39 matches found
CVE-2023-40812
OpenCRX version 5.2.0 is vulnerable to HTML injection via the Accounts Group Name Field...
EUVD-2020-29001
Malware in sbrugna...
EUVD-2023-42123
Malicious code in bioql PyPI...
EUVD-2023-2861
Malicious code in bioql PyPI...
EUVD-2025-29211
Malicious code in bioql PyPI...
CVE-2025-52344
Multiple Cross Site Scripting XSS vulnerabilities in input fields in Explorance Blue 8.1.2 allows attackers to inject arbitrary JavaScript code on the user's browser via the Group name and Project Description input fields...
CVE-2025-52344
Multiple Cross Site Scripting XSS vulnerabilities in input fields in Explorance Blue 8.1.2 allows attackers to inject arbitrary JavaScript code on the user's browser via the Group name and Project Description input fields...
PT-2025-37729
Name of the Vulnerable Software and Affected Versions Explorance Blue version 8.1.2 Description Explorance Blue version 8.1.2 contains multiple Cross Site Scripting XSS vulnerabilities in input fields. These vulnerabilities allow attackers to inject arbitrary JavaScript code into a user’s browser...
Exploit for Code Injection in Formtools Form_Tools
Form-Tools-3.1.1-RCE CVE-2024-22722 RCE via SSTI Automation wi...
CVE-2020-8089
Piwigo 2.10.1 is affected by stored XSS via the Group Name Field to the grouplist page...
Webmin < 2.100 Multiple Vulnerabilities
According to its self-reported version, the Webmin install hosted on the remote host is prior to 2.100. It is, therefore, affected by multiple vulnerabilities: - A Cross-Site Scripting XSS vulnerability exists in the Users Real name parameter. - A Cross-Site Scripting XSS vulnerability exists in...
Cross-site Scripting (XSS)
Overview camaleoncms is a dynamic and advanced content management system based on Ruby on Rails as an alternative to Wordpress. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the content group name field. An attacker can execute arbitrary scripts or commands by...
CVE-2024-22722
Server Side Template Injection SSTI vulnerability in Form Tools 3.1.1 allows attackers to run arbitrary commands via the Group Name field under the add forms section of the application...
CVE-2024-22722
CVE-2024-22722 is a Server-Side Template Injection (SSTI) vulnerability in Form Tools 3.1.1. Affected component is the form-creation workflow, specifically the Group Name field under Add Forms, where SSTI can lead to arbitrary command execution. Publicly available exploit(s) exist: a GitHub proje...
CVE-2024-22722
Server Side Template Injection SSTI vulnerability in Form Tools 3.1.1 allows attackers to run arbitrary commands via the Group Name field under the add forms section of the application...
PT-2024-19542
Name of the Vulnerable Software and Affected Versions Form Tools version 3.1.1 Description A Server Side Template Injection SSTI issue allows attackers to run arbitrary commands via the Group Name field under the add forms section of the application. Recommendations For Form Tools version 3.1.1,...
CVE-2024-2179
Concrete CMS version 9 before 9.2.7 is vulnerable to Stored XSS via the Name field of a Group type since there is insufficient validation of administrator provided data for that field. A rogue administrator could inject malicious code into the Name field which might be executed when users visit t...
Input validation
Concrete CMS version 9 before 9.2.7 is vulnerable to Stored XSS via the Name field of a Group type since there is insufficient validation of administrator provided data for that field. A rogue administrator could inject malicious code into the Name field which might be executed when users visit t...
PT-2024-19058 · Unknown · Concrete Cms
Name of the Vulnerable Software and Affected Versions: Concrete CMS versions 9.0.0 through 9.2.6 Description: The issue is related to insufficient validation of administrator-provided data for the Name field of a Group type, allowing a rogue administrator to inject malicious code, which might be...
GHSA-3G79-J8HQ-R4XV Cross-site Scripting in OpenCRX
OpenCRX version 5.2.0 is vulnerable to HTML injection via the Accounts Group Name Field...