Cross-site Scripting (XSS)

Bagisto is vulnerable to Cross-site Scripting XSS. The vulnerability is due to insufficient validation of uploaded files in the TinyMCE image upload functionality, which allows an attacker with sufficient privileges to upload a crafted HTML file containing JavaScript that executes in a user’s...

EUVD-2025-25054

Malicious code in bioql PyPI...

CVE-2025-52620

HCL BigFix SaaS Authentication Service is affected by a Cross-Site Scripting XSS vulnerability. The image upload functionality inadequately validated the submitted image format...

CVE-2025-52620

HCL BigFix SaaS Authentication Service is affected by a Cross-Site Scripting XSS vulnerability. The image upload functionality inadequately validated the submitted image format...

Library System add-book.php file code issue vulnerability

Library System is a library system. Library System has a code issue vulnerability that stems from the lack of valid validation of uploaded files by the parameter image in the file /add-book.php. An attacker can exploit this vulnerability to upload malicious files...

WordPress plugin Quotes and Tips by BestWebSoft Security Vulnerabilities

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A security vulnerability previously existed in the...

VulnCheck KEV: CVE-2023-4596

The Forminator plugin for WordPress is vulnerable to arbitrary file uploads due to file type validation occurring after a file has been uploaded to the server in the uploadpostimage function in versions up to, and including, 1.24.6. This makes it possible for unauthenticated attackers to...