PT-2026-5714

Name of the Vulnerable Software and Affected Versions FacturaScripts versions 2025.71 and earlier Description FacturaScripts software contains a Stored Cross-Site Scripting XSS flaw within the Observations field in the History view. The application fails to properly encode HTML entities when...

Lab-Reflected-XSS-into-attribute-with-angle-brackets-HTML-encoded

Reflected XSS - Attribute Injection A simple demonstration of...

CVE-2025-61549

Cross-Site Scripting XSS is present on the LoginID parameter on the /PSP/app/web/reg/regdisplay.asp endpoint in edu Business Solutions Print Shop Pro WebDesk version 18.34 fixed in 19.76. Unsanitized user input is reflected in HTTP responses without proper HTML encoding or escaping. This allows...

CVE-2025-61549

Cross-Site Scripting XSS is present on the LoginID parameter on the /PSP/app/web/reg/regdisplay.asp endpoint in edu Business Solutions Print Shop Pro WebDesk version 18.34 fixed in 19.76. Unsanitized user input is reflected in HTTP responses without proper HTML encoding or escaping. This allows...

PT-2026-1830

Name of the Vulnerable Software and Affected Versions edu Business Solutions Print Shop Pro WebDesk version 18.34 Description A cross-site scripting XSS issue exists due to unsanitized user input reflected in HTTP responses without proper HTML encoding or escaping. The issue is present on the...

cl-cybersec-pysxss

XSS WAF Lab – Payload Generator This project studies how Web...

DEBIAN-CVE-2025-60796

phpPgAdmin 7.13.0 and earlier contains multiple cross-site scripting XSS vulnerabilities across various components. User-supplied input from $REQUEST parameters is reflected in HTML output without proper encoding or sanitization in multiple locations including sequences.php, indexes.php, admin.ph...

EUVD-2025-36519

IPFire versions prior to 2.29 Core Update 198 contain multiple stored cross-site scripting XSS vulnerabilities caused by a bug in the cleanhtml function /var/ipfire/header.pl that fails to apply HTML-entity encoding to user input. When an authenticated user submits data to affected endpoints - fo...

PT-2025-44164

Name of the Vulnerable Software and Affected Versions IPFire versions prior to 2.29 Core Update 198 Description IPFire installations are affected by multiple stored cross-site scripting XSS issues. These occur because the cleanhtml function located at /var/ipfire/header.pl does not correctly appl...

Important: gi-docgen

Issue Overview: gi-docgen does not encode search terms before inserting them into HTML, allowing XSS via a crafted URL. Description obtained from: https://gitlab.gnome.org/GNOME/gi-docgen/-/issues/228 CVE-2025-11687 Affected Packages: gi-docgen Issue Correction: Run dnf update gi-docgen...

EUVD-2021-14172

Malware in sbrugna...

EUVD-2006-2421

Malware in sbrugna...

EUVD-2022-47719

Malicious code in bioql PyPI...

EUVD-2022-6060

Malicious code in bioql PyPI...

EUVD-2023-58400

Malicious code in bioql PyPI...

EUVD-2023-57825

Malicious code in bioql PyPI...

EUVD-2022-27692

Malicious code in bioql PyPI...

CVE-2025-59821

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 10.1.0, DNN’s URL/path handling and template rendering can allow specially crafted input to be reflected into a user profile that is returned to the browser. In these cases,...

Cross-site Scripting (XSS)

Overview DotNetNuke.Core is a references provider to the DotNetNuke.dll to develop extensions for the DNN Platform. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to the insufficient neutralization and encoding of special HTML characters during URL/path handling...

CVE-2025-59821

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 10.1.0, DNN’s URL/path handling and template rendering can allow specially crafted input to be reflected into a user profile that is returned to the browser. In these cases,...