PT-2025-30053 · Unknown · @Nuxtjs/Mdc

Name of the Vulnerable Software and Affected Versions: @nuxtjs/mdc versions prior to 0.17.2 Description: A remote script-inclusion / stored cross-site scripting issue exists in @nuxtjs/mdc. A Markdown author can inject a element, which rewrites how relative URLs are resolved. This allows an...

CVE-2025-53926

Emlog is an open source website building system. A cross-site scripting XSS vulnerability in emlog up to and including pro-2.5.17 allows remote attackers to inject arbitrary web script or HTML via the comment and comname parameters. Reflected XSS requires the victim to send POST requests, therefo...

CVE-2025-53926 Emlog has Stored Cross-site Scripting vulnerability due to error

Emlog is an open source website building system. A cross-site scripting XSS vulnerability in emlog up to and including pro-2.5.17 allows remote attackers to inject arbitrary web script or HTML via the comment and comname parameters. Reflected XSS requires the victim to send POST requests, therefo...

emlog 安全漏洞

emlog is emlog open source a PHP and MySQL based CMS website builder. A security vulnerability exists in emlog pro-2.5.17 and earlier versions, which stems from insufficient keyword parameter cleanup, and could lead to a remote attacker injecting arbitrary Web scripts...

PT-2025-29838 · Emlog · Emlog

Name of the Vulnerable Software and Affected Versions: Emlog versions through 2.5.17 Description: Emlog is a website building system. A cross-site scripting XSS issue exists in versions up to and including 2.5.17, allowing remote attackers to inject arbitrary web script or HTML via the comment an...

Malicious code in crpt (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 27d11f666afed6152d1e6e4f510ee725397a411a11ca6338fb5583dd21b400cc Importing the module starts downloading or decrypting, and then executing an executable being a wide recognized malware/Infostealer Redline family --- Category...

CVE-2025-28245

Cross-site scripting XSS vulnerability in Alteryx Server 2023.1.1.460 allows remote attackers to inject arbitrary web script or HTML via the notification body...

The vulnerability of the General HTML Support function (GHS) and the HTML embed panel in the Block Toolbar of the CKEditor editor allows attackers to execute XSS attacks.

The vulnerability of the General HTML Support function and the HTML embed panel in the Block Toolbar WYSIWYG-editor CKEditor is related to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability may allow a malicious actor to carry out XSS attacks remotely...

MAL-2025-191748 Malicious code in hancsv (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 bb3fdca931bea8323cd7a8c2578f6d0c0594b3ea1b30df1819830168fe90983b Importing the module triggers downloading and executing Powershell script. The script collects information about the host including e.g. startup applications a...

CVE-2025-25905

Cross-Site Scripting XSS vulnerability in CADClick v1.13.0 and before allows remote attackers to inject arbitrary web script or HTML via the "tree" parameter...

Malicious code in chimera-sandbox-extensions (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 9b87170278a2bed3680592ca4efa2d402a56ee044fcfea4b95831e545431a794 When started, the code attempts to access multiple domains based on the generating algorithm. Once one valid is found, it downloads a script and executes it. T...

MAL-2025-191701 Malicious code in chimera-sandbox-extensions (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 9b87170278a2bed3680592ca4efa2d402a56ee044fcfea4b95831e545431a794 When started, the code attempts to access multiple domains based on the generating algorithm. Once one valid is found, it downloads a script and executes it. T...

CVE-2025-23200

librenms is a community-based GPL-licensed network monitoring system. Affected versions are subject to a stored XSS on the parameter: ajaxform.php - param: state. Librenms versions up to 24.10.1 allow remote attackers to inject malicious scripts. When a user views or interacts with the page...

CVE-2024-47854

An XSS vulnerability was discovered in Veritas Data Insight before 7.1. It allows a remote attacker to inject an arbitrary web script into an HTTP request that could reflect back to an authenticated user without sanitization if executed by that user...

CVE-2024-31648

Cross Site Scripting XSS in Insurance Management System v1.0, allows remote attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category Name parameter at /core/newcategory2...

CVE-2024-30883

Reflected Cross Site Scripting XSS vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the aspectRatio parameter in the image cropping function...

CVE-2024-30848

Cross-site scripting XSS vulnerability in SilverSky E-mail service version 5.0.3126 allows remote attackers to inject arbitrary web script or HTML via the version parameter...

CVE-2024-30879

Reflected Cross Site Scripting XSS vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the boxId parameter in the image cropping function...

CVE-2024-32564

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPXPO PostX ultimate-post allows DOM-Based XSS.This issue affects PostX: from n/a through = 4.0.1...

CVE-2024-53284

Improper neutralization of input during web page generation 'Cross-site Scripting' vulnerability in WiFi Connect Setting functionality in Synology Router Manager SRM before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to read or write specific files containing...