EUVD-2024-32419

Malicious code in bioql PyPI...

EUVD-2023-58671

Malicious code in bioql PyPI...

EUVD-2023-58666

Malicious code in bioql PyPI...

EUVD-2023-58662

Malicious code in bioql PyPI...

EUVD-2023-58670

Malicious code in bioql PyPI...

EUVD-2023-58672

Malicious code in bioql PyPI...

EUVD-2024-53565

Malicious code in bioql PyPI...

CVE-2025-56154

htmly v3.0.8 is vulnerable to Cross Site Scripting XSS in the /author/:name endpoint of the affected application. The name parameter is not properly sanitized before being reflected in the HTML response, allowing attackers to inject arbitrary JavaScript payloads...

CVE-2025-56154

htmly v3.0.8 is vulnerable to Cross Site Scripting XSS in the /author/:name endpoint of the affected application. The name parameter is not properly sanitized before being reflected in the HTML response, allowing attackers to inject arbitrary JavaScript payloads...

CVE-2025-52203

A stored cross-site scripting XSS vulnerability exists in DevaslanPHP project-management v1.2.4. The vulnerability resides in the Ticket Name field, which fails to properly sanitize user-supplied input. An authenticated attacker can inject malicious JavaScript payloads into this field, which are...

CVE-2025-52203

Summary: CVE-2025-52203 affects DevaslanPHP project-management v1.2.4 with a stored XSS in the Ticket Name field. An authenticated attacker can inject JavaScript, which is stored in the database and executes in a user’s browser context when they log in and are redirected to the Dashboard. The iss...

CVE-2025-53487 ApprovedRevs: Stored Cross-Site Scripting (XSS) via unsanitized system messages

The ApprovedRevs extension for MediaWiki is vulnerable to stored XSS in multiple locations where system messages are inserted into raw HTML without proper escaping. Attackers can exploit this by injecting JavaScript payloads via the uselang=x-xss language override, which causes crafted message ke...

CVE-2025-53487

The CVE describes a stored XSS in the MediaWiki ApprovedRevs extension. Affected versions are 1.39.x before 1.39.13, 1.42.x before 1.42.7, and 1.43.x before 1.43.2. The vulnerability arises from inserting system messages into raw HTML without proper escaping, enabling JavaScript payloads via the ...

PT-2025-28178 · Unknown +1 · Approvedrevs Extension +1

Name of the Vulnerable Software and Affected Versions: ApprovedRevs extension for MediaWiki versions 1.39.X through 1.39.12 ApprovedRevs extension for MediaWiki versions 1.42.X through 1.42.6 ApprovedRevs extension for MediaWiki versions 1.43.X through 1.43.1 Description: The issue is related to...

MainWP: Reflected XSS in "Client Notes" Field

A reflected Cross-Site Scripting XSS vulnerability was discovered in the "Notes" functionality under the Edit Client section. User input in the notes input field was not properly sanitized or encoded, allowing malicious JavaScript payloads to be reflected back in the application's HTML response...

MainWP: Stored Cross-Site Scripting (XSS) in "Add Contact" Name Field – MainWP Plugin

A stored cross-site scripting XSS vulnerability was discovered in the MainWP WordPress plugin. The vulnerability was found in the "Add Contact" Contact Name field, where user input was not properly sanitized before rendering it back into the DOM. As a result, an attacker could inject malicious...

CVE-2024-3509

A stored cross-site scripting XSS vulnerability exists in the Management Console of multiple WSO2 products due to insufficient input validation in the Rich Text Editor within the registry section. To exploit this vulnerability, a malicious actor must have a valid user account with administrative...

U.S. Dept Of Defense: Cross-Site Scripting (XSS) in ASP.NET via ResolveUrl on ██████████

A Cross-Site Scripting XSS vulnerability was identified in an ASP.NET web application. The issue arose from improper handling of URLs passed to the ResolveUrl method, which failed to sanitize user-controlled input. This allowed injection of arbitrary JavaScript payloads that executed in the conte...

CVE-2025-48366

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.119 and 25.0.20, a stored and blind XSS vulnerability exists in the Phone Number field of the user profile within the GroupOffice application. This allows a malicious actor to inject persisten...

CVE-2024-6229

A stored cross-site scripting XSS vulnerability exists in the 'Upload Knowledge' feature of stangirard/quivr, affecting the latest version. Users can upload files via URL, which allows the insertion of malicious JavaScript payloads. These payloads are stored on the server and executed whenever an...