457 matches found
EUVD-2022-0630
Malicious code in bioql PyPI...
EUVD-2022-1520
Malicious code in bioql PyPI...
EUVD-2024-54346
Malicious code in bioql PyPI...
EUVD-2022-3053
Malicious code in bioql PyPI...
EUVD-2023-1810
Malicious code in bioql PyPI...
EUVD-2025-9490
Malicious code in bioql PyPI...
EUVD-2022-2530
Malicious code in bioql PyPI...
EUVD-2023-34182
Malicious code in bioql PyPI...
EUVD-2024-2469
Malicious code in bioql PyPI...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the related asset selector. An attacker can execute arbitrary web scripts or inject malicious HTML by submitting crafted payloads into the First Name, Middle Name, or Last Name text fields. Details Cross-sit...
Linux Distros Unpatched Vulnerability : CVE-2024-45699
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The endpoint /zabbix.php?action=export.valuemaps suffers from a Cross-Site Scripting vulnerability via the backurl parameter. This is caused by the reflection o...
Linux Distros Unpatched Vulnerability : CVE-2020-25828
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. The non- jqueryMsg version of mw.message.parse doesn't escape HTML...
vue-i18n 跨站脚本漏洞
vue-i18n is an application from intlify open source. A cross-site scripting vulnerability exists in vue-i18n versions prior to 9.0.0 through 9.14.5, prior to 10.0.8, and prior to 11.1.0, which stems from insufficient HTML context parameter escaping and could lead to a DOM-type cross-site scriptin...
Exploit for CVE-2025-46181
CVE-2025-46181 - Reflected XSS in an Online Appointment Bookin...
CVE-2024-27794
Claris FileMaker Server before version 20.3.2 was susceptible to a reflected Cross-Site Scripting vulnerability due to an improperly handled parameter in the FileMaker WebDirect login endpoint. The vulnerability was resolved in FileMaker Server 20.3.2 by escaping the HTML contents of the login...
CVE-2024-21628
PrestaShop is an open-source e-commerce platform. Prior to version 8.1.3, the isCleanHtml method is not used on this this form, which makes it possible to store a cross-site scripting payload in the database. The impact is low because the HTML is not interpreted in BO, thanks to twig's escape...
CVE-2024-33859
An issue was discovered in Logpoint before 7.4.0. HTML code sent through logs wasn't being escaped in the "Interesting Field" Web UI, leading to XSS...
CVE-2022-36446
software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command...
CVE-2021-41132
OMERO.web provides a web based client and plugin infrastructure. In versions prior to 5.11.0, a variety of templates do not perform proper sanitization through HTML escaping. Due to the lack of sanitization and use of jQuery.html, there are a whole host of cross-site scripting possibilities with...
CVE-2021-3346
Foris before 101.1.1, as used in Turris OS, lacks certain HTML escaping in the login template...