 0.00

    The Media Library Assistant plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the lang parameter in all versions up to, and including, 3.15 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to…

  • CVE-2025-55291HigAug 18, 2025
    risk 0.39cvss 7.1epss 0.00

    Shaarli is a minimalist bookmark manager and link sharing service. Prior to 0.15.0, the input string in the cloud tag page is not properly sanitized. This allows the tag to be prematurely closed, leading to a reflected Cross-Site Scripting (XSS) vulnerability. This…

  • CVE-2024-32463HigApr 17, 2024
    risk 0.39cvss 7.1epss 0.01

    phlex is an open source framework for building object-oriented views in Ruby. There is a potential cross-site scripting (XSS) vulnerability that can be exploited via maliciously crafted user data. The filter to detect and prevent the use of the `javascript:` URL scheme in the…

  • CVE-2026-54002higJun 18, 2026
    risk 0.38cvss epss

    ### TL;DR This vulnerability affects Kirby sites and plugins that use the `writer` or `list` fields or that use `$dom->sanitize()`, `Sane::sanitize()`, `Sane\Html::sanitize()`, `Sane\Svg::sanitize()`, `Sane\Xml::sanitize()`, `Sane::sanitizeFile()` or…

  • CVE-2025-14732MedApr 8, 2026
    risk 0.35cvss 6.4epss 0.00

    The Elementor Website Builder – More Than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widget parameters in all versions up to, and including, 3.35.5 due to insufficient input sanitization and output escaping. This makes it…

  • CVE-2024-2750MedMay 2, 2024
    risk 0.35cvss 6.4epss 0.00

    The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL attribute of the Button widget in all versions up to, and including, 2.6.9.3 due to insufficient input sanitization and output escaping. This makes it possible for…

  • CVE-2026-42458MedMay 15, 2026
    risk 0.34cvss epss 0.00

    Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to 20.18.0, there is a reflected XSS vulnerability under admin panel ->…