103 matches found
CVE-2025-34266 Advantech WISE-DeviceOn Server < 5.4 Authenticated Stored XSS via plugin-config/addins/menus
Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/plugin-config/addins/menus endpoint. When an authenticated user adds or edits an AddIns menu entry, the label and path values are stored in plugin configuration data and lat...
CVE-2025-34259 Advantech WISE-DeviceOn Server < 5.4 Authenticated Stored XSS via devicemap/building
Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/devicemap/building endpoint. When an authenticated user creates a map entry, the name parameter is stored and later rendered in the map list UI without HTML sanitzation. An...
EUVD-2019-7087
Malware in sbrugna...
EUVD-2021-11417
Malware in sbrugna...
EUVD-2021-2008
Malware in sbrugna...
EUVD-2020-17663
Malware in sbrugna...
CVE-2025-9487 Admin and Site Enhancements < 7.9.8 - Authenticated Stored XSS via SVG
The Admin and Site Enhancements ASE WordPress plugin before 7.9.8 does not sanitise SVG files when uploaded via xmlrpc.php when such uploads are enabled, which could allow users to upload a malicious SVG containing XSS payloads...
CVE-2025-40696
CVE-2025-40696 affects Online Fire Reporting System v1.2 (PHPGurukul). The vulnerability is a stored authenticated XSS in /ofrs/reporting.php caused by insufficient validation of POST parameters fullname, location, and message. This could allow an authenticated attacker to craft input that steals...
CVE-2025-41053
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/commonresource...
CVE-2025-41048
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/admin...
CVE-2025-41040
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'datacode', 'datalang0key', 'datalang0value', 'datalang1key' and 'datatitle' parameters in /apprain/developer/language/lipsum.xm...
CVE-2025-41058
appRain CMF 4.0.5 is affected by a stored authenticated XSS vulnerability in the /apprain/developer/addons/update/row_manager endpoint. The issue arises from improper validation of user input in the parameters data[Addon][layouts] and data[Addon][layouts_except], enabling an attacker to inject sc...
CVE-2025-41050 Stored Cross-Site Scripting vulnerability in appRain CMF
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/baselibs...
Linux Distros Unpatched Vulnerability : CVE-2016-2559
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cross-site scripting XSS vulnerability in the format function in libraries/sql- parser/src/Utils/Error.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.5.1...
Linux Distros Unpatched Vulnerability : CVE-2017-6814
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In WordPress before 4.7.3, there is authenticated Cross-Site Scripting XSS via Media File Metadata. This is demonstrated by both 1 mishandling of the playlist...
Drupal GoogleTag Manager module < 1.10.0 - Authenticated Cross Site Scripting (XSS) vulnerability
Authenticated Cross Site Scripting XSS vulnerability discovered by Pierre Rudloff prudloff in WordPress Module GoogleTag Manager versions 1.10.0...
CVE-2025-52896 Frappe authenticated XSS via data import
Frappe is a full-stack web application framework. Prior to versions 14.94.2 and 15.57.0, authenticated users could upload carefully crafted malicious files via Data Import, leading to cross-site scripting XSS. This issue has been patched in versions 14.94.2 and 15.57.0. There are no workarounds f...
CVE-2023-47658
Auth. ShopManager+ Stored Cross-Site Scripting XSS vulnerability in actpro Extra Product Options for WooCommerce plugin = 3.0.3 versions...
CVE-2020-13980
OpenCart 3.0.3.3 allows remote authenticated users to conduct XSS attacks via a crafted filename in the users' image upload section because of a lack of entity encoding. NOTE: this issue exists because of an incomplete fix for CVE-2020-10596. The vendor states "this is not a massive issue as you...
Drupal TacJS module < 6.7.0 - Authenticated Cross Site Scripting (XSS) vulnerability
Authenticated Cross Site Scripting XSS vulnerability discovered by Pierre Rudloff prudloff in WordPress Module TacJS versions 6.7.0...