Lucene search
K

12 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-30893

Malicious code in bioql PyPI...

4.8CVSS6.4AI score0.00173EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/09/25 2:53 a.m.4 views

CVE-2025-4760

An authenticated stored cross-site scripting XSS vulnerability exists in multiple WSO2 products due to improper validation of user-supplied input during API document upload in the Publisher portal. A user with publisher privileges can upload a crafted API document containing malicious JavaScript,...

4.8CVSS5.6AI score0.00173EPSS
Exploits0References1
Snyk
Snyk
added 2025/09/23 3:31 p.m.4 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Publisher portal. An attacker can execute arbitrary JavaScript in the context of another user's browser by uploading a crafted API document containing malicious scripts. This can lead to unauthorized UI...

4.8CVSS5.5AI score0.00173EPSS
Exploits0References2
Snyk
Snyk
added 2025/09/23 3:31 p.m.3 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Publisher portal. An attacker can execute arbitrary JavaScript in the context of another user's browser by uploading a crafted API document containing malicious scripts. This can lead to unauthorized UI...

4.8CVSS5.5AI score0.00173EPSS
Exploits0References2
OSV
OSV
added 2025/09/23 3:31 p.m.5 views

GHSA-CMJC-QP7J-XGWR WSO2 carbon-apimgt affected by an authenticated stored cross-site scripting (XSS) vulnerability

An authenticated stored Cross-Site Scripting XSS vulnerability exists in WSO2 API Manager components carbon-apimgt due to insufficient validation of user-supplied input during API document upload in the Publisher portal. A user with publisher privileges can upload a crafted API document whose...

4.8CVSS5.9AI score0.00173EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2025/09/23 3:31 p.m.9 views

WSO2 carbon-apimgt affected by an authenticated stored cross-site scripting (XSS) vulnerability

An authenticated stored Cross-Site Scripting XSS vulnerability exists in WSO2 API Manager components carbon-apimgt due to insufficient validation of user-supplied input during API document upload in the Publisher portal. A user with publisher privileges can upload a crafted API document whose...

4.8CVSS5.9AI score0.00173EPSS
Exploits0References6Affected Software2
NVD
NVD
added 2025/09/23 3:15 p.m.10 views

CVE-2025-4760

An authenticated stored cross-site scripting XSS vulnerability exists in multiple WSO2 products due to improper validation of user-supplied input during API document upload in the Publisher portal. A user with publisher privileges can upload a crafted API document containing malicious JavaScript,...

4.8CVSS0.00173EPSS
Exploits0References1
OSV
OSV
added 2025/09/23 3:15 p.m.4 views

CVE-2025-4760

An authenticated stored cross-site scripting XSS vulnerability exists in multiple WSO2 products due to improper validation of user-supplied input during API document upload in the Publisher portal. A user with publisher privileges can upload a crafted API document containing malicious JavaScript,...

4.8CVSS5.5AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/23 2:55 p.m.1 views

CVE-2025-4760 Authenticated Stored Cross-Site Scripting (XSS) in Multiple WSO2 Products via API Document Upload in Publisher

An authenticated stored cross-site scripting XSS vulnerability exists in multiple WSO2 products due to improper validation of user-supplied input during API document upload in the Publisher portal. A user with publisher privileges can upload a crafted API document containing malicious JavaScript,...

4.8CVSS5.2AI score0.00173EPSS
Exploits0References1
CVE
CVE
added 2025/09/23 2:55 p.m.24 views

CVE-2025-4760

CVE-2025-4760 is an authenticated stored XSS vulnerability in multiple WSO2 products, arising from improper validation of user-supplied input during API document upload in the Publisher portal. A user with publisher privileges can upload a crafted API document containing malicious JavaScript that...

4.8CVSS5.2AI score0.00173EPSS
Exploits0References1Affected Software4
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/01/29 2:55 p.m.2 views

Malicious code in samsungads-publisher-portal-authorizer (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 3bdf69166b497f7cd30a51ffff97b600796cbf77f8a34ead71e7ed700f40dfc7 The OpenSSF Package Analysis project identified 'samsungads-publisher-portal-authorizer' @ 99999.999.0 npm as malicious. It is considered...

7.1AI score
Exploits0
OSV
OSV
added 2024/01/29 2:55 p.m.4 views

MAL-2024-924 Malicious code in samsungads-publisher-portal-authorizer (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 3bdf69166b497f7cd30a51ffff97b600796cbf77f8a34ead71e7ed700f40dfc7 The OpenSSF Package Analysis project identified 'samsungads-publisher-portal-authorizer' @ 99999.999.0 npm as malicious. It is considered...

7.3AI score
Exploits0
Rows per page
Query Builder