114 matches found
CVE-2025-13232
A flaw has been found in projectsend up to r1720. Impacted is an unknown function of the component File Editor/Custom Download Aliases. This manipulation causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been published and may be used. Upgrading to...
EUVD-2025-197711
A flaw has been found in projectsend up to r1720. Impacted is an unknown function of the component File Editor/Custom Download Aliases. This manipulation causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been published and may be used. Upgrading to...
CVE-2025-13232
A flaw has been found in projectsend up to r1720. Impacted is an unknown function of the component File Editor/Custom Download Aliases. This manipulation causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been published and may be used. Upgrading to...
CVE-2025-13232
A flaw has been found in projectsend up to r1720. Impacted is an unknown function of the component File Editor/Custom Download Aliases. This manipulation causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been published and may be used. Upgrading to...
CVE-2025-13232 projectsend File Editor/Custom Download Aliases cross site scripting
A flaw has been found in projectsend up to r1720. Impacted is an unknown function of the component File Editor/Custom Download Aliases. This manipulation causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been published and may be used. Upgrading to...
CVE-2025-13232
CVE-2025-13232 affects ProjectSend up to r1720, specifically the File Editor/Custom Download Aliases component. The issue is a cross-site scripting vulnerability arising from manipulation of an unknown function within that component, enabling remote exploitation. Public exploit exists and has bee...
CVE-2025-13232 projectsend File Editor/Custom Download Aliases cross site scripting
A flaw has been found in projectsend up to r1720. Impacted is an unknown function of the component File Editor/Custom Download Aliases. This manipulation causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been published and may be used. Upgrading to...
PT-2025-47065
Name of the Vulnerable Software and Affected Versions ProjectSend versions prior to r1945 Description A cross-site scripting issue exists in ProjectSend up to version r1720. The flaw is located within the File Editor/Custom Download Aliases component and involves an unknown function. This...
ProjectSend 代码注入漏洞
ProjectSend cFTP is the ProjectSend open source suite of self-hosted applications based on PHP and MySQL. A code injection vulnerability exists in ProjectSend r1720 and earlier versions, which stems from a misbehavior of the component File Editor/Custom Download Aliases and could lead to cross-si...
EUVD-2017-16560
Malware in sbrugna...
EUVD-2012-4039
Malware in sbrugna...
EUVD-2020-2577
Malware in sbrugna...
EUVD-2024-43720
Malicious code in bioql PyPI...
EUVD-2025-2984
Malicious code in bioql PyPI...
EUVD-2023-45168
Malicious code in bioql PyPI...
MAL-2025-47217 Malicious code in @crowdstrike/logscale-file-editor (npm)
Suspicious postinstall script executing bundle.js and YARA rule match for excessive bitwise math indicate likely malicious behavior. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1c0f2b92ed507c0c5be3665db16bf307e19440b594539d07854669c027545b6c Any computer that ha...
Malicious code in @crowdstrike/logscale-file-editor (npm)
Suspicious postinstall script executing bundle.js and YARA rule match for excessive bitwise math indicate likely malicious behavior. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1c0f2b92ed507c0c5be3665db16bf307e19440b594539d07854669c027545b6c Any computer that ha...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...
CVE-2025-54544
QuickCMS is vulnerable to Stored XSS via aDirFilesDescriptions parameter in files editor functionality. Malicious attacker with admin privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. By default admin user is not able to add...
CVE-2025-54544
Product affected: QuickCMS. Vulnerability: Stored XSS via the aDirFilesDescriptions parameter in the files editor. Impact: Malicious HTML/JS can be injected and executed when visiting the edited page. Prerequisites: Attacker must have admin privileges. Evidence from sources: Only version 6.8 was ...