2179 matches found
EUVD-2024-2429
Malicious code in bioql PyPI...
EUVD-2022-38571
Malicious code in bioql PyPI...
EUVD-2022-45436
Malicious code in bioql PyPI...
EUVD-2024-39253
Malicious code in bioql PyPI...
EUVD-2023-52540
Malicious code in bioql PyPI...
EUVD-2023-52641
Malicious code in bioql PyPI...
EUVD-2025-26075
Malicious code in bioql PyPI...
EUVD-2023-26433
Malicious code in bioql PyPI...
EUVD-2023-41417
Malicious code in bioql PyPI...
EUVD-2022-29640
Malicious code in bioql PyPI...
EUVD-2023-52510
Malicious code in bioql PyPI...
EUVD-2021-34629
Malicious code in bioql PyPI...
EUVD-2024-0025
Malicious code in bioql PyPI...
GE Reason S20 Ethernet Switch Improper Neutralization of Input During Web Page Generation (CVE-2020-16246)
The affected Reason S20 Ethernet Switch is vulnerable to cross-site scripting XSS, which may allow attackers to trick users into following a link or navigating to a page that posts a malicious JavaScript statement to the vulnerable site, causing the malicious JavaScript to be rendered by the site...
PT-2025-40256
Name of the Vulnerable Software and Affected Versions Fiora chat application versions 1.0.0 through 1.0.0 Description The Fiora chat application has a file upload issue related to the user avatar upload functionality. The application does not properly validate SVG file content. This allows...
CVE-2025-4760
An authenticated stored cross-site scripting XSS vulnerability exists in multiple WSO2 products due to improper validation of user-supplied input during API document upload in the Publisher portal. A user with publisher privileges can upload a crafted API document containing malicious JavaScript,...
CVE-2025-4760 Authenticated Stored Cross-Site Scripting (XSS) in Multiple WSO2 Products via API Document Upload in Publisher
An authenticated stored cross-site scripting XSS vulnerability exists in multiple WSO2 products due to improper validation of user-supplied input during API document upload in the Publisher portal. A user with publisher privileges can upload a crafted API document containing malicious JavaScript,...
CVE-2025-55887
Cross-Site Scripting XSS vulnerability was discovered in the meal reservation service ARD. The vulnerability exists in the transactionID GET parameter on the transaction confirmation page. Due to improper input validation and output encoding, an attacker can inject malicious JavaScript code that ...
CVE-2025-55888
Cross-Site Scripting XSS vulnerability was discovered in the Ajax transaction manager endpoint of ARD. An attacker can intercept the Ajax response and inject malicious JavaScript into the accountName field. This input is not properly sanitized or encoded when rendered, allowing script execution i...
PT-2025-37939
Name of the Vulnerable Software and Affected Versions: PPC 2K15X Router affected versions not specified Description: The router is susceptible to a reflected Cross-Site Scripting XSS attack due to improper input validation of Common Gateway Interface CGI parameters at its web management portal. A...