YOURLS is vulnerable to XSS through JSONP and Callback request parameters

Summary The callback and jsonp request parameters are directly concatenated into the response without any sanitization that allowing attackers to inject arbitrary JS code. When YOURLSPRIVATE is set to false public API mode, this vulnerability can be exploited by any unauthenticated attacker. In...

CVE-2025-15144

A weakness has been identified in dayrui XunRuiCMS up to 4.7.1. The impacted element is the function drshowerror/drexitmsg of the file /dayrui/Fcms/Init.php of the component JSONP Callback Handler. This manipulation of the argument callback causes cross site scripting. The attack can be initiated...

CVE-2025-15144

A weakness has been identified in dayrui XunRuiCMS up to 4.7.1. The impacted element is the function drshowerror/drexitmsg of the file /dayrui/Fcms/Init.php of the component JSONP Callback Handler. This manipulation of the argument callback causes cross site scripting. The attack can be initiated...

CVE-2025-15144

Summary: CVE-2025-15144 affects dayrui XunRuiCMS (up to 4.7.1) in the JSONP Callback Handler. The vulnerability stems from manipulation of the callback argument in the function dr_show_error/dr_exit_msg within /dayrui/Fcms/Init.php, enabling cross-site scripting. Exploitation can be performed rem...

EUVD-2025-180374

Malicious code in aquarius-jsonp-technocracy-bulma npm...

Malicious code in xenon-proxima-whitedwarf-jsonp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0b8a57d1e9a393d211b58a86fd5f7c5e3a2c390cfb91db8a41ee8f156a303465 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-177355

Malicious code in paleomagnetism-neptune-jsonp-postgres npm...

EUVD-2025-176152

Malicious code in subscription-jsonp-metabolomics-hawkingradiation npm...

EUVD-2025-178148

Malicious code in leda-jsonp-dependencies-eslint-config npm...

MAL-2025-188570 Malicious code in parsec-oauth-jsonp-eslint-config (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e65d8b51f1ca029d90bb2f910e5f3d92bdc1573cc4f996ae4858417ff3dfd2b5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in whitedwarf-selenology-jsonp-version (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b83a2580056cf6aa51868e0aaae0415ef996d229c5d8b9ab779a3fefa1ebfc67 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-176745

Malicious code in registry-readable-nucleosynthesis-jsonp npm...

EUVD-2025-175978

Malicious code in testcafe-markdownlint-antares-jsonp npm...

MAL-2025-185468 Malicious code in antares-jsonp-charon-europa (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4a4d80577e0db7da7c6c0f0734eee7b372d1ea0a1894b44188cf2593f584973c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-186798 Malicious code in equinox-mira-jsonp-octans (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 016d8d9305015c7fb0c76e6d70184deef29bca59073f821f8d6b36b6939254c5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-176937

Malicious code in public-gacrux-jsonp-sirius npm...

EUVD-2025-177312

Malicious code in parsec-oauth-jsonp-eslint-config npm...

EUVD-2025-178888

Malicious code in flare-backend-jsonp-orogeny npm...

EUVD-2025-180420

Malicious code in antares-jsonp-charon-europa npm...

EUVD-2025-179084

Malicious code in equinox-mira-jsonp-octans npm...