58 matches found
PT-2026-40798
The locally served web site on the Garmin WDU v1 1.4.6 and v2 5.0 allows its authentication to be bypassed. The WDU web site only performs authentication with the client within the client's browser. The WebSockets used to communicate with the WDU server do not enforce any authentication. An...
EUVD-2023-28014
Malicious code in bioql PyPI...
EUVD-2023-28021
Malicious code in bioql PyPI...
PT-2025-32681 · Hydra · Hydra
Name of the Vulnerable Software and Affected Versions: Hydra versions prior to commit dea1e16 Description: Hydra, a continuous integration service for Nix based projects, is susceptible to arbitrary JavaScript code injection into its database. A malicious package can introduce this code, which is...
Arbitrary Code Injection
pyLoad-ng is vulnerable to Arbitrary Code Injection. The vulnerability is due to unsafe JavaScript evaluation caused by insecure CAPTCHA processing logic that allows unauthenticated remote attackers to execute arbitrary code in the client browser and potentially on the backend server...
CVE-2025-31325 Cross-Site Scripting (XSS) Vulnerability in SAP NetWeaver (ABAP Keyword Documentation)
Due to a Cross-Site Scripting vulnerability in SAP NetWeaver ABAP Keyword Documentation, an unauthenticated attacker could inject malicious JavaScript into a web page through an unprotected parameter. When a victim accesses the affected page, the script executes in their browser, providing the...
CVE-2023-23949
An authenticated user can supply malicious HTML and JavaScript code that will be executed in the client browser...
CVE-2023-23956
A user can supply malicious HTML and JavaScript code that will be executed in the client browser...
CVE-2021-32671
Flarum is a forum software for building communities. Flarum's translation system allowed for string inputs to be converted into HTML DOM nodes when rendered. This change was made after v0.1.0-beta.16 our last beta before v1.0.0 and was not noticed or documented. This allowed for any user to type...
CVE-2002-2060
Buffer overflow in Links 2.0 pre4 allows remote attackers to crash client browsers and possibly execute arbitrary code via gamma tables in large 16-bit PNG images...
CVE-2024-6516
Cross Site Scripting vulnerabilities where found providing a potential for malicious scripts to be injected into a client browser. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02...
CVE-2024-36459
CVE-2024-36459 is a CRLF cross-site scripting issue identified in SiteMinder Web Agent for IIS Web Server and SiteMinder Web Agent for Domino Web Server. Affected components are the Web Agent implementations for IIS and Domino; the vulnerability allows an attacker to execute arbitrary Javascript ...
CVE-2024-36459 Cross-Site Scripting Vulnerability in Symantec SiteMinder Web Agent
A CRLF cross-site scripting vulnerability has been identified in certain configurations of the SiteMinder Web Agent for IIS Web Server and SiteMinder Web Agent for Domino Web Server. As a result, an attacker can execute arbitrary Javascript code in a client browser...
CVE-2023-23956
A user can supply malicious HTML and JavaScript code that will be executed in the client browser...
CVE-2023-23956
A user can supply malicious HTML and JavaScript code that will be executed in the client browser...
Input validation
A user can supply malicious HTML and JavaScript code that will be executed in the client browser...
PT-2023-19322 · Broadcom · Symantec Siteminder Webagent
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: A user can supply malicious HTML and JavaScript code that will be executed in the client browser. Recommendations: At the moment, there is no information about a newer version that...
Broadcom Symantec SiteMinder 跨站脚本漏洞
Broadcom Symantec SiteMinder is an identity provider and federation system from Broadcom, Inc. It provides access to web applications and portals. A security vulnerability exists in Broadcom Symantec SiteMinder version 12.52. An attacker could exploit this vulnerability to execute malicious HTML...
CVE-2023-23956
A user can supply malicious HTML and JavaScript code that will be executed in the client browser...
K24383845: Bootstrap vulnerability CVE-2019-8331
Security Advisory Description In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute. CVE-2019-8331 Impact An attacker can inject a malicious script into a client browser. Additionally, an attacker can trick a user into running maliciou...