EUVD-2022-2986

Malicious code in bioql PyPI...

EUVD-2022-4892

Malicious code in bioql PyPI...

EUVD-2022-34456

Malicious code in bioql PyPI...

EUVD-2022-40803

Malicious code in bioql PyPI...

EUVD-2022-49684

Malicious code in bioql PyPI...

EUVD-2023-1264

Malicious code in bioql PyPI...

EUVD-2022-3757

Malicious code in bioql PyPI...

Vite 访问控制错误漏洞

Vite is a new front-end build tool from Vite Open Source. An access control error vulnerability exists in Vite versions prior to 7.1.5, prior to 7.0.7, prior to 6.3.6, and prior to 5.4.20, which stems from explicitly exposing the Vite development server to the network resulting in arbitrary HTML...

CVE-2025-53835

XWiki Rendering is a generic rendering system that converts textual input in a given syntax wiki syntax, HTML, etc into another syntax XHTML, etc. Starting in version 5.4.5 and prior to version 14.10, the XHTML syntax depended on the xdom+xml/current syntax which allows the creation of raw blocks...

GHSA-P85Q-MWW9-GWQF Citizen Short Description stored XSS vulnerability through wikitext

Summary Short descriptions are not properly sanitized by the ShortDescription before being inserted as HTML using mw.util.addSubtitle, allowing any user to insert arbitrary HTML into the DOM by editing a page. Details The description provided by the user via the SHORTDESC: parser function is...

GHSA-PRMV-7R8C-794G Citizen vulnerable to Stored XSS through short descriptions

Summary Short descriptions set via the ShortDescription extension are inserted as raw HTML by the Citizen skin, allowing any user to insert arbitrary HTML into the DOM by editing a page. Details The shortdesc property, which contains unsanitized user input, is retrieved from the OutputPage and...

CVE-2025-53370

Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. From versions 1.9.4 to before 3.4.0, short descriptions set via the ShortDescription extension are inserted as raw HTML by the Citizen skin, allowing any user to insert arbitrary HTML into the DOM by editing a page...

CVE-2025-53370 Citizen stored XSS vulnerability through short descriptions

Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. From versions 1.9.4 to before 3.4.0, short descriptions set via the ShortDescription extension are inserted as raw HTML by the Citizen skin, allowing any user to insert arbitrary HTML into the DOM by editing a page...

CVE-2025-5967

A stored cross-site scripting vulnerability in ENS HX 10.0.4 allows a malicious user to inject arbitrary HTML into the ENS HX Malware Scan Name field, resulting in the exposure of sensitive data...

CVE-2025-53093

TabberNeue is a MediaWiki extension that allows the wiki to create tabs. Starting in version 3.0.0 and prior to version 3.1.1, any user can insert arbitrary HTMLinto the DOM by inserting a payload into any allowed attribute of the tag. Version 3.1.1 contains a patch for the bug...

CVE-2025-53093 TabberNeue vulnerable to Stored XSS through wikitext

TabberNeue is a MediaWiki extension that allows the wiki to create tabs. Starting in version 3.0.0 and prior to version 3.1.1, any user can insert arbitrary HTMLinto the DOM by inserting a payload into any allowed attribute of the tag. Version 3.1.1 contains a patch for the bug...

filebrowser allows Stored Cross-Site Scripting through the Markdown preview function

Summary The Markdown preview function of File Browser v2.32.0 is vulnerable to Stored Cross-Site-Scripting XSS. Any JavaScript code that is part of a Markdown file uploaded by a user will be executed by the browser Impact A user can upload a malicious Markdown file to the application which can...

MediaWiki >= 2.4.2 < 3.3.1 Multiple Vulnerabilities

MediaWiki is prone to multiple vulnerabilities. Note: This VT has been deprecated as it had targeted the wrong product. It is therefore no longer functional. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

HTML Injection

starcitizentools/citizen-skin is vulnerable to HTML Injection. The vulnerability is due to improper handling and lack of sanitization of user-editable messages that are directly rendered as HTML, allows an attacker to inject arbitrary HTML into the DOM...

CVE-2025-45878

A cross-site scripting XSS vulnerability in the report manager function of Miliaris Amigdala v2.2.6 allows attackers to execute arbitrary HTML in the context of a user's browser via a crafted payload...