CVE-2025-62779

Frappe Learning is a learning system that helps users structure their content. In Frappe Learning 2.39.1 and earlier, users were able to add HTML through input fields in the Job Form...

EUVD-2025-36382

Frappe Learning is a learning system that helps users structure their content. In Frappe Learning 2.39.1 and earlier, users were able to add HTML through input fields in the Job Form...

CVE-2025-62779

Frappe Learning

PT-2025-44054

Name of the Vulnerable Software and Affected Versions Frappe Learning versions prior to 2.39.1 Description Frappe Learning is a learning system designed to help users structure content. In versions prior to 2.39.1, users could add HTML through input fields within the Job Form. This allows for the...

EUVD-2003-1095

Malware in sbrugna...

EUVD-2021-2208

Malware in sbrugna...

EUVD-2021-11498

Malware in sbrugna...

EUVD-2020-5981

Malware in sbrugna...

EUVD-2018-0784

Malware in sbrugna...

EUVD-2022-2406

Malicious code in bioql PyPI...

EUVD-2024-0683

Malicious code in bioql PyPI...

EUVD-2022-3305

Malicious code in bioql PyPI...

EUVD-2025-13411

Malicious code in bioql PyPI...

EUVD-2024-42685

Malicious code in bioql PyPI...

EUVD-2021-29341

Malicious code in bioql PyPI...

Plausible tracking - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-107

This module integrates Plausible Analytics on a site. The module did not properly filter output in certain cases. This vulnerability is mitigated by the fact that an attacker must have permission to add raw HTML to the website, such as an unfiltered WYSIWYG field on a public-facing comment...

Stored Cross-site Scripting (XSS)

starcitizentools/citizen-skin is vulnerable to Stored Cross-site Scripting XSS. The vulnerability is due to the Citizen skin inserting short descriptions from the ShortDescription extension as raw HTML, which allows an attacker to inject arbitrary HTML into the DOM by editing a page...

CVE-2024-5668

The Lightbox & Modal Popup WordPress Plugin – FooBox plugin for WordPress is vulnerable to DOM-based Stored Cross-Site Scripting via HTML data attributes in all versions up to, and including, 2.7.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes...

CVE-2021-24586

The Per page add to head WordPress plugin before 1.4.4 is lacking any CSRF check when saving its settings, which could allow attackers to make a logged in admin change them. Furthermore, as the plugin allows arbitrary HTML to be inserted in one of the setting feature mentioned by the plugin, this...

GHSA-FXPC-QMRH-7J2H tarteaucitron-wp WordPress Plugin Vulnerable to Stored Cross-Site Scripting

The tarteaucitron-wp WordPress plugin before 0.3.0 allows author level and above users to add HTML into a post/page, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...