MAL-2025-36686 Malicious code in test-mlw2-zingy-viler (npm)

The package test-mlw2-zingy-viler was found to contain malicious code...

CVE-2023-36686

Unauth. Reflected Cross-Site Scripting XSS vulnerability in CartFlows Pro plugin = 1.11.11 versions...

CVE-2021-36686

Cross Site Scripting XSS vulnerability in yapi 1.9.1 allows attackers to execute arbitrary code via the /interface/api edit page...

CVE-2023-36686

creationtimestamp| type| source ---|---|--- 2023-08-06 02:11:58+00:00| seen| https://t.me/cibsecurity/67820...

CVE-2023-36686

CartFlows Pro (WordPress) vulnerability CVE-2023-36686 is an unauthenticated, reflected XSS affecting versions = 1.11.12 to remediate the flaw. No exploitation details are provided in the sources; in-the-wild exploit status is not confirmed within the supplied documents.

WordPress CartFlows Pro Plugin <= 1.11.11 is vulnerable to Cross Site Scripting (XSS)

Software CartFlows Pro Type Plugin Vulnerable versions = 1.11.11 Fixed in 1.11.12 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-36686 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID fde18e13d181 Credits Rafie Muhammad...

CVE-2021-33237

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Consult IDs: CVE-2021-36686. Reason: This candidate is a duplicate of CVE-2021-36686. Notes: All CVE users should reference CVE-2021-36686 instead of this candidate. All references and descriptions in this candidate have been removed to prevent...

CVE-2021-36686

Cross Site Scripting XSS vulnerability in yapi 1.9.1 allows attackers to execute arbitrary code via the /interface/api edit page...

CVE-2021-36686

Cross Site Scripting XSS vulnerability in yapi 1.9.1 allows attackers to execute arbitrary code via the /interface/api edit page...

CVE-2021-36686

Cross Site Scripting XSS vulnerability in yapi 1.9.1 allows attackers to execute arbitrary code via the /interface/api edit page...

CVE-2021-36686

CVE-2021-36686 is an XSS vulnerability in YMFE YApi 1.9.1, exploitable via the /interface/api edit page. The issue affects the web interface code path used to edit API definitions; the precise root cause is described as a Cross Site Scripting flaw. The CVE entry notes that PoC exploits exist (exp...

CVE-2022-36686

creationtimestamp| type| source ---|---|--- 2022-08-29 18:34:25+00:00| seen| https://t.me/cibsecurity/48976...

CVE-2022-36686

Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /admin/?page=reports/stockin&month=...

CVE-2022-36686

Ingredients Stock Management System v1.0 contains a SQL injection via the month parameter at /admin/?page=reports/stockin&month=, caused by insufficient validation of external input in the month parameter. This vulnerability is documented as CVE-2022-36686 with a CVSS v3.1 base score of 8.8 (HIGH...