JLSEC-2025-84 An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7

An issue was discovered in xmllint from libxml2 before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c...

EUVD-2019-0465

Malware in sbrugna...

EUVD-2021-0034

Malware in sbrugna...

EUVD-2020-23277

Malware in sbrugna...

EUVD-2017-16915

Malware in sbrugna...

EUVD-2022-25168

Malicious code in bioql PyPI...

EUVD-2023-43086

Malicious code in bioql PyPI...

EUVD-2024-27395

Malicious code in bioql PyPI...

EUVD-2022-5981

Malicious code in bioql PyPI...

DNN Vulnerable to Stored Cross-Site Scripting (XSS) in the Prompt module

Summary The Prompt module allows execution of commands that can return raw HTML. Malicious input, even if sanitized for display elsewhere, can be executed when processed through certain commands, leading to potential script execution XSS. Description The application sanitizes most user-submitted...

Linux Distros Unpatched Vulnerability : CVE-2023-39510

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting XSS Vulnerability...

CVE-2025-49587 XWiki does not require right warnings for notification displayer objects

XWiki is an open-source wiki software platform. When a user without script right creates a document with an XWiki.Notifications.Code.NotificationDisplayerClass object, and later an admin edits and saves that document, the possibly malicious content of that object is output as raw HTML, allowing X...

CVE-2025-49587 XWiki does not require right warnings for notification displayer objects

XWiki is an open-source wiki software platform. When a user without script right creates a document with an XWiki.Notifications.Code.NotificationDisplayerClass object, and later an admin edits and saves that document, the possibly malicious content of that object is output as raw HTML, allowing X...

CVE-2020-0872

A remote code execution vulnerability exists in Application Inspector version v1.0.23 or earlier when the tool reflects example code snippets from third-party source files into its HTML output, aka 'Remote Code Execution Vulnerability in Application Inspector'...

CVE-2025-21572

OpenGrok 1.13.25 has a reflected Cross-Site Scripting XSS issue when producing the history view page. This happens through improper handling of path segments. The application reflects unsanitized user input into the HTML output...

CVE-2025-21572

OpenGrok 1.13.25 has a reflected Cross-Site Scripting XSS issue when producing the history view page. This happens through improper handling of path segments. The application reflects unsanitized user input into the HTML output...

CVE-2025-21572

CVE-2025-21572 affects OpenGrok 1.13.25. The vulnerability is a reflected Cross-Site Scripting (XSS) in the history view page caused by improper handling of path segments, resulting in unsanitized user input being reflected in HTML output. Reported impact per CVSS: MEDIUM (6.1), with network atta...

PT-2025-18925 · Opengrok · Opengrok

Name of the Vulnerable Software and Affected Versions: OpenGrok version 1.13.25 Description: The issue is a reflected Cross-Site Scripting XSS problem that occurs when the application generates the history view page. This happens due to improper handling of path segments, causing the application ...

SUSE CVE-2025-43865

React Router is a router for React. In versions on the 7.0 branch prior to version 7.5.2, it's possible to modify pre-rendered data by adding a header to the request. This allows to completely spoof its contents and modify all the values of the data object passed to the HTML. This issue has been...

Cross-site Scripting (XSS)

Overview wikimedia/parsoid is a bidirectional parser between wikitext and HTML5. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper handling of Unicode normalization in the Action API. An attacker can manipulate script processing by injecting malicious...