468 matches found
EUVD-2025-1831
Malicious code in bioql PyPI...
EUVD-2025-9940
Malicious code in bioql PyPI...
EUVD-2025-12362
Malicious code in bioql PyPI...
EUVD-2024-1803
Malicious code in bioql PyPI...
EUVD-2024-46725
Malicious code in bioql PyPI...
EUVD-2023-2064
Malicious code in bioql PyPI...
EUVD-2023-1574
Malicious code in bioql PyPI...
EUVD-2025-12368
Malicious code in bioql PyPI...
CVE-2025-0708
A vulnerability was found in fumiao opencms 2.2. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/model/addOrUpdate of the component Add Model Management Page. The manipulation of the argument 模板前缀 leads to cross site scripting. The attack can be...
CVE-2024-5521
Two Cross-Site Scripting vulnerabilities have been discovered in Alkacon's OpenCMS affecting version 16, which could allow a user having the roles of gallery editor or VFS resource manager will have the permission to upload images in the .svg format containing JavaScript code. The code will be...
CVE-2024-5520
Two Cross-Site Scripting vulnerabilities have been discovered in Alkacon's OpenCMS affecting version 16, which could allow a user with sufficient privileges to create and modify web pages through the admin panel, can execute malicious JavaScript code, after inserting code in the “title” field...
CVE-2023-31544
A stored cross-site scripting XSS vulnerability in alkacon-OpenCMS v11.0.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field under the Upload Image module...
CVE-2023-37602
An arbitrary file upload vulnerability in the component /workplace!explorer of Alkacon OpenCMS v15.0 allows attackers to execute arbitrary code via uploading a crafted PNG file...
CVE-2021-3312
An XML external entity XXE vulnerability in Alkacon OpenCms 11.0, 11.0.1 and 11.0.2 allows remote authenticated users with edit privileges to exfiltrate files from the server's file system by uploading a crafted SVG document...
CVE-2021-25968
In “OpenCMS”, versions 10.5.0 to 11.0.2 are affected by a stored XSS vulnerability that allows low privileged application users to store malicious scripts in the Sitemap functionality. These scripts are executed in a victim’s browser when they open the page containing the vulnerable field...
CVE-2013-4600
Multiple cross-site scripting XSS vulnerabilities in Alkacon OpenCms before 8.5.2 allow remote attackers to inject arbitrary web script or HTML via the 1 title parameter to system/workplace/views/admin/admin-main.jsp or the 2 requestedResource parameter to system/login/index.html...
CVE-2019-13234
In the Alkacon OpenCms Apollo Template 10.5.4 and 10.5.5, there is XSS in the search engine...
CVE-2019-11818
Alkacon OpenCMS v10.5.4 and before is affected by stored cross site scripting XSS in the module New User /opencms/system/workplace/admin/accounts/usernew.jsp. This allows an attacker to insert arbitrary JavaScript as user input First Name or Last Name, which will be executed whenever the affected...
CVE-2019-13235
In the Alkacon OpenCms Apollo Template 10.5.4 and 10.5.5, there is XSS in the Login form...
CVE-2019-13236
In system/workplace/ in Alkacon OpenCms 10.5.4 and 10.5.5, there are multiple Reflected and Stored XSS issues in the management interface...