CVE-2025-11851 Apeman ID71 set_alias.cgi cross site scripting

A vulnerability has been found in Apeman ID71 EN75.8.53.20. The affected element is an unknown function of the file /setalias.cgi. Such manipulation of the argument alias leads to cross site scripting. The attack can be executed remotely. The exploit has been disclosed to the public and may be...

EUVD-2021-14761

Malware in sbrugna...

EUVD-2023-58930

Malicious code in bioql PyPI...

EUVD-2025-28829

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2021-28054

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. A Stored Cross-Site Scripting XSS issue in Configuration Hosts allows remote authenticated...

CVE-2025-40707

Cross-Site Scripting XSS vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage ACDH-CH, due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote user to send specially crafted queries to an...

CVE-2025-40703

Cross-Site Scripting XSS vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage ACDH-CH, due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote user to send specially crafted queries to an...

CVE-2025-40703

Cross-Site Scripting XSS vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage ACDH-CH, due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote user to send specially crafted queries to an...

CVE-2025-40707 Cross-Site Scripting (XSS) vulnerability in OpenAtlas by ACDH-CH

Cross-Site Scripting XSS vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage ACDH-CH, due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote user to send specially crafted queries to an...

CVE-2025-9234

A vulnerability was detected in Scada-LTS up to 2.7.8.1. The affected element is an unknown function of the file maintenanceevents.shtm. The manipulation of the argument Alias results in cross site scripting. The attack can be executed remotely. The exploit is now public and may be used...

CVE-2025-9234

A vulnerability was detected in Scada-LTS up to 2.7.8.1. The affected element is an unknown function of the file maintenanceevents.shtm. The manipulation of the argument Alias results in cross site scripting. The attack can be executed remotely. The exploit is now public and may be used...

Scada-LTS 安全漏洞

Scada-LTS is an open source, web-based, multi-platform solution from Scada-LTS Open Source. A security vulnerability exists in Scada-LTS version 2.7.8.1 and earlier, which stems from an incorrect manipulation of the parameter Alias in the file maintenanceevents.shtm, resulting in a cross-site...

PT-2025-34136 · Scada-Lts · Scada-Lts

Name of the Vulnerable Software and Affected Versions: Scada-LTS versions prior to 2.7.8.2 Description: A vulnerability exists in Scada-LTS that allows for cross-site scripting XSS. The issue is related to the manipulation of the Alias argument within an unknown function of the maintenance...

Scada-LTS 代码注入漏洞

Scada-LTS is an open source, web-based, multi-platform solution from Scada-LTS Open Source. A code injection vulnerability exists in Scada-LTS version 2.7.8.1, which stems from improper manipulation of the alias parameter in the scheduledevents.shtm file, which could lead to a cross-site scriptin...

CVE-2025-55001

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 2.3.1 and below, OpenBao allowed the assignment of policies and MFA attribution based upon entity aliases, chosen by the underlying auth method. Whe...

Improper Neutralization

Overview Affected versions of this package are vulnerable to Improper Neutralization via the usernameasalias parameter in the LDAP authentication process. An attacker can gain unauthorized access to resources protected by multi-factor authentication by supplying a crafted username that bypasses...

CVE-2025-55001 OpenBao LDAP MFA Enforcement Bypass When Using Username As Alias

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 2.3.1 and below, OpenBao allowed the assignment of policies and MFA attribution based upon entity aliases, chosen by the underlying auth method. Whe...

CVE-2025-55001

OpenBao OpenBao LDAP MFA enforcement bypass (CVE-2025-55001) affects version 2.3.1 and earlier. When username_as_alias=true is used with LDAP auth, the caller-supplied username is used verbatim, bypassing alias-specific MFA requirements and potentially exposing confidential data and keys. The iss...

PT-2025-32383 · Openbao · Openbao

Name of the Vulnerable Software and Affected Versions: OpenBao versions 2.3.1 and below Description: OpenBao allows the assignment of policies and MFA attribution based on entity aliases. When the username as alias=true parameter in the LDAP auth method is used, the supplied username is used...

CVE-2021-28054

An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. A Stored Cross-Site Scripting XSS issue in "Configuration Hosts" allows remote authenticated users to inject arbitrary web script or HTML via the Alias parameter...