3225 matches found
EUVD-2024-52771
Malicious code in bioql PyPI...
EUVD-2023-26966
Malicious code in bioql PyPI...
EUVD-2023-54647
Malicious code in bioql PyPI...
EUVD-2023-42644
Malicious code in bioql PyPI...
EUVD-2022-27734
Malicious code in bioql PyPI...
EUVD-2022-33154
Malicious code in bioql PyPI...
EUVD-2023-28482
Malicious code in bioql PyPI...
GHSA-HG3J-6PMH-MVJR Fiora chat user avatar is vulnerable to XSS via SVG files
Cross Site Scripting XSS vulnerability in Fiora chat application 1.0.0 allows arbitrary JavaScript execution when malicious SVG files are rendered by other users...
CVE-2025-56514
Cross Site Scripting XSS vulnerability in Fiora chat application 1.0.0 allows executes arbitrary JavaScript when malicious SVG files are rendered by other users...
CVE-2025-56514
Cross Site Scripting XSS vulnerability in Fiora chat application 1.0.0 allows executes arbitrary JavaScript when malicious SVG files are rendered by other users...
CVE-2025-56515
CVE-2025-56515 affects Fiora chat application 1.0.0. The issue is in the user avatar SVG upload: content is not validated, allowing SVGs with foreignObject, iframe elements and JavaScript event handlers (e.g., onmouseover) to be uploaded and stored. When rendered, these SVGs execute arbitrary Jav...
PT-2025-40248
Name of the Vulnerable Software and Affected Versions Fiora chat application version 1.0.0 Description A Cross Site Scripting XSS issue exists in the Fiora chat application. The application allows the execution of arbitrary JavaScript code when malicious SVG files are rendered by other users...
PT-2025-40285
Name of the Vulnerable Software and Affected Versions Codazon Magento Themes versions 1.1.0.0 through 2.4.7 Description A reflected cross-site scripting XSS issue exists in Codazon Magento Themes. This allows attackers to execute arbitrary Javascript within a user's browser by injecting a crafted...
CVE-2025-57483
A reflected cross-site scripting XSS vulnerability in tawk.to chatbox widget v4 allows attackers to execute arbitrary Javascript in the context of the user's browser via injecting a crafted payload into the vulnerable parameter...
CVE-2025-57874
There is a reflected cross site scripting vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote authenticated attacker with administrative access to supply a crafted string which would execute arbitrary JavaScript code in the browser...
PT-2025-39965
Name of the Vulnerable Software and Affected Versions PAD CMS affected versions not specified Description PAD CMS is susceptible to Reflected Cross-Site Scripting XSS in the printing and save to PDF features. An attacker can create a specially crafted URL that, when opened by a user, leads to the...
CVE-2025-57769 FressRSS: Clickjacking can lead to XSS and/or privilege escalation
FreshRSS is a free, self-hostable RSS aggregator. Versions 1.26.3 and below contain a vulnerability where a specially crafted page can trick a user into executing arbitrary JS code or promoting a user in FreshRSS by obscuring UI elements in iframes. If embedding an authenticated iframe is possibl...
CVE-2025-35034 Medical Informatics Engineering Enterprise Health reflected cross site scripting via portlet_user_id
Medical Informatics Engineering Enterprise Health has a reflected cross site scripting vulnerability in the 'portletuserid' URL parameter. A remote, unauthenticated attacker can craft a URL that can execute arbitrary JavaScript in the victim's browser. This issue is fixed as of 2025-03-14...
CVE-2025-57875
There is a reflected cross site scripting vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote authenticated attacker with administrative access to supply a crafted string which would execute arbitrary JavaScript code in the browser...
CVE-2025-57874
There is a reflected cross site scripting vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote authenticated attacker with administrative access to supply a crafted string which would execute arbitrary JavaScript code in the browser...