Skip to main content
COSMICBYTEZLABS
NewsSecurityHOWTOsToolsTraining
StudyProjectsNewsletterHire MeAbout
Subscribe

Press Enter to search or Esc to close

News
Security
HOWTOs
Tools
Training
Study
Projects
Newsletter
Hire Me
About
RSS Feed
Reading List
Subscribe

Stay in the Loop

Get the latest security alerts, tutorials, and tech insights delivered to your inbox.

Subscribe NowFree forever. No spam.
COSMICBYTEZLABS

Your trusted source for IT intelligence, cybersecurity insights, and hands-on technical guides.

1941+ Articles
150+ Guides

CONTENT

  • Latest News
  • Security Alerts
  • HOWTOs
  • Checklists
  • Projects
  • Exam Prep

RESOURCES

  • Search
  • Browse Tags
  • Newsletter Archive
  • Reading List
  • RSS Feed

COMPANY

  • About Us
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CosmicBytez Labs. All rights reserved.

System Status: Operational
All tags
21 articles

#XSS

All CosmicBytez Labs articles tagged #XSS, across news, security advisories, how-to guides, and projects.

  • NewsJul 11, 2026

    Critical Zimbra Flaw Could Let Crafted Emails Run Malicious Code in User Sessions

    A critical stored XSS vulnerability in Zimbra's Classic Web Client allows attackers to deliver specially crafted emails that execute arbitrary code within...

  • SecurityJul 11, 2026

    CVE-2026-55879: OpenReplay Stored XSS Enables Dashboard Account Takeover

    A critical stored XSS vulnerability in OpenReplay's session replay SDK allows unauthenticated attackers to inject malicious scripts via the public...

  • NewsJul 10, 2026

    Zimbra Urges Customers to Patch Critical Web Client XSS Flaw Exploited in the Wild

    CVE-2025-27915, a stored XSS vulnerability in Zimbra's Classic Web Client, was exploited as a zero-day before public disclosure. Attackers used malicious...

  • SecurityJul 10, 2026

    CVE-2026-2342: ValeApp Stored Cross-Site Scripting (CVSS 9.3)

    A critical stored XSS vulnerability in OceanicSoft's ValeApp allows attackers to inject persistent JavaScript payloads that execute in every victim's...

  • SecurityJun 16, 2026

    CVE-2016-20066: WordPress CP Polls Persistent XSS via File Upload

    WordPress CP Polls plugin version 1.0.8 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through...

  • SecurityJun 14, 2026

    CVE-2026-5513: Bookly WordPress Plugin Stored XSS via Cookie

    The Bookly scheduling plugin for WordPress contains a stored cross-site scripting vulnerability in versions up to 27.2, allowing unauthenticated attackers...

  • SecurityJun 13, 2026

    CVE-2026-44990: sanitize-html XMP Element XSS Bypass (CVSS 9.3)

    sanitize-html versions prior to 2.17.4 allow attacker-controlled content inside a disallowed xmp element to render as live HTML, enabling stored XSS.

  • SecurityJun 12, 2026

    CVE-2026-10087: GitLab EE Stored XSS via Developer Role

    GitLab EE versions 17.1 through 19.x are affected by a stored cross-site scripting vulnerability (CVSS 8.7) that allows an authenticated developer to...

  • SecurityJun 4, 2026

    CVE-2026-36748: High-Severity Stored XSS in RockRMS via Social Media Profile Links

    RockRMS versions up to v16.13 are vulnerable to a CVSS 9.0 stored cross-site scripting flaw that allows attackers to inject malicious scripts through social…

  • SecurityJun 3, 2026

    CVE-2026-42849: authentik Critical XSS in AutosubmitStage (CVSS 9.3)

    A critical cross-site scripting vulnerability in authentik's Simple Flow Executor AutosubmitStage allows attackers to execute arbitrary JavaScript via a…

  • NewsMay 18, 2026

    Microsoft Exchange Zero-Day Under Attack, No Patch Available

    A zero-day XSS vulnerability in Microsoft Exchange Server (CVE-2026-42897) is being actively exploited in the wild, allowing attackers to compromise...

  • SecurityMay 15, 2026

    CVE-2026-44212: PrestaShop Stored XSS in Customer Service

    A stored Cross-Site Scripting vulnerability (CVSS 9.3) in PrestaShop's back-office Customer Service view allows unauthenticated attackers to inject...

  • SecurityMay 12, 2026

    CVE-2025-61311: Reflected XSS in docuForm Managed Print

    A reflected cross-site scripting vulnerability in the dfm-menu_alerts.php component of GmbH Mecury docuForm v11.11c allows attackers to execute arbitrary...

  • SecurityMay 3, 2026

    CVE-2026-5324: WordPress Brizy Page Builder Unauthenticated

    The Brizy Page Builder plugin for WordPress contains a critical unauthenticated Stored Cross-Site Scripting flaw in versions up to 2.8.11, enabling...

  • NewsApr 26, 2026

    Over 10,000 Zimbra Servers Vulnerable to Ongoing XSS Attacks

    CISA has confirmed that a cross-site scripting vulnerability in Zimbra Collaboration Suite is being actively exploited in the wild, with over 10,000...

  • SecurityApr 24, 2026

    Hackage Haskell Repository Stored XSS Enables Credential

    A critical stored XSS vulnerability in hackage-server allows HTML and JavaScript files uploaded via source packages or documentation to execute in...

  • SecurityApr 17, 2026

    CVE-2026-40322: SiYuan XSS via Mermaid innerHTML Injection

    SiYuan knowledge management versions 3.6.3 and below render Mermaid diagrams with loose security, allowing attacker-controlled javascript: URLs to execute...

  • SecurityApr 11, 2026

    CVE-2026-31845: Rukovoditel CRM Reflected XSS in Zadarma

    Rukovoditel CRM versions 3.6.4 and earlier contain a critical reflected XSS vulnerability in the Zadarma telephony API endpoint. The application reflects...

  • SecurityMar 17, 2026

    CVE-2015-20118: Stored XSS in RealtyScript 4.0.2 Admin

    A stored cross-site scripting vulnerability in RealtyScript 4.0.2 allows attackers to inject malicious JavaScript via the location_name parameter in the...

  • SecurityMar 16, 2026

    CVE-2015-20115: RealtyScript 4.0.2 Stored XSS via File

    CVE-2015-20115 is a stored cross-site scripting vulnerability in RealtyScript 4.0.2 that allows authenticated attackers to upload malicious script files...

  • SecurityMar 8, 2026

    ZITADEL Critical XSS in SAML Endpoint Enables 1-Click

    A critical cross-site scripting vulnerability in ZITADEL's login V2 /saml-post endpoint allows unauthenticated attackers to execute arbitrary JavaScript...