PT-2026-31642

Plane is an an open-source project management tool. From 0.28.0 to before 1.3.0, the remediation of GHSA-jcc6-f9v6-f7jw is incomplete which could lead to the same full read Server-Side Request Forgery when a normal html page contains a link tag with an href that redirects to a private IP address ...

CVE-2026-27166

Discourse is an open source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1 and 2026.1.2, insufficient cleanup in the default Codepen allowed iframes value allows an attacker to trick a user into changing the URL of the main page. This issue has been fixed in versions...

EUVD-2026-13187

Discourse is an open source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1 and 2026.1.2, insufficient cleanup in the default Codepen allowed iframes value allows an attacker to trick a user into changing the URL of the main page. This issue has been fixed in versions...

CVE-2026-27166

Discourse is an open source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1 and 2026.1.2, insufficient cleanup in the default Codepen allowed iframes value allows an attacker to trick a user into changing the URL of the main page. This issue has been fixed in versions...

EUVD-2022-5679

Malicious code in bioql PyPI...

CVE-2025-29524

The CVE-2025-29524 entry concerns an incorrect access control flaw in the DASAN GPON ONU H660WM/H660WMR210825, specifically in the /cgi-bin/system_diagnostic_main.asp component. The disclosed issue allows attackers to access sensitive information. Documents across multiple sources confirm the com...

CVE-2025-29524

Incorrect access control in the component /cgi-bin/systemdiagnosticmain.asp of DASAN GPON ONU H660WM H660WMR210825 allows attackers to access sensitive information...

CVE-2015-10028

A vulnerability has been found in ss15-this-is-sparta and classified as problematic. This vulnerability affects unknown code of the file js/roomElement.js of the component Main Page. The manipulation leads to cross site scripting. The attack can be initiated remotely. The name of the patch is...

CVE-2025-1283

The Dingtian DT-R0 Series is vulnerable to an exploit that allows attackers to bypass login requirements by directly navigating to the main page...

PT-2024-25204 · Lumisxp · Lumisxp

Name of the Vulnerable Software and Affected Versions: Lumisxp versions 15.0.x through 16.1.x Description: A cross-site scripting XSS issue in the main.jsp component allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the pageId parameter. Recommendations...

PT-2024-19586 · Darktrace · Darktrace Threat Visualizer

Name of the Vulnerable Software and Affected Versions: Darktrace Threat Visualizer versions 6.1.27 and before Description: A DOM-based HTML injection vulnerability has been identified in the main page of Darktrace Threat Visualizer. This issue allows a remote attacker to craft a URL that, when...

PT-2023-20351 · Teltonika · Teltonika'S Remote Management System

Name of the Vulnerable Software and Affected Versions: Teltonika’s Remote Management System versions prior to 4.10.0 Description: The issue is related to a cross-site scripting XSS vulnerability in the main page of the web interface. An attacker with the MAC address and serial number of a connect...

Stored cross site scripting in changedetection.io

Changedetection.io before 0.40.2 was discovered to contain a stored cross-site scripting XSS vulnerability in the main page. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL parameter under the "Add a new change detection...

CVE-2023-24769

Changedetection.io before v0.40.1.1 was discovered to contain a stored cross-site scripting XSS vulnerability in the main page. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL parameter under the "Add a new change detection...

PYSEC-2023-10

Changedetection.io before v0.40.1.1 was discovered to contain a stored cross-site scripting XSS vulnerability in the main page. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL parameter under the "Add a new change detection...

CVE-2015-10028

A vulnerability has been found in ss15-this-is-sparta and classified as problematic. This vulnerability affects unknown code of the file js/roomElement.js of the component Main Page. The manipulation leads to cross site scripting. The attack can be initiated remotely. The name of the patch is...

Cross site scripting

A vulnerability has been found in ss15-this-is-sparta and classified as problematic. This vulnerability affects unknown code of the file js/roomElement.js of the component Main Page. The manipulation leads to cross site scripting. The attack can be initiated remotely. The name of the patch is...

CVE-2015-10028

CVE-2015-10028 concerns the ss15-this-is-sparta project, specifically the Main Page component’s file js/roomElement.js . The available documents describe a cross-site scripting (XSS) vulnerability arising from manipulation of that file, with exploitation described as remote. The patch identified ...

CVE-2015-10028 ss15-this-is-sparta Main Page roomElement.js cross site scripting

A vulnerability has been found in ss15-this-is-sparta and classified as problematic. This vulnerability affects unknown code of the file js/roomElement.js of the component Main Page. The manipulation leads to cross site scripting. The attack can be initiated remotely. The name of the patch is...

CVE-2015-10028 ss15-this-is-sparta Main Page roomElement.js cross site scripting

A vulnerability has been found in ss15-this-is-sparta and classified as problematic. This vulnerability affects unknown code of the file js/roomElement.js of the component Main Page. The manipulation leads to cross site scripting. The attack can be initiated remotely. The name of the patch is...