171 matches found
PT-2026-1830
Name of the Vulnerable Software and Affected Versions edu Business Solutions Print Shop Pro WebDesk version 18.34 Description A cross-site scripting XSS issue exists due to unsanitized user input reflected in HTTP responses without proper HTML encoding or escaping. The issue is present on the...
cl-cybersec-pysxss
XSS WAF Lab – Payload Generator This project studies how Web...
DEBIAN-CVE-2025-60796
phpPgAdmin 7.13.0 and earlier contains multiple cross-site scripting XSS vulnerabilities across various components. User-supplied input from $REQUEST parameters is reflected in HTML output without proper encoding or sanitization in multiple locations including sequences.php, indexes.php, admin.ph...
EUVD-2025-36519
IPFire versions prior to 2.29 Core Update 198 contain multiple stored cross-site scripting XSS vulnerabilities caused by a bug in the cleanhtml function /var/ipfire/header.pl that fails to apply HTML-entity encoding to user input. When an authenticated user submits data to affected endpoints - fo...
PT-2025-44164
Name of the Vulnerable Software and Affected Versions IPFire versions prior to 2.29 Core Update 198 Description IPFire installations are affected by multiple stored cross-site scripting XSS issues. These occur because the cleanhtml function located at /var/ipfire/header.pl does not correctly appl...
Important: gi-docgen
Issue Overview: gi-docgen does not encode search terms before inserting them into HTML, allowing XSS via a crafted URL. Description obtained from: https://gitlab.gnome.org/GNOME/gi-docgen/-/issues/228 CVE-2025-11687 Affected Packages: gi-docgen Issue Correction: Run dnf update gi-docgen...
EUVD-2006-2421
Malware in sbrugna...
EUVD-2021-14172
Malware in sbrugna...
EUVD-2022-27692
Malicious code in bioql PyPI...
EUVD-2022-47719
Malicious code in bioql PyPI...
EUVD-2022-6060
Malicious code in bioql PyPI...
EUVD-2023-58400
Malicious code in bioql PyPI...
EUVD-2023-57825
Malicious code in bioql PyPI...
CVE-2025-59821
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 10.1.0, DNN’s URL/path handling and template rendering can allow specially crafted input to be reflected into a user profile that is returned to the browser. In these cases,...
Cross-site Scripting (XSS)
Overview DotNetNuke.Core is a references provider to the DotNetNuke.dll to develop extensions for the DNN Platform. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to the insufficient neutralization and encoding of special HTML characters during URL/path handling...
CVE-2025-59821
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 10.1.0, DNN’s URL/path handling and template rendering can allow specially crafted input to be reflected into a user profile that is returned to the browser. In these cases,...
CVE-2025-59821 DNN vulnerable to Reflected Cross-Site Scripting (XSS) using url to profile
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 10.1.0, DNN’s URL/path handling and template rendering can allow specially crafted input to be reflected into a user profile that is returned to the browser. In these cases,...
PT-2025-39193
Name of the Vulnerable Software and Affected Versions DNN formerly DotNetNuke versions prior to 10.1.0 Description DNN’s URL/path handling and template rendering can allow specially crafted input to be reflected into a user profile that is returned to the browser. The application does not...
Exploit for Deserialization of Untrusted Data in Siemens 6Bk1602-0Aa12-0Tp0_Firmware
🤝 Show your support - give a ⭐️ if you liked the content | SHARE on Twitter | Follow me on --- 🐱💻 ✂️ 🤬 LOG4J Java exploit - WAF and patches bypass tricks 📝 Description CVE-2021-44228 works on: log4j: 2.0 Upper Lookup The UpperLookup converts the passed in argument to upper case. Presumably the...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the errordescription query parameter, which is rendered directly on error pages without validation or sanitization. An attacker can display misleading messages within the trusted user interface by crafting...