PT-2026-24824

Copyparty is a portable file server. Prior to 1.20.12, if an attacker has been given both read- and write-permissions to the server, they can upload a malicious file with the filename .prologue.html and then craft a link to potentially execute arbitrary JavaScript in the victim's context. Note th...

CVE-2026-3343

A reflected cross-site scripting XSS vulnerability in the Fireware OS Web UI enabled execution of malicious JavaScript in the context of an authenticated management user's browser when they click on a specially crafted link. This vulnerability affects Fireware OS 12.7 up to and including 12.11.7...

EUVD-2024-53457

Malicious code in bioql PyPI...

EUVD-2024-53456

Malicious code in bioql PyPI...

CVE-2025-25330

Technical details are not publicly available in the provided documents. No specifics on affected components, root cause, or exploitability are disclosed. Monitor for updates from official sources.

CVE-2024-56953

An issue in Baidu China Co Ltd Baidu Input Method iOS version v12.6.13 allows attackers to access user information via supplying a crafted link...

CVE-2023-48591

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting DOM-based XSS vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the...

CVE-2023-20242

A vulnerability in the web-based management interface of Cisco Unified Communications Manager Unified CM, Cisco Unified CM Session Management Edition Unified CM SME, and Cisco Unified Communications Manager IM & Presence Service Unified CM IM&P could allow an unauthenticated, remote attacker to...

Casdoor 跨站请求伪造漏洞

Casdoor is an open source Identity and Access Management IAM/Single Sign-On SSO platform with a Web UI that supports OAuth 2.0/OIDC and SAML authentication. A security vulnerability exists in Casdoor v1.331.0 and earlier versions that could allow an attacker to arbitrarily change a victim user's...

PT-2023-2591 · Cisco · Cisco Nexus Dashboard

Name of the Vulnerable Software and Affected Versions: Cisco Nexus Dashboard affected versions not specified Description: The issue is related to the web-based management interface of Cisco Nexus Dashboard, where insufficient user input validation allows for cross-site scripting XSS attacks. An...

Mozilla: iframe allow-scripts sandbox bypass

The Mozilla Foundation Security Advisory describes this flaw as: If an attacker could control the contents of an iframe sandboxed with allow-popups but not allow-scripts, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox...

Cisco Webex Meetings 输入验证错误漏洞

Cisco Webex Meetings provides affordable enterprise virtual meeting solutions. An open redirect vulnerability exists in the Web management interface of Cisco Webex Meetings. The vulnerability stems from improper validation of the input of URL parameters in an HTTP request. An attacker could explo...

Cisco Webex Meetings 跨站脚本漏洞

Cisco Webex Meetings provides affordable enterprise virtual meeting solutions. A cross-site scripting vulnerability exists in the API in Cisco Webex Meetings. The vulnerability stems from improper validation of user input provided to the application programming interface API. An attacker could...

CVE-2020-3561

A vulnerability in the Clientless SSL VPN WebVPN of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to inject arbitrary HTTP headers in the responses of the affected system. The vulnerability is due to...

CVE-2019-12695

A vulnerability in the Clientless SSL VPN WebVPN portal of Cisco Adaptive Security Appliance ASA and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an...

The vulnerability in the web interface of Cisco Enterprise Chat and Email Center allows a perpetrator to execute arbitrary code or disclose protected information.

The vulnerability in the web interface of Cisco Enterprise Chat and Email Center exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or disclose sensitive information through a specially create...

CVE-2019-1702

Multiple vulnerabilities in the web-based management interface of Cisco Enterprise Chat and Email could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of the affected software. The vulnerabilities are due...

Cisco Wireless LAN Controller Software Cross-Site Scripting Vulnerability

Cisco Wireless LAN Controller WLC is a wireless LAN controller product from Cisco USA. The product provides security policy, intrusion detection and other functions in the wireless LAN. A cross-site scripting vulnerability exists in Cisco Wireless LAN Controller Software due to a web-based...

SAP NetWeaver Open Redirect Vulnerability

SAP NetWeaver is the German SAP SAP company's set of service-oriented integrated application platform. The platform provides a development and runtime environment for SAP applications. An open redirection vulnerability exists in SAP NetWeaver. An attacker can exploit the vulnerability by executin...