EUVD-2022-2530

Malicious code in bioql PyPI...

EUVD-2022-0630

Malicious code in bioql PyPI...

EUVD-2022-3053

Malicious code in bioql PyPI...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the related asset selector. An attacker can execute arbitrary web scripts or inject malicious HTML by submitting crafted payloads into the First Name, Middle Name, or Last Name text fields. Details Cross-sit...

Linux Distros Unpatched Vulnerability : CVE-2024-45699

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The endpoint /zabbix.php?action=export.valuemaps suffers from a Cross-Site Scripting vulnerability via the backurl parameter. This is caused by the reflection o...

Linux Distros Unpatched Vulnerability : CVE-2020-25828

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. The non- jqueryMsg version of mw.message.parse doesn't escape HTML...

vue-i18n 跨站脚本漏洞

vue-i18n is an application from intlify open source. A cross-site scripting vulnerability exists in vue-i18n versions prior to 9.0.0 through 9.14.5, prior to 10.0.8, and prior to 11.1.0, which stems from insufficient HTML context parameter escaping and could lead to a DOM-type cross-site scriptin...

Exploit for CVE-2025-46181

CVE-2025-46181 - Reflected XSS in an Online Appointment Bookin...

CVE-2024-27794

Claris FileMaker Server before version 20.3.2 was susceptible to a reflected Cross-Site Scripting vulnerability due to an improperly handled parameter in the FileMaker WebDirect login endpoint. The vulnerability was resolved in FileMaker Server 20.3.2 by escaping the HTML contents of the login...

CVE-2024-21628

PrestaShop is an open-source e-commerce platform. Prior to version 8.1.3, the isCleanHtml method is not used on this this form, which makes it possible to store a cross-site scripting payload in the database. The impact is low because the HTML is not interpreted in BO, thanks to twig's escape...

CVE-2024-33859

An issue was discovered in Logpoint before 7.4.0. HTML code sent through logs wasn't being escaped in the "Interesting Field" Web UI, leading to XSS...

CVE-2022-36446

software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command...

CVE-2021-41132

OMERO.web provides a web based client and plugin infrastructure. In versions prior to 5.11.0, a variety of templates do not perform proper sanitization through HTML escaping. Due to the lack of sanitization and use of jQuery.html, there are a whole host of cross-site scripting possibilities with...

CVE-2021-3346

Foris before 101.1.1, as used in Turris OS, lacks certain HTML escaping in the login template...

CVE-2021-32702

The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Versions before and including 1.4.1 are vulnerable to reflected XSS. An attacker can execute arbitrary code by providing an XSS payload in the error query parameter which is then processed by the...

CVE-2021-44263

Gurock TestRail before 7.2.4 mishandles HTML escaping...

Cross-site Scripting (XSS)

github.com/beego/beego is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper HTML escaping due to user-controlled data not being sanitized in the RenderForm function...

CVE-2025-30223

Beego is an open-source web framework for the Go programming language. Prior to 2.3.6, a Cross-Site Scripting XSS vulnerability exists in Beego's RenderForm function due to improper HTML escaping of user-controlled data. This vulnerability allows attackers to inject malicious JavaScript code that...

CVE-2024-45699

The endpoint /zabbix.php?action=export.valuemaps suffers from a Cross-Site Scripting vulnerability via the backurl parameter. This is caused by the reflection of user-supplied data without appropriate HTML escaping or output encoding. As a result, a JavaScript payload may be injected into the abo...

CVE-2024-45699

The endpoint /zabbix.php?action=export.valuemaps suffers from a Cross-Site Scripting vulnerability via the backurl parameter. This is caused by the reflection of user-supplied data without appropriate HTML escaping or output encoding. As a result, a JavaScript payload may be injected into the abo...