CVE-2026-7660

creationtimestamp| type| source ---|---|--- 2026-05-28 11:40:06+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmvwsbye3v2i...

ECHO-7660-37E3-26E2

Bulletin has no description...

CVE-2020-7660

creationtimestamp| type| source ---|---|--- 2026-02-27 14:50:40+00:00| published-proof-of-concept| https://github.com/yahoo/serialize-javascript/security/advisories/GHSA-5c6j-r48x-rmvq 2026-05-19 01:47:50+00:00| seen| https://gist.github.com/joemocha/fe552c9601dc58c4f9731982ab0d1f8c...

MAL-2025-7660 Malicious code in @crabas0npm2/fuga-itaque-fugit (npm)

The package @crabas0npm2/fuga-itaque-fugit was found to contain malicious code...

CVE-2025-7660

creationtimestamp| type| source ---|---|--- 2025-07-18 09:24:54+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lua4thnefd27...

CVE-2025-7660 Map My Locations <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Map My Locations plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mapmylocations' shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

WordPress Map My Locations plugin <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by muhammad yudha in WordPress Plugin Map My Locations versions = 1.1...

CVE-2024-7660 SourceCodester File Manager App Add File cross site scripting

A vulnerability has been found in SourceCodester File Manager App 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Add File Handler. The manipulation of the argument File Title/Uploaded By leads to cross site scripting. The attack can ...

CVE-2024-7660

SourceCodester File Manager App 1.0 contains a cross‑site scripting vulnerability in the Add File Handler. Manipulating the File Title/Uploaded By parameter can trigger XSS, with remote exploitation and a publicly disclosed exploit. Connected advisories do not specify the exact XSS type (reflecte...

CVE-2024-7660 SourceCodester File Manager App Add File cross site scripting

A vulnerability has been found in SourceCodester File Manager App 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Add File Handler. The manipulation of the argument File Title/Uploaded By leads to cross site scripting. The attack can ...

0x0.icu.anima (=0.1.0), 1.1.0 (=1.0.0) +15467 more potentially affected by CVE-2020-7660 via serialize-javascript (>=1.0.0 <=3.0.0)

serialize-javascript NPM version =1.0.0, =6.2.0, =0.1.0, =0.0.1, =2.0.0, =0.1.0, =1.0.1, =0.1.0, =0.24.0, =0.29.0 and more Source cves: CVE-2020-7660 Source advisory: OSV:GHSA-HXCC-F52P-WC94...

RHEL 8 : Red Hat OpenShift Service Mesh 1.0 servicemesh-grafana (RHSA-2020:2861)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2861 advisory. Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise...

Important: Red Hat Security Advisory: Red Hat OpenShift Service Mesh servicemesh-grafana security update

An update for servicemesh-grafana is now available for OpenShift Service Mesh 1.1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

CVE-2020-7660

serialize-javascript prior to 3.1.0 allows remote attackers to inject arbitrary code via the function "deleteFunctions" within "index.js"...

CVE-2020-7660

serialize-javascript prior to 3.1.0 allows remote attackers to inject arbitrary code via the function "deleteFunctions" within "index.js"...

CVE-2020-7660

CVE-2020-7660 affects the serialize-javascript package prior to 3.1.0, where the function named deleteFunctions in index.js can be abused by a remote attacker to inject arbitrary code. The vulnerability enables remote code execution with network access and no authentication, with potential for hi...

@internxt/cli (>=1.0.5 <=1.2.2), @latitude-data/cli (>=0.0.29 <=1.11.0-canary.8) +10 more potentially affected by CVE-2020-7660 via serialize-javascript (>=7.0.0 <=7.0.2)

serialize-javascript NPM version =7.0.0, =1.0.5, =0.0.29, =0.7.5, =1.3.0, =0.1.0, =1.0.7, =0.2.0, =0.7.0-alpha.6 Source cves: CVE-2020-7660 Source advisory: SNYK:JS-SERIALIZEJAVASCRIPT-570062...

CVE-2019-7660

PHPMyWind 5.5 is affected by a stored XSS in the username parameter of /install/index.php (as described by CVE-2019-7660). The issue is demonstrated via admin/login.php. Multiple sources (NVD/CNVD/CVE listings) confirm the vulnerability and its basic details; no specifics about mitigations or pat...

CVE-2018-7660

Affected product : OpenText Documentum D2 Webtop v4.6.0030 build 059. Vulnerability : Reflected Cross-Site Scripting (XSS) via the servlet/Download _docbase or _username parameter. Root cause / impact : XSS could allow an attacker to potentially compromise the affected system; exploitation detail...

CVE-2017-7660

Apache Solr uses a PKI based mechanism to secure inter-node communication when security is enabled. It is possible to create a specially crafted node name that does not exist as part of the cluster and point it to a malicious node. This can trick the nodes in cluster to believe that the malicious...