85 matches found
CVE-2019-25312
InoERP 0.7.2 contains a persistent cross-site scripting vulnerability in the comment section that allows unauthenticated attackers to inject malicious scripts. Attackers can submit comments with JavaScript payloads that execute in other users' browsers, potentially stealing cookies and session...
CVE-2019-25312 InoERP 0.7.2 - Persistent Cross-Site Scripting
InoERP 0.7.2 contains a persistent cross-site scripting vulnerability in the comment section that allows unauthenticated attackers to inject malicious scripts. Attackers can submit comments with JavaScript payloads that execute in other users' browsers, potentially stealing cookies and session...
CVE-2019-25312
InoERP 0.7.2 contains a persistent cross-site scripting vulnerability in the comment section that allows unauthenticated attackers to inject malicious scripts. Attackers can submit comments with JavaScript payloads that execute in other users' browsers, potentially stealing cookies and session...
inoERP 跨站脚本漏洞
inoERP is an open-source enterprise management system developed by Nishit as a personal project. Version 0.7.2 of inoERP contains a cross-site scripting vulnerability. This vulnerability stems from the comment section, where stored cross-site scripts may allow unverified attackers to inject...
CVE-2025-67025
Cross Site Scripting vulnerability in Anycomment anycomment.io 0.4.4 allows a remote attacker to execute arbitrary code via the Anycomment comment section...
CVE-2025-67025
Cross Site Scripting vulnerability in Anycomment anycomment.io 0.4.4 allows a remote attacker to execute arbitrary code via the Anycomment comment section...
CVE-2025-67025
Cross Site Scripting vulnerability in Anycomment anycomment.io 0.4.4 allows a remote attacker to execute arbitrary code via the Anycomment comment section...
CVE-2025-67025
Cross Site Scripting vulnerability in Anycomment anycomment.io 0.4.4 allows a remote attacker to execute arbitrary code via the Anycomment comment section...
EUVD-2026-2716
Cross Site Scripting vulnerability in Anycomment anycomment.io 0.4.4 allows a remote attacker to execute arbitrary code via the Anycomment comment section...
PT-2026-3113
Name of the Vulnerable Software and Affected Versions Anycomment version 0.4.4 Description A Cross Site Scripting issue exists in Anycomment. This allows a remote attacker to execute arbitrary code through the Anycomment comment section. Recommendations At the moment, there is no information abou...
CVE-2025-67025
Cross Site Scripting vulnerability in Anycomment anycomment.io 0.4.4 allows a remote attacker to execute arbitrary code via the Anycomment comment section...
AnyComment security vulnerability
AnyComment is an embedded comment system tool developed by the Russian company AnyComment. Version 0.4.4 of AnyComment contains a security vulnerability; this vulnerability arises from the lack of input cleaning in the comment section, which may lead to cross-site scripting attacks...
CVE-2025-67025
Cross Site Scripting vulnerability in Anycomment anycomment.io 0.4.4 allows a remote attacker to execute arbitrary code via the Anycomment comment section...
CVE-2025-67025
CVE-2025-67025: Cross Site Scripting in Anycomment (anycomment.io) version 0.4.4 allows a remote attacker to run arbitrary code via the comment section. Affected product is Anycomment.io; root cause is XSS in the comment handling. Documented impact is execution of arbitrary code; no patch/version...
CVE-2025-51962
A HTML Injection vulnerability in the comment section of the project page in MicroStudio 24.01.29 allows remote attackers to inject arbitrary web script or HTML via the text parameter of addprojectcomment function...
EUVD-2021-0485
Malware in sbrugna...
EUVD-2003-1536
Malware in sbrugna...
EUVD-2018-10628
Malware in sbrugna...
EUVD-2022-45103
Malicious code in bioql PyPI...
CVE-2021-3137
XWiki 12.10.2 allows XSS via an SVG document to the upload feature of the comment section...