CVE-2018-25298 Merge PACS 7.0 Cross-Site Request Forgery via merge-viewer

Merge PACS 7.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions by crafting malicious HTML forms targeting the merge-viewer endpoint. Attackers can submit POST requests to /servlet/actions/merge-viewer/summary with login credentials to hija...

OpenHarness 安全漏洞

OpenHarness is a lightweight development and runtime framework for Data Intelligence Lab@HKU, open-source in nature. There is a security vulnerability in OpenHarness, which stems from a session key derivation issue. This vulnerability could allow authenticated participants to hijack other users’...

PT-2026-33856

HKUDS OpenHarness prior to PR 159 remediation contains a session key derivation vulnerability that allows authenticated participants in shared chats or threads to hijack other users' sessions by exploiting a shared ohmo session key that lacks sender identity verification. Attackers can reuse...

CVE-2025-64998

Exposure of session signing secret in Checkmk 2.4.0p23, 2.3.0p45 and 2.2.0 allows an administrator of a remote site with config sync enabled to hijack sessions on the central site by forging session cookies...

EUVD-2025-208958

Exposure of session signing secret in Checkmk 2.4.0p23, 2.3.0p45 and 2.2.0 allows an administrator of a remote site with config sync enabled to hijack sessions on the central site by forging session cookies...

CVE-2025-64998

Exposure of session signing secret in Checkmk 2.4.0p23, 2.3.0p45 and 2.2.0 allows an administrator of a remote site with config sync enabled to hijack sessions on the central site by forging session cookies...

EUVD-2021-34762

Ultimate POS 4.4 contains a persistent cross-site scripting vulnerability in the product name parameter that allows remote attackers to inject malicious scripts. Attackers can exploit the vulnerability through product add or edit functions to execute arbitrary JavaScript and potentially hijack us...

CVE-2020-37003

Affected product/variant: Sellacious eCommerce 4.6. Vulnerability type: persistent cross-site scripting (XSS) in the Manage Your Addresses module. What is vulnerable: input handling for address fields (full name, company, address, etc.) that allow injection of persistent script code. Impact (as d...

100-days-challenge-day-30-XSS-attacks

100-days-challenge-day-30-XSS-attacks XSS attacks demonstrate...

EUVD-2012-2650

Malware in sbrugna...

EUVD-2008-6532

Malware in sbrugna...

EUVD-2013-5801

Malware in sbrugna...

CVE-2025-34032 Moodle LMS Jmol Plugin Cross-site Scripting (XSS)

A reflected cross-site scripting XSS vulnerability exists in the Moodle LMS Jmol plugin version 6.1 and prior via the data parameter in jsmol.php. The application fails to properly sanitize user input before embedding it into the HTTP response, allowing an attacker to execute arbitrary JavaScript...

CVE-2009-2165

SerendipityNZ aka SimpleBoxes Serene Bach 2.20R and earlier, and 3.00 beta023 and earlier 3.x versions, uses a predictable session id, which makes it easier for remote attackers to hijack sessions via a modified id...

PT-2025-6785 · Unknown · Bestinformed Web

Name of the Vulnerable Software and Affected Versions: BestInformed Web affected versions not specified Description: The issue arises from improper sanitization of user input in the BestInformed Web application, leading to multiple authenticated stored cross-site scripting vulnerabilities. An...

Cisco Common Services Platform Collector 安全漏洞

Cisco Common Services Platform Collector is a common services platform data collector from Cisco USA. Cisco Common Services Platform Collector suffers from a stored cross-site scripting vulnerability that can be exploited by remote attackers to inject malicious script or HTML code, which can be...

Cisco Unified Communications Manager 跨站脚本漏洞

Cisco Unified Communications Manager is a call processing component of a Unified Communications system. A cross-site scripting vulnerability exists in the Cisco Unified Communications Manager WEB interface, which can be exploited by remote attackers to inject malicious script or HTML code that ca...

JetBrains TeamCity 跨站脚本漏洞

JetBrains TeamCity is a Continuous Integration CI/CD tool that is primarily used to automate the software build, test, and deployment process. JetBrains TeamCity suffers from a cross-site scripting vulnerability that stems from an issue in the backup configuration settings. An attacker could use...

SAP Commerce 跨站脚本漏洞

SAP Commerce Backoffice is a powerful tool for managing and maintaining e-commerce websites, allowing administrators and operations teams to easily manage website content and configuration. SAP Commerce Backoffice suffers from a cross-site scripting vulnerability that can be exploited by remote...

SAP Companion Cross-Site Scripting Vulnerability

SAP Companion is a collaboration server for SAP from SAP Germany. SAP Companion suffers from a cross-site scripting vulnerability that can be exploited by remote attackers to inject malicious script or HTML code that can be used to obtain sensitive information or hijack user sessions when malicio...