12 matches found
EUVD-2025-30893
Malicious code in bioql PyPI...
CVE-2025-4760
An authenticated stored cross-site scripting XSS vulnerability exists in multiple WSO2 products due to improper validation of user-supplied input during API document upload in the Publisher portal. A user with publisher privileges can upload a crafted API document containing malicious JavaScript,...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Publisher portal. An attacker can execute arbitrary JavaScript in the context of another user's browser by uploading a crafted API document containing malicious scripts. This can lead to unauthorized UI...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Publisher portal. An attacker can execute arbitrary JavaScript in the context of another user's browser by uploading a crafted API document containing malicious scripts. This can lead to unauthorized UI...
GHSA-CMJC-QP7J-XGWR WSO2 carbon-apimgt affected by an authenticated stored cross-site scripting (XSS) vulnerability
An authenticated stored Cross-Site Scripting XSS vulnerability exists in WSO2 API Manager components carbon-apimgt due to insufficient validation of user-supplied input during API document upload in the Publisher portal. A user with publisher privileges can upload a crafted API document whose...
WSO2 carbon-apimgt affected by an authenticated stored cross-site scripting (XSS) vulnerability
An authenticated stored Cross-Site Scripting XSS vulnerability exists in WSO2 API Manager components carbon-apimgt due to insufficient validation of user-supplied input during API document upload in the Publisher portal. A user with publisher privileges can upload a crafted API document whose...
CVE-2025-4760
An authenticated stored cross-site scripting XSS vulnerability exists in multiple WSO2 products due to improper validation of user-supplied input during API document upload in the Publisher portal. A user with publisher privileges can upload a crafted API document containing malicious JavaScript,...
CVE-2025-4760
An authenticated stored cross-site scripting XSS vulnerability exists in multiple WSO2 products due to improper validation of user-supplied input during API document upload in the Publisher portal. A user with publisher privileges can upload a crafted API document containing malicious JavaScript,...
CVE-2025-4760 Authenticated Stored Cross-Site Scripting (XSS) in Multiple WSO2 Products via API Document Upload in Publisher
An authenticated stored cross-site scripting XSS vulnerability exists in multiple WSO2 products due to improper validation of user-supplied input during API document upload in the Publisher portal. A user with publisher privileges can upload a crafted API document containing malicious JavaScript,...
CVE-2025-4760
CVE-2025-4760 is an authenticated stored XSS vulnerability in multiple WSO2 products, arising from improper validation of user-supplied input during API document upload in the Publisher portal. A user with publisher privileges can upload a crafted API document containing malicious JavaScript that...
Malicious code in samsungads-publisher-portal-authorizer (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 3bdf69166b497f7cd30a51ffff97b600796cbf77f8a34ead71e7ed700f40dfc7 The OpenSSF Package Analysis project identified 'samsungads-publisher-portal-authorizer' @ 99999.999.0 npm as malicious. It is considered...
MAL-2024-924 Malicious code in samsungads-publisher-portal-authorizer (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 3bdf69166b497f7cd30a51ffff97b600796cbf77f8a34ead71e7ed700f40dfc7 The OpenSSF Package Analysis project identified 'samsungads-publisher-portal-authorizer' @ 99999.999.0 npm as malicious. It is considered...