99 matches found
EUVD-2025-15235
Malicious code in bioql PyPI...
EUVD-2022-32375
Malicious code in bioql PyPI...
EUVD-2022-31129
Malicious code in bioql PyPI...
EUVD-2022-47306
Malicious code in bioql PyPI...
CVE-2025-9440 1000projects Online Project Report Submission and Evaluation System add_title.php cross site scripting
A security vulnerability has been detected in 1000projects Online Project Report Submission and Evaluation System 1.0. Affected by this issue is some unknown functionality of the file /admin/addtitle.php. Such manipulation of the argument Title leads to cross site scripting. The attack may be...
CVE-2025-51990
XWiki through version 17.3.0 is affected by multiple stored Cross-Site Scripting XSS vulnerabilities in the Administration interface, specifically under the Presentation section of the Global Preferences panel. An authenticated administrator can inject arbitrary JavaScript payloads into the HTTP...
CVE-2025-7808
The CVE-2025-7808 issue affects the WP Shopify WordPress plugin prior to version 1.5.4, where an input parameter is not sanitized/escaped before being reflected on the page, enabling a Reflected XSS against high-privilege users (e.g., admins). Multiple sources (Red Hat, patchstack, NVD/NVD-enrich...
CVE-2025-53923 Emlog vulnerable to reflected Cross-site Scripting in admin panel
Emlog is an open source website building system. A cross-site scripting XSS vulnerability in emlog up to and including pro-2.5.17 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter. Due to lack of sanitization it is possible to inject HTML/JS code into keywor...
CVE-2025-50695
PHPGurukul Online DJ Booking Management System 2.0 is vulnerable to Cross Site Scripting XSS in /admin/view-booking-detail.php and /admin/invoice-generating.php...
CVE-2025-44115
CVE-2025-44115 affects Cotonti Siena v0.9.25. The vulnerability is a cross-site scripting (XSS) flaw in the admin endpoint at /admin.php?m=config&n=edit&o=core&p=title where the value of the title parameter can be manipulated to inject script. According to connected sources, exploitation requires...
CVE-2025-5177
A vulnerability was found in Realce Tecnologia Queue Ticket Kiosk up to 20250517. It has been rated as problematic. This issue affects some unknown processing of the file /adm/index.php of the component Admin Login Page. The manipulation of the argument Usuário leads to cross site scripting. The...
CVE-2024-27626
A Reflected Cross-Site Scripting XSS vulnerability has been identified in Dotclear version 2.29. The flaw exists within the Search functionality of the Admin Panel...
CVE-2024-12736
The BU Section Editing WordPress plugin through 0.9.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2023-3182
The Membership WordPress plugin before 3.2.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2023-2803
The Ultimate Addons for Contact Form 7 WordPress plugin before 3.1.29 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2022-4325
The Post Status Notifier Lite WordPress plugin before 1.10.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which can be used against high privilege users such as admin...
CVE-2022-1566
The Quotes llama WordPress plugin before 1.0.0 does not sanitise and escape Quotes, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed. The attack could also be performed by tricking an admin to import a malicious CS...
CVE-2022-3139
The We’re Open! WordPress plugin before 1.42 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-12770
The WP ULike WordPress plugin before 4.7.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-10143
The MB Custom Post Types & Custom Taxonomies WordPress plugin before 2.7.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...