CVE-2026-53473

A flaw was found in migration-planner-ui-app. An attacker can register a malicious discovery agent with a specially crafted credentialUrl containing JavaScript code. When an organizational user clicks this link in the user interface, the embedded malicious code executes within the user's browser...

CVE-2026-4293

The affected Kieback & Peter DDC building controllers are vulnerable to cross-site scripting, enabling JavaScript to be executed by the victim's browser, which allows the attacker to control the browser...

CVE-2026-41468

Beghelli Sicuro24 SicuroWeb embeds AngularJS 1.5.2, an end-of-life component containing known sandbox escape primitives. When combined with template injection present in the same application, these primitives allow attackers to escape the AngularJS sandbox and achieve arbitrary JavaScript executi...

CVE-2026-41468

Beghelli Sicuro24 SicuroWeb uses AngularJS 1.5.2, an end-of-life component, which together with in-app template injection enables sandbox escape and arbitrary JavaScript execution in operator browser sessions. This can lead to session hijacking, DOM manipulation, and persistent browser compromise...

CVE-2026-27503

SVXportal version 2.5 and prior contain a reflected cross-site scripting vulnerability in admin/log.php via the search query parameter. When an authenticated administrator views a crafted URL, the application embeds the unsanitized parameter value directly into an HTML input value attribute,...

EUVD-2025-204366

A stored cross-site scripting vulnerability in Kentico Xperience allows administration users to inject malicious scripts via email marketing templates. Attackers can exploit this vulnerability to execute malicious scripts that could compromise user browsers and steal sensitive information...

CVE-2022-50680

A stored cross-site scripting vulnerability in Kentico Xperience allows administration users to inject malicious scripts via email marketing templates. Attackers can exploit this vulnerability to execute malicious scripts that could compromise user browsers and steal sensitive information...

PT-2025-49281

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/action/schedule endpoint. When an authenticated user adds a schedule to an existing task, the schedule name is stored and later rendered in schedule listings without HTML...

CVE-2025-42886

Due to a Reflected Cross-Site Scripting XSS vulnerability in SAP Business Connector, an unauthenticated attacker could generate a malicious link and make it publicly accessible. If an authenticated victim accesses this link, the injected input is processed during web page generation, resulting in...

CVE-2023-53689

Nagios Fusion versions prior to 4.2.0 contain a reflected cross-site scripting XSS vulnerability in the license key configuration flow that can result in execution of attacker-controlled script in the browser of a user who follows a crafted URL. While the application server itself is not directly...

CVE-2023-53689 Nagios Fusion < 4.2.0 License Information Reflected XSS

Nagios Fusion versions prior to 4.2.0 contain a reflected cross-site scripting XSS vulnerability in the license key configuration flow that can result in execution of attacker-controlled script in the browser of a user who follows a crafted URL. While the application server itself is not directly...

EUVD-2023-53983

Malicious code in bioql PyPI...

EUVD-2023-58252

Malicious code in bioql PyPI...

PT-2025-37747

Name of the Vulnerable Software and Affected Versions: color-convert versions prior to 3.1.2 Description: The npm package color-convert was compromised through a phishing attack on the publishing account. A malicious version 3.1.1 was published containing a payload designed to redirect...

Exploit for Improper Input Validation in Mozilla Firefox

Full chain exploit for CVE-2019-11708 & CVE-2019-9810 This is a full browser compromise exploit chain CVE-2019-11708 & CVE-2019-9810 targeting Firefox on Windows 64-bit. It uses CVE-2019-9810 for getting code execution in both the content process as well as the parent process and CVE-2019-11708 t...

CVE-2024-10727

A reflected cross-site scripting XSS vulnerability exists in phpipam/phpipam versions 1.5.0 through 1.6.0. The vulnerability arises when the application receives data in an HTTP request and includes that data within the immediate response in an unsafe manner. This allows an attacker to execute...

Design/Logic Flaw

A CWE-79 Improper Neutralization of Input During Web Page Generation vulnerability exists that could cause compromise of a user’s browser when an attacker with admin privileges has modified system values...

CVE-2023-4093

Reflected and persistent XSS vulnerability in Arconte Áurea, in its 1.5.0.0 version. The exploitation of this vulnerability could allow an attacker to inject malicious JavaScript code, compromise the victim's browser and take control of it, redirect the user to malicious domains or access...

Cross site scripting

Reflected and persistent XSS vulnerability in Arconte Áurea, in its 1.5.0.0 version. The exploitation of this vulnerability could allow an attacker to inject malicious JavaScript code, compromise the victim's browser and take control of it, redirect the user to malicious domains or access...

Malicious code in seelnium (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 439c4046e46e9c31399bec0ec35d882c7678bb74ffb65721ed09b0b53a33f285 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...