Tag

Html-Injection

3 briefs RSS

CVE-2026-41611: Visual Studio Code XSS Vulnerability

CVE-2026-41611 is a cross-site scripting (XSS) vulnerability in Visual Studio Code that allows an attacker to execute code locally due to improper neutralization of script-related HTML tags.

Visual Studio Code cve xss visual-studio-code html-injection

2r 4t 1c May 12, 2026

high advisory

JupyterLab Command Execution via Crafted HTML Content

2 rules 1 TTP

JupyterLab's HTML sanitizer allows execution of arbitrary commands via specially crafted HTML content in notebooks or Markdown files due to improper handling of `data-commandlinker-command` and `data-commandlinker-args` attributes.

jupyterlab +1 command-execution html-injection

2r 1t May 7, 2026

medium advisory

GitLab Improper HTML Sanitization Vulnerability (CVE-2026-2995)

2 rules 2 TTPs

CVE-2026-2995 is a vulnerability in GitLab EE versions 15.4 to 18.10.1 where an authenticated user can add email addresses to other user accounts due to improper HTML sanitization, potentially leading to account takeover or information disclosure.

gitlab html-injection cve-2026-2995

2r 2t Mar 26, 2026