CVE-2025-27380 HTML Injection Leading to Script Execution in Altium Enterprise Server

HTML injection in Project Release in Altium Enterprise Server AES 7.0.3 on all platforms allows an authenticated attacker to execute arbitrary JavaScript in the victim’s browser via crafted HTML content...

EUVD-2026-3774

CVAT is an open source interactive video and image annotation tool for computer vision. In versions 2.2.0 through 2.54.0, an attacker is able to execute arbitrary JavaScript in a victim user's CVAT UI session, provided that they are able to create a maliciously crafted label in a CVAT task or...

EUVD-2026-3775

Saleor is an e-commerce platform. Starting in version 3.0.0 and prior to versions 3.20.108, 3.21.43, and 3.22.27, Saleor allowed authenticated staff users or Apps to upload arbitrary files, including malicious HTML and SVG files containing Javascript. Depending on the deployment strategy, these...

CVE-2026-23499

Saleor is an e-commerce platform. Starting in version 3.0.0 and prior to versions 3.20.108, 3.21.43, and 3.22.27, Saleor allowed authenticated staff users or Apps to upload arbitrary files, including malicious HTML and SVG files containing Javascript. Depending on the deployment strategy, these...

CVE-2021-47851

Mini Mouse 9.2.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary commands through an unauthenticated HTTP endpoint. Attackers can leverage the /op=command endpoint to download and execute payloads by sending crafted JSON requests with malicious script...

CVE-2025-54853

A reflected cross-site scripting xss vulnerability exists in the modifyUser functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...

Saleor code issue vulnerabilities

Saleor Commerce is an open-source interface software developed by Saleor Commerce. Versions of Saleor Commerce from 3.0.0 to 3.20.108, as well as versions before 3.21.43 and 3.22.27, had code vulnerabilities. These vulnerabilities stemmed from allowing authenticated employee users or applications...

CVE-2026-21642

HackerOne community member Patrick Lang 7yr has reported a reflected XSS vulnerability in the banner-acl.php and channel-acl.php scripts of Revive Adserver. An attacker can craft a specific URL that includes an HTML payload in a parameter. If a logged in administrator visits the URL, the HTML is...

CVE-2026-21642

HackerOne community member Patrick Lang 7yr has reported a reflected XSS vulnerability in the banner-acl.php and channel-acl.php scripts of Revive Adserver. An attacker can craft a specific URL that includes an HTML payload in a parameter. If a logged in administrator visits the URL, the HTML is...

CVE-2025-58092

Multiple reflected cross-site scripting xss vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This...

CVE-2025-53854

A reflected cross-site scripting xss vulnerability exists in the modifyHL7Route functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...

MiracleLinux 9 : tuned-2.24.0-2.el9_5.ML.1 (AXSA:2024-9446:06)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-9446:06 advisory. tuned: scriptpre and scriptpost options allow to pass arbitrary scripts executed by root CVE-2024-52336 tuned: improper sanitization of instancename...

MiracleLinux 9 : libreoffice-7.1.8.1-13.el9_4.ML.1 (AXSA:2024-8628:06)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8628:06 advisory. libreoffice: create a document which without prompt will execute scripts built-into LibreOffice on clicking a graphic CVE-2024-3044 Tenable has extracted the...

MiracleLinux 8 : libreoffice-6.4.7.2-17.el8_10.ML.1 (AXSA:2024-8544:05)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8544:05 advisory. libreoffice: create a document which without prompt will execute scripts built-into LibreOffice on clicking a graphic CVE-2024-3044 Tenable has extracted the...

PT-2026-3547

Stored Cross-Site Scripting XSS vulnerability in Sesame web application, due to the fact that uploaded SVG images are not properly sanitized. This allows attackers to embed malicious scripts in SVG files by sending a POST request using the 'logo' parameter in '/api/v3/companies//logo', which are...

MAL-2026-326 Malicious code in urlssser (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4a59189804dc7b527969a4ed7e4d95fac2b98812c309142270b27cdca47729be This package does not directly contain malicious code, but was uploaded as part of the malicious campaign and is used as a helper in further infection stages...

CVE-2026-23725

WeGIA is a web manager for charitable institutions. Prior to 3.6.2, a Stored Cross-Site Scripting XSS vulnerability was identified in the html/pet/adotantes/cadastroadotante.php and html/pet/adotantes/informacaoadotantes.php endpoint of the WeGIA application. The application does not sanitize...

CVE-2021-47808

Cotonti Siena 0.9.19 contains a stored cross-site scripting vulnerability in the admin configuration panel's site title parameter. Attackers can inject malicious JavaScript code through the 'maintitle' parameter to execute scripts when administrators view the page...

CVE-2019-25297

Poll, Survey & Quiz Maker Plugin by Opinion Stage Wordpress plugin versions prior to 19.6.25 contain a stored cross-site scripting XSS vulnerability via multiple parameters due to insufficient input validation and output escaping. An unauthenticated attacker can inject arbitrary script into conte...

Cross-site Scripting (XSS)

Vaadin Framework is vulnerable to a Cross-Site Scripting XSS. The vulnerability is due to action captions accepting unsanitized HTML content by default, which allows an attacker to inject and execute malicious scripts when user-controlled input is rendered in UI components...