MachSol MachPanel 安全漏洞

MachSol MachPanel is a cloud automation control panel and billing platform from US-based MachSol. A security vulnerability exists in MachSol MachPanel version 8.0.32, which stems from mishandling of specially crafted PDF files and could lead to the execution of arbitrary web script or HTML...

Malicious code in telegrem (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f2186dc29d07dc851d756bae0b5d080ebe5923efe6654fdb4aa9ec55bbba9b6a The package, distinguished as a speed testing or typosquatted Telegram library, contains a Telegram bot to perform remote control of the computer --- Category:...

MAL-2025-192943 Malicious code in telegrem (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f2186dc29d07dc851d756bae0b5d080ebe5923efe6654fdb4aa9ec55bbba9b6a The package, distinguished as a speed testing or typosquatted Telegram library, contains a Telegram bot to perform remote control of the computer --- Category:...

RiteCMS Cross-Site Scripting Vulnerability

RiteCMS is an open source content management system based on php and sqlite. RiteCMS suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data, which can be exploited by an attacker to execute arbitrary Web...

Kentico Xperience cross-site scripting vulnerability (CNVD-2026-05127)

Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the administration interface, which can be exploited by an attacker to execute...

Kentico Xperience cross-site scripting vulnerability (CNVD-2026-04266)

Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary web script or HTML by injecting a crafted payload...

Kentico Xperience Rich Text Editor Component Cross-Site Scripting Vulnerability

Kentico Xperience is a digital experience platform from Kentico. A cross-site scripting vulnerability exists in the Kentico Xperience rich text editor component that can be exploited by an attacker to execute arbitrary script in a user's browser...

CVE-2025-14412

Soda PDF Desktop XLS File Insufficient UI Warning Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Soda PDF Desktop. User interaction is required to exploit this vulnerability in that the target must visit a...

CVE-2025-14418 pdfforge PDF Architect XLS File Insufficient UI Warning Remote Code Execution Vulnerability

pdfforge PDF Architect XLS File Insufficient UI Warning Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of pdfforge PDF Architect. User interaction is required to exploit this vulnerability in that the target must...

CVE-2025-65270

Reflected cross-site scripting XSS vulnerability in ClinCapture EDC 3.0 and 2.2.3, allowing an unauthenticated remote attacker to execute JavaScript code in the context of the victim's browser...

CVE-2023-53976

myBB Forums 1.8.26 contains a stored cross-site scripting vulnerability in the template management system that allows authenticated administrators to inject malicious scripts when creating new templates. Attackers can exploit this vulnerability by inserting script payloads in the template title...

Piranha CMS 安全漏洞

Piranha CMS is Piranha CMS open source a friendly editor-centric CMS used as . A security vulnerability exists in Piranha CMS that stems from the injection of a specially crafted payload into the Excerpt field that could lead to the execution of arbitrary web script or HTML...

Piranha CMS 安全漏洞

Piranha CMS is Piranha CMS open source a friendly editor-centered CMS used as . A security vulnerability exists in Piranha CMS that stems from the injection of a specially crafted payload into the Name field that could lead to the execution of arbitrary web script or HTML...

CVE-2025-65790

A reflected cross-site scripting XSS vulnerability exists in FuguHub 8.1 when serving SVG files through the /fs/ file manager interface. FuguHub does not sanitize or restrict script execution inside SVG content. When a victim opens a crafted SVG containing an inline element, the browser executes...

WordPress GPXpress plugin cross-site scripting vulnerability

WordPress GPXpress plugin is a plugin for WordPress that is mainly used to embed aesthetically pleasing maps to display GPX paths. A cross-site scripting vulnerability exists in the WordPress GPXpress plugin, which stems from the lack of effective filtering and escaping of user-supplied data in t...

CVE-2025-66521

A stored cross-site scripting XSS vulnerability exists in pdfonline.foxit.com within the Trusted Certificates feature. A crafted payload can be injected as the certificate name, which is later rendered into the DOM without proper sanitization. As a result, the injected script executes each time t...

CVE-2025-66520

A stored cross-site scripting XSS vulnerability exists in the Portfolio feature of the Foxit PDF Editor cloud pdfonline.foxit.com. User-supplied SVG files are not properly sanitized or validated before being inserted into the HTML structure. As a result, embedded HTML or JavaScript within a craft...

CVE-2025-66502

A stored cross-site scripting XSS vulnerability exists in pdfonline.foxit.com within the Page Templates feature. A crafted payload can be stored as the template name, which is later rendered into the DOM without proper sanitization. As a result, the injected script executes each time the affected...

CVE-2023-53925

UliCMS 2023.1 contains a stored cross-site scripting vulnerability that allows attackers to upload malicious SVG files with embedded JavaScript. Attackers can upload crafted SVG files through the file management interface that execute arbitrary scripts when viewed by other users...

Cross-site Scripting (XSS)

Overview kibana is an open source Apache Licensed, browser-based analytics and search dashboard for Elasticsearch. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the function handler in the Vega AST evaluator. An attacker can execute arbitrary scripts in the...