132 matches found
ruby-web-vulnerability-tester
ruby-web-vulnerability-tester 🔎 Ruby Web Application Vulnera...
CVE-2021-47699
Nagios XI versions prior to 5.8.7 are vulnerable to cross-site scripting XSS via the Audit Log page’s Send to NLS form. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...
Adobe Experience Manager 跨站脚本漏洞
Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee Adobe. The solution supports mobile content management, marketing and sales campaign management, and multi-site management. A...
EUVD-2005-4269
Malware in sbrugna...
EUVD-2012-0708
Malware in sbrugna...
EUVD-2021-25047
Malware in sbrugna...
CVE-2025-29192
Flowise before 3.0.5 allows XSS via a FORM element and an INPUT element when an admin views the chat log...
GHSA-WQ95-WR7M-26H4 Duplicate Advisory: Flowise Stored XSS vulnerability through logs in chatbot
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-7r4h-vmj9-wg42. This link is maintained to preserve external references. Original Description Flowise before 3.0.5 allows XSS via a FORM element and an INPUT element when an admin views the chat log...
CVE-2025-29192
Flowise before 3.0.5 allows XSS via a FORM element and an INPUT element when an admin views the chat log...
CVE-2025-29192
Flowise before 3.0.5 allows XSS via a FORM element and an INPUT element when an admin views the chat log...
CVE-2025-29192
Flowise before 3.0.5 allows XSS via a FORM element and an INPUT element when an admin views the chat log...
CVE-2025-29192
Flowise before 3.0.5 allows XSS via a FORM element and an INPUT element when an admin views the chat log...
CVE-2025-29192
FlowiseAI Flowise prior to 3.0.5 is vulnerable to Cross-Site Scripting (XSS) via FORM and INPUT elements in the chat log when viewed by an admin. The issue is consistently described across sources as a stored XSS variant introduced by insufficient sanitization of chat-log form fields. Affected so...
EUVD-2025-29844
Malicious code in bioql PyPI...
EUVD-2024-19715
Malicious code in bioql PyPI...
CVE-2025-9083 Ninja-forms < 3.11.1 - Unauthenticated PHP Objection
The Ninja Forms WordPress plugin before 3.11.1 unserializes user input via form field, which could allow Unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog...
CVE-2025-9083 Ninja-forms < 3.11.1 - Unauthenticated PHP Objection
The Ninja Forms WordPress plugin before 3.11.1 unserializes user input via form field, which could allow Unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog...
CVE-2021-38607
Crocoblock JetEngine before 2.6.1 allows XSS by remote authenticated users via a custom form input...
CVE-2018-11773
Apache VCL versions 2.1 through 2.5 do not properly validate form input when processing a submitted block allocation. The form data is then used as an argument to the php built in function strtotime. This allows for an attack against the underlying implementation of that function. The...
CVE-2018-11774
Apache VCL versions 2.1 through 2.5 do not properly validate form input when adding and removing VMs to and from hosts. The form data is then used in SQL statements. This allows for an SQL injection attack. Access to this portion of a VCL system requires admin level rights. Other layers of securi...