MAL-2025-38972 Malicious code in web-i18 (npm)

The package web-i18 was found to contain malicious code...

CVE-2024-38972

A cross-site scripting XSS vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-ports/add/...

CVE-2024-38972

A cross-site scripting XSS vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-ports/add/...

CVE-2022-38972

CVE-2022-38972 is a cross-site scripting vulnerability in the Movable Type plugin A-Form . Affected versions are: prior to 4.1.1 for Movable Type 7 Series, and prior to 3.9.1 for Movable Type 6 Series. The flaw lets a remote, unauthenticated attacker inject arbitrary scripts into users’ browsers....

CVE-2022-38972

Cross-site scripting vulnerability in Movable Type plugin A-Form versions prior to 4.1.1 for Movable Type 7 Series and versions prior to 3.9.1 for Movable Type 6 Series allows a remote unauthenticated attacker to inject an arbitrary script...

CVE-2021-38972

creationtimestamp| type| source ---|---|--- 2021-11-12 18:38:59+00:00| seen| https://t.me/cibsecurity/32307...

CVE-2021-38972

The CVE-2021-38972 issue affects IBM Security Key Lifecycle Manager (TKLM) and IBM Security Guardium Key Lifecycle Manager. The root cause is improper or insufficient input validation in TKLM when handling input/data, as described in IBM’s advisory. Affected versions are TKLM/Guardium KLM 3.0 (up...