md-fileserver allows for local viewing of markdown files in a browser. Prior to version 1.10.3, a cross-site scripting (XSS) vulnerability exists in the application’s Markdown rendering logic. When user-supplied Markdown content is rendered, embedded raw HTML—including tags—is processed and injected into the resulting page without sanitization, allowing arbitrary JavaScript execution in the conte

Improper Neutralization of Alternate XSS Syntax vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. AI-generated response content was rendered in the browser without proper sanitization, allowing malicious scripts to be executed when the content was viewed. Users are recommended to upgrade to version 2.0.1, which fixes the issue.

Open WebUI 是一个自托管的人工智能平台，设计为完全离线运行。在版本 0.9.3 之前，其频道 webhook 创建/更新流程接受任意的 profile_image_url 值，包括 data:image/svg+xml;base64,... 负载。随后，头像图片端点会解码并提供此 SVG 作为 image/svg+xml 类型，但未进行清理，导致攻击者控制的脚本处理器（例如 onload）在浏览器中打开头像图片 URL 时执行。这是一个存储型 XSS 漏洞，攻击者可以通过构造恶意的 SVG 图片 URL 实现任意 JavaScript 执行。受影响版本为所有低于 0.9.3 的 Open WebUI 实例。修复版本为 0.9.3，建议用户立即升级。此外，作为临时缓解措施，可以限制对 webhook 创建/更新端点的网络访问，或实施输入验证以阻止 data: 协议和 SVG 内容。

Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to 20.18.0, there is a reflected XSS vulnerability under admin panel -> System -> Import/Export -> Dataflow - Profiles. This vulnerability is fixed in 20.18.0.

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an unauthenticated attacker could register a malicious MCP OAuth client with a crafted client_name. If a victim user authorized the OAuth consent dialog and a second user subsequently revoked that access, a toast notification would render the injected script. Clicking the link would execute arbitrar

## Impact An unauthenticated attacker could register a malicious MCP OAuth client with a crafted `client_name`. If a victim user authorized the OAuth consent dialog and a second user subsequently revoked that access, a toast notification would render the injected script. Clicking the link would execute arbitrary JavaScript in the victim's authenticated n8n browser session, enabling credential and