EUVD-2004-2259

Malware in sbrugna...

EUVD-2022-15911

Malicious code in bioql PyPI...

EUVD-2021-28037

Malicious code in bioql PyPI...

MAL-2025-27342 Malicious code in new-al-bum-av-ailable-15445-pieces-of-a-man-l0qbw-fjnero (npm)

The package new-al-bum-av-ailable-15445-pieces-of-a-man-l0qbw-fjnero was found to contain malicious code...

CVE-2024-46333

An authenticated cross-site scripting XSS vulnerability in Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Album Name parameter under the Add Album function...

CVE-2024-46333

An authenticated cross-site scripting XSS vulnerability in Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Album Name parameter under the Add Album function...

CVE-2024-46333

An authenticated cross-site scripting XSS vulnerability in Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Album Name parameter under the Add Album function...

CVE-2024-46333

CVE-2024-46333: An authenticated XSS in Piwigo v14.5.0 allows injection of arbitrary web scripts/HTML via the Album Name field in Add Album. Affected component is the Album management flow; underlying cause is not detailed in the provided documents. Practical impact is limited to script execution...

CVE-2024-46333

An authenticated cross-site scripting XSS vulnerability in Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Album Name parameter under the Add Album function...

CVE-2022-0873

The Gmedia Photo Gallery WordPress plugin before 1.20.0 does not sanitise and escape the Album's name before outputting it in pages/posts with a media embed, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered-html capability is...

WordPress plugin Gmedia Photo Gallery 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Gmedia Photo Gallerys plugin version 1.20.0 before version 1.20.0 has a cross-site scriptin...

CVE-2022-27428

A stored cross-site scripting XSS vulnerability in /index.php/album/add of GalleryCMS v2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the albumname parameter...

GalleryCMS 跨站脚本漏洞

GalleryCMS is a free image gallery CMS based on the CodeIgniter 2.1 framework from Aaron Benson, a US-based individual developer. GalleryCMS v2.0 is vulnerable to a cross-site scripting vulnerability that stems from a lack of data validation in the albumname parameter in /index.php/album/add for...

Gmedia Photo Gallery < 1.20.0 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape the Album's name before outputting it in pages/posts with a media embed, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered-html capability is disallowed https://youtu.be/kTMg65teTvU Create ...

Piwigo Cross-Site Scripting Vulnerability (CNVD-2021-101688)

Piwigo is a set of Web-based open source image library software. Piwigo has a cross-site scripting vulnerability in version 11.5.0, which stems from a lack of user-supplied data and output data validation filtering. An attacker could exploit this vulnerability to conduct XSS attacks via the syste...

Cross site scripting

A Cross Site Scripting XSS vulnerability exists in Piwigo 11.5.0 via the system album name and description of the location...

Piwigo 跨站脚本漏洞

Piwigo is a set of Web-based open source image library software. Piwigo has a cross-site scripting vulnerability in version 11.5.0, which stems from a lack of user-supplied data and output data validation filtering. An attacker could exploit this vulnerability to conduct XSS attacks via the syste...

Synology Audio Station Cross-Site Scripting Vulnerability

Synology Audio Station is an audio manager from Synology, a Chinese company. A cross-site scripting vulnerability exists in Synology Audio Station version 5.1 before 5.1-2550 and version 5.4 before 5.4-2857. A remote attacker can exploit the vulnerability to inject arbitrary web script or HTML wi...

Synology Photo Station Cross-Site Scripting Vulnerability

Synology Photo Station is a solution for sharing pictures, videos and blogs over the Internet from Synology, a Chinese company. A cross-site scripting vulnerability exists in Synology Photo Station. The vulnerability can be exploited by remote attackers to inject arbitrary web script or HTML via...

CVE-2015-9102

Multiple cross-site scripting XSS vulnerabilities in Synology Photo Station 6.0 before 6.0-2638 and 6.3 before 6.3-2962 allow remote authenticated attackers to inject arbitrary web script or HTML via the 1 album name, 2 file name of uploaded photos, 3 description of photos, or 4 tag of the photos...