365 matches found
EUVD-2024-0652
Malicious code in bioql PyPI...
EUVD-2025-7040
Malicious code in bioql PyPI...
EUVD-2024-32419
Malicious code in bioql PyPI...
EUVD-2023-24367
Malicious code in bioql PyPI...
EUVD-2023-26452
Malicious code in bioql PyPI...
Stored Cross-site Scripting (XSS)
formcms is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper validation of uploaded avatar files, which allows an attacker to upload malicious .html files containing JavaScript that execute in a privileged user’s browser when accessed via a public URL...
CVE-2025-56710
A Cross-Site Request Forgery CSRF vulnerability was identified in the Profile Page of the PHPGurukul Student-Result-Management-System-Using-PHP-V2.0. This flaw allows an attacker to trick authenticated users into unintentionally modifying their account details. By crafting a malicious HTML page, ...
CVE-2025-59053
AIRI is a self-hosted, artificial intelligence based Grok Companion. In v0.7.2-beta.2 in the packages/stage-ui/src/components/MarkdownRenderer.vue path, the Markdown content is processed using the useMarkdown composable, and the processed HTML is rendered directly into the DOM using v-html. An...
CVE-2025-50733
NextChat has an XSS vulnerability in the HTMLPreview component (artifacts.tsx). User-influenced HTML from AI responses is rendered in an iframe with allow-scripts without proper sanitization, enabling injection of JavaScript. Impact stated includes exfiltration of sensitive data (e.g., API keys i...
Cross-site Scripting (XSS)
Overview mermaid is a package for generation of diagrams and flowcharts from text in a similar manner as markdown. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the calculateMathMLDimensions function, which was introduced in 5c69e5f. An attacker can execute...
CVE-2025-51488
A Stored Cross-Site Scripting XSS vulnerability exists in MoonShine version 3.12.4, allowing remote attackers to store and execute arbitrary JavaScript by including a malicious HTML payload in the Name parameter when creating a new Admin...
PT-2025-31558 · Cs Cart · Cs-Cart
Name of the Vulnerable Software and Affected Versions: CS Cart version 4.18.3 Description: A file upload vulnerability exists that allows attackers to execute arbitrary code. The software allows unrestricted upload of HTML files, which are rendered directly in the browser when accessed. This...
Google Chrome 安全漏洞
Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a type confusion vulnerability that stems from a flaw in the V8 engine's handling of malicious HTML pages. An attacker can exploit the vulnerability to trigger heap corruption via specially crafted HTML...
Cross-site Scripting (XSS)
Overview org.xwiki.rendering:xwiki-rendering-syntax-xhtml is a library for the XWiki Rendering Engine Affected versions of this package are vulnerable to Cross-site Scripting XSS via dependency on xdom+xml/current syntax. An attacker can execute arbitrary JavaScript code in the context of the...
Malicious code in 182-23run (npm)
The package is malicious due to HTML injection in index.js redirecting to adult/malicious sites and a YARA match on a suspicious URL...
CVE-2023-38007 IBM Cloud Pak System HTML injection
IBM Cloud Pak System 2.3.5.0, 2.3.3.7, 2.3.3.7 iFix1 on Power and 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.4.0, 2.3.4.1 on Intel operating systems is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browse...
SAP SAPUI5 跨站脚本漏洞
SAP SAPUI5 is a JavaScript application framework from SAP, a German company. A cross-site scripting vulnerability exists in SAP SAPUI5 that originates from allowing the injection of malicious HTML code that could result in a redirection to an attacker-controlled URL...
CVE-2024-22213
Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. In affected versions users could be tricked into executing malicious code that would execute in their browser via HTML sent as a comment. It is recommended that the...
CVE-2024-0243
With the following crawler configuration: python from bs4 import BeautifulSoup as Soup url = "https://example.com" loader = RecursiveUrlLoader url=url, maxdepth=2, extractor=lambda x: Soupx, "html.parser".text docs = loader.load An attacker in control of the contents of https://example.com could...
CVE-2023-20205
Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager EPNM could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface on an affected device...