Prometheus vulnerable to stored XSS via crafted histogram bucket label values in the old web UI heatmap display

Impact In the Prometheus server's legacy web UI enabled via the command-line flag --enable-feature=old-ui, the histogram heatmap chart view does not escape le label values when inserting them into the HTML for use as axis tick mark labels. An attacker who can inject crafted metrics e.g. via a...

Malicious code in @legacy-ui/core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9cc68fa0af265da13a26ccfc943668c887b5aa3f4a73ddc7af9ab2d8498d7a0d The package @legacy-ui/core was found to contain malicious code...

MAL-2026-1628 Malicious code in @legacy-ui/core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9cc68fa0af265da13a26ccfc943668c887b5aa3f4a73ddc7af9ab2d8498d7a0d The package @legacy-ui/core was found to contain malicious code...

EUVD-2015-4849

Malware in sbrugna...

CVE-2025-52217

SelectZero Data Observability Platform before 2025.5.2 is vulnerable to HTML Injection. Legacy UI fields improperly handle user-supplied input, allowing injection of arbitrary HTML...

CVE-2025-52217

SelectZero Data Observability Platform before 2025.5.2 is vulnerable to HTML Injection. Legacy UI fields improperly handle user-supplied input, allowing injection of arbitrary HTML...

PT-2025-5647 · Openmrs · Openmrs Platform +5

Name of the Vulnerable Software and Affected Versions: OpenMRS Platform versions prior to 2.6.11 OpenMRS Platform version 2.5 and earlier, except for version 2.5.14 and later Legacy UI OMOD versions prior to 1.21.0 ID Gen OMOD versions prior to 4.14.0 Address Hierarchy OMOD versions prior to 2.19...

Vulnerability in Oracle Fusion Middleware Identity Manager Component

Oracle Fusion Middleware Oracle Fusion Middleware is a set of business innovation platform for enterprise and cloud environments from Oracle. The platform provides middleware, software collections, and other functionality.Oracle Identity Manager is one of the enterprise identity management system...

CVE-2015-4832

Unspecified vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.1.7, 11.1.2.2, and 11.1.2.3 allows remote attackers to affect integrity via vectors related to OIM Legacy UI...

Design/Logic Flaw

Unspecified vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.1.7, 11.1.2.2, and 11.1.2.3 allows remote attackers to affect integrity via vectors related to OIM Legacy UI...

CVE-2015-4832

Unspecified vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.1.7, 11.1.2.2, and 11.1.2.3 allows remote attackers to affect integrity via vectors related to OIM Legacy UI...