This page collects WhisperX intelligence signals tagged #CWE-79. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
A security vulnerability report identifies a Cross-Site Scripting (XSS) vulnerability in the RSOLV-dev/nodegoat-vulnerability-demo repository. The vulnerability is classified as HIGH severity and is present in one file. The specific issue is located in `config/env/development.js` at line 11, where the code directly use...
A critical security flaw has been identified in the NodeGoat vulnerability demonstration repository, exposing a high-severity Cross-Site Scripting (XSS) vulnerability within its development environment configuration. The vulnerability, classified under CWE-79 and OWASP A03:2021 - Injection, resides in the `config/env/d...
An automated security scan has flagged a high-severity Cross-Site Scripting (XSS) vulnerability within a widely used vulnerability demonstration repository. The flaw is located in a legacy JavaScript file (`lte-ie7.js`) and involves the direct, unescaped assignment of user-controlled input to the `innerHTML` property. ...
A security scan of the Apache Superset codebase has flagged a critical pattern of insecure coding practices, exposing the popular data visualization platform to potential cross-site scripting (XSS) attacks. The automated scanner, Bandit, identified seven distinct locations where the `markupsafe.Markup` class is being u...
A confirmed cross-site scripting (XSS) vulnerability in the PostCSS CSS parser has been identified, affecting all versions prior to 8.5.10. The flaw鈥攖racked as GHSA-qx2v-qp2m-jg93鈥攁llows an attacker to inject unescaped `</style>` sequences when stringifying CSS containing attacker-controlled content. When that output i...
A vulnerability in the WordPress plugin Notice Tracker creates a mechanism by which stored cross-site scripting (XSS) vulnerabilities in other installed plugins can be amplified into persistent attacks affecting an entire WordPress installation. The flaw, documented as CVE candidates under CWE-79, centers on unescaped ...