GTranslate < 2.8.65 - Cross-Site Scripting

In the Pro and Enterprise versions of GTranslate 2.8.65, the gtranslaterequesturivar function runs at the top of all pages and echoes out the contents of $SERVER'REQUESTURI'. Although this uses addslashes, and most modern browsers automatically URLencode requests, this plugin is still vulnerable ...

CVE-2021-22872

Revive Adserver before 5.1.0 is vulnerable to a reflected cross-site scripting XSS vulnerability via the publicly accessible afr.php delivery script. While this issue was previously addressed in modern browsers as CVE-2020-8115, some older browsers e.g., IE10 that do not automatically URL encode...

CVE-2024-13993 Nagios XI < 2024R1.1.2 Reflected XSS via Login Page on Older Browsers

Nagios XI versions prior to 2024R1.1.2 are vulnerable to a reflected cross-site scripting XSS via the login page when accessed with older web browsers. Insufficient validation or escaping of user-supplied input reflected by the login page can allow an attacker to craft a malicious link that, when...

CVE-2024-13993

Nagios XI versions prior to 2024R1.1.2 are vulnerable to a reflected cross-site scripting (XSS) attack on the login page when accessed with older browsers. The root cause is insufficient validation/escaping of user-supplied input reflected by the login page, enabling a crafted link to execute arb...

CVE-2024-13993 Nagios XI < 2024R1.1.2 Reflected XSS via Login Page on Older Browsers

Nagios XI versions prior to 2024R1.1.2 are vulnerable to a reflected cross-site scripting XSS via the login page when accessed with older web browsers. Insufficient validation or escaping of user-supplied input reflected by the login page can allow an attacker to craft a malicious link that, when...

PT-2025-44496

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 2024R1.1.2 Description The software is susceptible to a reflected cross-site scripting XSS issue via the login page when accessed using older web browsers. Insufficient validation or escaping of user-supplied input...

EUVD-2021-10007

Malware in sbrugna...

EUVD-2019-8655

Malware in sbrugna...

EUVD-2020-6470

Malware in sbrugna...

EUVD-2022-25037

Malicious code in bioql PyPI...

EUVD-2022-6089

Malicious code in bioql PyPI...

Improper Restriction of Rendered UI Layers or Frames

Overview Affected versions of this package are vulnerable to Improper Restriction of Rendered UI Layers or Frames via the iframe element. An attacker can execute unauthorized scripts in the context of a user's browser by embedding the application within a malicious frame. Note: This is only...

CVE-2025-41000

Cross-Frame Scripting XFS vulnerability in BoomCMS v9.1.4 from UXB London. XFS is a web attack technique that exploits specific browser bugs to spy on users via JavaScript. This type of attack is based on social engineering and depends entirely on the browser chosen by the user, so it is perceive...

CVE-2025-41000 Cross-Frame Scripting (XFS) in BoomCMS

Cross-Frame Scripting XFS vulnerability in BoomCMS v9.1.4 from UXB London. XFS is a web attack technique that exploits specific browser bugs to spy on users via JavaScript. This type of attack is based on social engineering and depends entirely on the browser chosen by the user, so it is perceive...

CVE-2025-41000

Summary: CVE-2025-41000 describes a Cross-Frame Scripting (XFS) vulnerability in BoomCMS v9.1.4 from UXB London. The vulnerability stems from an XFS-style web attack that can expose user information via JavaScript when the application is embedded in a malicious frame; exploitation is linked to so...

CVE-2025-41000 Cross-Frame Scripting (XFS) in BoomCMS

Cross-Frame Scripting XFS vulnerability in BoomCMS v9.1.4 from UXB London. XFS is a web attack technique that exploits specific browser bugs to spy on users via JavaScript. This type of attack is based on social engineering and depends entirely on the browser chosen by the user, so it is perceive...

PT-2025-35710

Name of the Vulnerable Software and Affected Versions: BoomCMS version 9.1.4 Description: This issue is a Cross-Frame Scripting XFS vulnerability. XFS is a web attack technique that exploits specific browser bugs to spy on users via JavaScript and relies on social engineering. It is perceived as ...

CVE-2025-8046

The Injection Guard WordPress plugin before 1.2.8 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...

CVE-2022-30120

XSS in /dashboard/blocks/stacks/viewdetails/ - old browsers only. When using an older browser with built-in XSS protection disabled, insufficient sanitation where built urls are outputted can be exploited for Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2 to allow XSS. This cannot...

CVE-2015-9319

The gregs-high-performance-seo plugin before 1.6.2 for WordPress has XSS in the context of an old browser...