Pi-hole Reflected XSS in 404-Error Page

Pi-hole Admin Interface = 6.2.1 contains a reflected XSS vulnerability on the 404 error page. The URL path is reflected unsanitized into the class attribute of the body tag, allowing attribute injection via a crafted URL to execute arbitrary JavaScript in victim browsers. id: CVE-2025-53533 info:...

EUVD-2024-55061

Nagios XI versions prior to 2024R1.1 is vulnerable to a cross-site scripting XSS when a user visits the "missing page" 404 page after following a link from another website. The vulnerable component, page-missing.php, fails to properly validate or escape user-supplied input, allowing an attacker t...

CVE-2024-13992

Nagios XI versions prior to 2024R1.1 is vulnerable to a cross-site scripting XSS when a user visits the "missing page" 404 page after following a link from another website. The vulnerable component, page-missing.php, fails to properly validate or escape user-supplied input, allowing an attacker t...

CVE-2024-13992 Nagios XI < 2024R1.1 XSS via Missing Page / 404

Nagios XI versions prior to 2024R1.1 is vulnerable to a cross-site scripting XSS when a user visits the "missing page" 404 page after following a link from another website. The vulnerable component, page-missing.php, fails to properly validate or escape user-supplied input, allowing an attacker t...

CVE-2024-13992 Nagios XI < 2024R1.1 XSS via Missing Page / 404

Nagios XI versions prior to 2024R1.1 is vulnerable to a cross-site scripting XSS when a user visits the "missing page" 404 page after following a link from another website. The vulnerable component, page-missing.php, fails to properly validate or escape user-supplied input, allowing an attacker t...

CVE-2025-53533

Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level advertisement and internet tracker blocking application. Pi-hole Admin Interface versions 6.2.1 and earlier are vulnerable to reflected cross-site scripting XSS via a malformed URL path. The 404 error page includes t...

CVE-2025-53533

CVE-2025-53533 affects Pi-hole Admin Interface ≤ 6.2.1. It is a reflected XSS in the 404 page caused by including the requested path in the body tag’s class attribute without proper sanitization, enabling an attacker to craft a link with an onload attribute that executes arbitrary JavaScript in a...

CVE-2025-53533 Pi-hole Admin Interface vulnerable to cross-site scripting via malformed URL path on 404 error page

Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level advertisement and internet tracker blocking application. Pi-hole Admin Interface versions 6.2.1 and earlier are vulnerable to reflected cross-site scripting XSS via a malformed URL path. The 404 error page includes t...

EUVD-2017-1383

Malware in sbrugna...

EUVD-2017-16343

Malware in sbrugna...

EUVD-2022-4823

Malicious code in bioql PyPI...

PT-2025-39440

Name of the Vulnerable Software and Affected Versions petstore version 1.0.7 Description An issue allows a remote attacker to execute arbitrary code by accessing a non-existent endpoint /cart. The server responds with a 404-error page that reveals sensitive information, including the Servlet name...

CVE-2025-49322

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SeedProd 404 Page by SeedProd allows Stored XSS. This issue affects 404 Page by SeedProd: from n/a through n/a...

CVE-2025-49322

CVE-2025-49322 affects the WordPress plugin 404 Page by SeedProd. It is a Stored XSS vulnerability in the page generation flow, exploitable only by authenticated attackers (Administrator+). Affected versions are up to 1.0.1; a fix is available in 1.0.2+ (upgrade recommended). CVSS v3.1 base score...

CVE-2025-49322 WordPress 404 Page by SeedProd < 1.0.2 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SeedProd 404 Page by SeedProd allows Stored XSS. This issue affects 404 Page by SeedProd: from n/a through n/a...

GHSA-WXM4-9F8P-GGGV Flowise Cross-site Scripting in/api/v1/credentials/id

Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, a reflected cross-site scripting vulnerability occurs in the /api/v1/credentials/id endpoint. If the default configuration is used unauthenticated, an attacker may be able to craf...

GHSA-2JCH-QC96-9F5G Flowise Cross-site Scripting in api/v1/chatflows/id

Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, a reflected cross-site scripting vulnerability occurs in the api/v1/chatflows/id endpoint. If the default configuration is used unauthenticated, an attacker may be able to craft a...

GHSA-858C-QXVX-RG9V Flowise Cross-site Scripting in /api/v1/chatflows-streaming/id

Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, a reflected cross-site scripting vulnerability occurs in the /api/v1/chatflows-streaming/id endpoint. If the default configuration is used unauthenticated, an attacker may be able...

Flowise Cross-site Scripting in /api/v1/public-chatflows/id

Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, a reflected cross-site scripting vulnerability occurs in the /api/v1/public-chatflows/id endpoint. If the default configuration is used unauthenticated, an attacker may be able to...

Flowise Cross-site Scripting in/api/v1/credentials/id

Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, a reflected cross-site scripting vulnerability occurs in the /api/v1/credentials/id endpoint. If the default configuration is used unauthenticated, an attacker may be able to craf...