128 matches found
Japan Total System多款产品 安全漏洞
Japan Total System GroupSession Free edition, among others, is an enterprise collaboration software from Japan Total System, a Japanese company. A security vulnerability exists in several Japan Total System products, which originates from unauthenticated WebSockets and may lead to the disclosure ...
Cross-site Scripting (XSS)
@lobehub/cha is vulnerable to a Cross-Site Scripting XSS. The vulnerability is due to unsafe SVG rendering due to SVGRenderer using dangerouslySetInnerHTML for image/svg+xml lobeArtifact content. An attacker can inject malicious SVGs via chat messages...
EUVD-2020-27264
Malware in sbrugna...
EUVD-2013-2983
Malware in sbrugna...
EUVD-2004-1570
Malware in sbrugna...
EUVD-2021-11160
Malware in sbrugna...
EUVD-2012-0939
Malware in sbrugna...
EUVD-2017-14718
Malware in sbrugna...
EUVD-2020-28366
Malware in sbrugna...
EUVD-2004-2353
Malware in sbrugna...
EUVD-2015-6197
Malware in sbrugna...
EUVD-2022-30302
Malicious code in bioql PyPI...
EUVD-2024-49753
Malicious code in bioql PyPI...
EUVD-2025-1844
Malicious code in bioql PyPI...
EUVD-2023-49450
Malicious code in bioql PyPI...
EUVD-2025-1845
Malicious code in bioql PyPI...
EUVD-2022-33592
Malicious code in bioql PyPI...
CVE-2025-53354 NiceGUI is vulnerable to Reflected XSS attack
NiceGUI is a Python-based UI framework. Versions 2.24.2 and below are at risk for Cross-Site Scripting XSS when developers render unescaped user input into the DOM using ui.html. NiceGUI did not enforce HTML or JavaScript sanitization, so applications that directly combine components like ui.inpu...
NiceGUI has a Reflected XSS
Summary A Cross-Site Scripting XSS risk exists in NiceGUI when developers render unescaped user input into the DOM using ui.html. Before version 3.0, NiceGUI does not enforce HTML or JavaScript sanitization, so applications that directly combine components like ui.input with ui.html without...
Cross-site Scripting (XSS)
Overview nicegui is a Create web-based user interfaces with Python. The nice way. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the ui.html or ui.chatmessage functions when unescaped user input is rendered directly into the DOM. An attacker can execute arbitrary...