Malicious code in pkg-fallback (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7f4ccaa9f059318782cd3b811f5bd6ea926e267e4b05dc4971d6acc6687d5d4f setup.py performs an unconditional urllib.request.urlopen at install time to a hardcoded plaintext bare-IP endpoint...

CVE-2021-47873

VestaCP versions prior to 0.9.8-25 contain a cross-site scripting vulnerability in the IP interface configuration that allows attackers to inject malicious scripts. Attackers can exploit the 'vinterface' parameter by sending a crafted POST request to the add/ip/ endpoint with a stored XSS payload...

CVE-2021-47873

VestaCP versions prior to 0.9.8-25 contain a cross-site scripting vulnerability in the IP interface configuration that allows attackers to inject malicious scripts. Attackers can exploit the 'vinterface' parameter by sending a crafted POST request to the add/ip/ endpoint with a stored XSS payload...

CVE-2021-47873 VestaCP < 0.9.8-25 - Stored Cross-Site Scripting

VestaCP versions prior to 0.9.8-25 contain a cross-site scripting vulnerability in the IP interface configuration that allows attackers to inject malicious scripts. Attackers can exploit the 'vinterface' parameter by sending a crafted POST request to the add/ip/ endpoint with a stored XSS payload...

EUVD-2026-3630

VestaCP versions prior to 0.9.8-25 contain a cross-site scripting vulnerability in the IP interface configuration that allows attackers to inject malicious scripts. Attackers can exploit the 'vinterface' parameter by sending a crafted POST request to the add/ip/ endpoint with a stored XSS payload...

CVE-2021-47873

VestaCP is affected in versions prior to 0.9.8-25 by a stored XSS in the IP interface configuration. The vulnerability hinges on the v_interface parameter and can be exploited by sending a crafted POST to the add/ip/ endpoint to inject scripts. This is a cross-site scripting issue with potential ...

PT-2025-35583

Name of the Vulnerable Software and Affected Versions: Asian Arts Talents Foundation AATF Website versions 5.1.x Asian Arts Talents Foundation AATF Docker version 2024.12.8.1 Description: The Asian Arts Talents Foundation AATF Website and Docker image are susceptible to a Cross Site Scripting XSS...

CVE-2024-41355

phpipam 1.6 is vulnerable to Cross Site Scripting XSS via /app/tools/request-ip/index.php...

GHSA-QVW9-6567-WQ78 MunkiReport reportdata module SQL injection vulnerability

A SQL injection vulnerability in reportdatacontroller.php in the reportdata module before 3.5 for MunkiReport allows attackers to execute arbitrary SQL commands via the req parameter of the /module/reportdata/ip endpoint...