Multiple Cross-Site Scripting (XSS) Vulnerabilities in Mailcow
Aikido's AI pentest agent found three XSS vulnerabilities in Mailcow, one of which let unauthenticated attackers take over administrator accounts. All issues have been patched as of version 2026-03b…
Read the full articleYou might also wanna read
CVE-2026-13234: CWE-79 Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") in Drupal AI (Artificial Intelligence)
Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal AI (Artificial Intelligence) al
CVE-2026-13231: CWE-79 Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") in Drupal Advanced Content Feedback (aka admin_feedback)
Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Advanced Content Feedback (aka
CVE-2026-15297: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in neeraj_slit Brevo – Email, SMS, Web Push, Chat, and more.
The Brevo WordPress plugin (formerly Sendinblue) for newsletter and email marketing is vulnerable to reflected cross-site scripting (XSS) vi
CVE-2026-3367: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in lustmored Lockme calendars integration
The Lockme OAuth2 calendars integration plugin for WordPress contains a stored cross-site scripting (XSS) vulnerability in multiple settings
CVE-2026-15298: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in pechenki TelSender – Сontact form 7, Events, Wpforms, ninja forms and woocommerce to telegram bot
The TelSender WordPress plugin is vulnerable to a DOM-Based Cross-Site Scripting (XSS) flaw in all versions up to and including 1.14.14. Thi
CVE-2026-55464: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in grokability snipe-it
Snipe-IT versions prior to 8.6.2 contain a cross-site scripting (XSS) vulnerability due to improper sanitization of javascript: URIs in Mark
Comments
Sign in to join the conversation.
No comments yet. Be the first.