CVE-2019-11074

A Write to Arbitrary Location in Disk vulnerability exists in PRTG Network Monitor 19.1.49 and below that allows attackers to place files in arbitrary locations with SYSTEM privileges although not controlling the contents of such files due to insufficient sanitisation when passing arguments to th...

EUVD-2023-0295

Malicious code in bioql PyPI...

PT-2025-30441 · Unknown +1 · Aimhubio Aim +1

Name of the Vulnerable Software and Affected Versions: aimhubio Aim versions 3.28.0 Description: A cross-site scripting XSS issue exists in aimhubio Aim 3.28.0. Remote attackers can execute arbitrary JavaScript in a victim’s browser by submitting malicious Python code to the /api/reports endpoint...

Cross-site Scripting (XSS)

Overview org.webjars.bower:uikit is a lightweight and modular front-end framework for developing fast and powerful web interfaces. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the data-caption attribute due to insufficient input sanitisation and output escaping...

CVE-2023-1019

The Help Desk WP WordPress plugin through 1.2.0 does not sanitise and escape some parameters, which could allow users with a role as low as Editor to perform Cross-Site Scripting attacks...

CVE-2021-24854

The QR Redirector WordPress plugin before 1.6.1 does not sanitise and escape some of the QR Redirect fields, which could allow users with a role as low as Contributor perform Stored Cross-Site Scripting attacks...

CVE-2024-3920

The Flattr WordPress plugin through 1.2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-1660

The Top Bar WordPress plugin before 3.0.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-2319

Cross-Site Scripting XSS vulnerability in the Django MarkdownX project, affecting version 4.0.2. An attacker could store a specially crafted JavaScript payload in the upload functionality due to lack of proper sanitisation of JavaScript elements...

Stored XSS in the Cases functionality

Description When creating or editing a case, the web application fails to perform sufficient sanitisation on the description POST parameter, allowing users to inject HTML with malicious JavaScript events. The application does attempt to remove unauthorised elements and events; however, the testin...

PT-2022-26506 · WordPress · Plugin Logic Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: Plugin Logic WordPress plugin versions prior to 1.0.8 Description: The issue is related to a SQL injection that occurs because a parameter is not properly sanitised and escaped before being used in a SQL statement. This can be exploited by hi...

Design/Logic Flaw

A Write to Arbitrary Location in Disk vulnerability exists in PRTG Network Monitor 19.1.49 and below that allows attackers to place files in arbitrary locations with SYSTEM privileges although not controlling the contents of such files due to insufficient sanitisation when passing arguments to th...

CVE-2019-11074

A Write to Arbitrary Location in Disk vulnerability exists in PRTG Network Monitor 19.1.49 and below that allows attackers to place files in arbitrary locations with SYSTEM privileges although not controlling the contents of such files due to insufficient sanitisation when passing arguments to th...

Debian: Security Advisory (DSA-4222-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2017-9772

Insufficient sanitisation in the OCaml compiler versions 4.04.0 and 4.04.1 allows external code to be executed with raised privilege in binaries marked as setuid, by setting the CAMLCPLUGINS, CAMLNATIVECPLUGINS, or CAMLBYTECPLUGINS environment variable...

CVE-2017-9772

Insufficient sanitisation in the OCaml compiler versions 4.04.0 and 4.04.1 allows external code to be executed with raised privilege in binaries marked as setuid, by setting the CAMLCPLUGINS, CAMLNATIVECPLUGINS, or CAMLBYTECPLUGINS environment variable...

CVE-2017-9772

Insufficient sanitisation in the OCaml compiler versions 4.04.0 and 4.04.1 allows external code to be executed with raised privilege in binaries marked as setuid, by setting the CAMLCPLUGINS, CAMLNATIVECPLUGINS, or CAMLBYTECPLUGINS environment variable...

Cross-Site Scripting (XSS) in GuppY

High-Tech Bridge Security Research Lab discovered two XSS vulnerabilities in GuppY, which can be exploited to perform Cross-Site Scripting attacks against users of vulnerable application. 1 Cross-Site Scripting XSS in GuppY: CVE-2013-5983 1.1 The vulnerability exists due to insufficient...

WikkaWiki 1.3.4 Cross Site Scripting Vulnerability

WikkaWiki version 1.3.4 suffers from a cross site scripting vulnerability. Vendor: Wikka Development Team Vulnerable Versions: 1.3.4 and probably prior Tested Version: 1.3.4 Vendor Notification: August 21, 2013 Vendor Patch: August 31, 2013 Public Disclosure: September 11, 2013 Vulnerability Type...