All Topics
All Topics
Technology
Technology
AI
AI
Business
Business
Entertainment
Entertainment
News
News
Programming
Programming
Science
Science
Design
Design
Environment
Environment
Finance
Finance
Crypto
Crypto
Politics
Politics
Sports
Sports
Education
Education
Gaming
Gaming
Art
Art
Music
Music
Health
Health
Security
Security
Books
Books
Food
Food
Travel
Travel
Personal
Personal
Bluesky
Twitter

Multiple Cross-Site Scripting (XSS) Vulnerabilities in Mailcow

Aikido's AI pentest agent found three XSS vulnerabilities in Mailcow, one of which let unauthenticated attackers take over administrator accounts. All issues have been patched as of version 2026-03b…

Read the full article
2mo ago

You might also wanna read

CVE-2026-13234: CWE-79 Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") in Drupal AI (Artificial Intelligence)

Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal AI (Artificial Intelligence) al

radar.offseq.com·8h ago

CVE-2026-13231: CWE-79 Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") in Drupal Advanced Content Feedback (aka admin_feedback)

Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Advanced Content Feedback (aka

radar.offseq.com·8h ago

CVE-2026-15297: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in neeraj_slit Brevo – Email, SMS, Web Push, Chat, and more.

The Brevo WordPress plugin (formerly Sendinblue) for newsletter and email marketing is vulnerable to reflected cross-site scripting (XSS) vi

radar.offseq.com·1d ago

CVE-2026-3367: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in lustmored Lockme calendars integration

The Lockme OAuth2 calendars integration plugin for WordPress contains a stored cross-site scripting (XSS) vulnerability in multiple settings

radar.offseq.com·2h ago

CVE-2026-15298: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in pechenki TelSender – Сontact form 7, Events, Wpforms, ninja forms and woocommerce to telegram bot

The TelSender WordPress plugin is vulnerable to a DOM-Based Cross-Site Scripting (XSS) flaw in all versions up to and including 1.14.14. Thi

radar.offseq.com·1d ago

CVE-2026-55464: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in grokability snipe-it

Snipe-IT versions prior to 8.6.2 contain a cross-site scripting (XSS) vulnerability due to improper sanitization of javascript: URIs in Mark

radar.offseq.com·11h ago

Comments

Sign in to join the conversation.

No comments yet. Be the first.