354 matches found
EUVD-2024-22398
Malicious code in bioql PyPI...
EUVD-2022-25000
Malicious code in bioql PyPI...
EUVD-2024-29306
Malicious code in bioql PyPI...
EUVD-2022-39039
Malicious code in bioql PyPI...
EUVD-2022-7773
Malicious code in bioql PyPI...
CVE-2025-9823
SummaryA Cross-Site Scripting XSS vulnerability allows an attacker to execute arbitrary JavaScript in the context of another user’s session. This occurs because user-supplied input is reflected back in the server’s response without proper sanitization or escaping, potentially enabling malicious...
CVE-2025-9823 Reflected XSS in lead:addLeadTags - Quick Add
SummaryA Cross-Site Scripting XSS vulnerability allows an attacker to execute arbitrary JavaScript in the context of another user’s session. This occurs because user-supplied input is reflected back in the server’s response without proper sanitization or escaping, potentially enabling malicious...
PT-2025-35773
Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. affected versions not specified Description: A Cross-Site Scripting XSS vulnerability allows an attacker to execute arbitrary JavaScript in the context of another user’s session. This occurs because...
DeepSeek R1 安全漏洞
DeepSeek R1 is a large language modeling and AI technology platform from China-based DeepSeek. A security vulnerability exists in DeepSeek R1 V3.1 and earlier versions, which stems from the unspecified input field is vulnerable to cross-site scripting attacks and could lead to the execution of...
CVE-2025-54589 copyparty Reflected XSS via Filter Parameter
Copyparty is a portable file server. In versions 1.18.6 and below, when accessing the recent uploads page at /?ru, users can filter the results using an input field at the top. This field appends a filter parameter to the URL, which reflects its value directly into a block without proper escaping...
WeGIA Cross-Site Scripting Vulnerability (CNVD-2025-17300)
WeGIA is a web manager for welfare organizations. WeGIA suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data by the parameter Nome/Sobrenome in the file /html/funcionario/cadastrofuncionario.php, for which no detailed...
CVE-2025-48993
Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.123 and 25.0.27, a malicious JavaScript payload can be executed via the Look and Feel formatting fields. Any user can update their Look and Feel Formatting input fields, but the web applicatio...
CVE-2024-37156
The SuluFormBundle adds support for creating dynamic forms in Sulu Admin. The TokenController get parameter formName is not sanitized in the returned input field which leads to XSS. This vulnerability is fixed in 2.5.3...
CVE-2024-31065
Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the City input field...
CVE-2024-31062
Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the Street input field...
CVE-2024-48396
AIML Chatbot 1.0 fixed in 2.0 is vulnerable to Cross Site Scripting XSS. The vulnerability is exploited through the message input field, where attackers can inject malicious HTML or JavaScript code. The chatbot fails to sanitize these inputs, leading to the execution of malicious scripts...
CVE-2022-28508
An XSS issue was discovered in browsersearchplugin.php in MantisBT before 2.25.2. Unescaped output of the return parameter allows an attacker to inject code into a hidden input field...
CVE-2021-20717
Cross-site scripting vulnerability in EC-CUBE 4.0.0 to 4.0.5 allows a remote attacker to inject a specially crafted script in the specific input field of the EC web site which is created using EC-CUBE. As a result, it may lead to an arbitrary script execution on the administrator's web browser...
CVE-2019-17495
A Cascading Style Sheets CSS injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite RPO technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. In other words, this product intentionally allows th...
CVE-2018-20370
SZ NetChat before 7.9 has XSS in the MyName input field of the Options module. Attackers are able to inject commands to compromise the enabled HTTP server web frontend...