222284 matches found
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the SVG file upload process. An attacker can execute arbitrary scripts in the context of a user's browser session by uploading a specially crafted SVG file. Details Cross-site scripting or XSS is a code...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the SVG file upload process. An attacker can execute arbitrary scripts in the context of a user's browser session by uploading a specially crafted SVG file. Details Cross-site scripting or XSS is a code...
FUXA allows Remote Code Execution (RCE) via the project import functionality.
FUXA v1.2.7 allows Remote Code Execution RCE via the project import functionality. The application does not properly sanitize or sandbox user-supplied scripts within imported project files. An attacker can upload a malicious project containing system commands, leading to full system compromise...
CVE-2025-69983
FUXA v1.2.7 allows Remote Code Execution RCE via the project import functionality. The application does not properly sanitize or sandbox user-supplied scripts within imported project files. An attacker can upload a malicious project containing system commands, leading to full system compromise...
CVE-2020-37103
DotNetNuke 9.5 contains a persistent cross-site scripting vulnerability that allows normal users to upload malicious XML files with executable scripts through journal tools. Attackers can upload XML files with XHTML namespace scripts to execute arbitrary JavaScript in users' browsers, potentially...
CVE-2020-37103 DotNetNuke 9.5 - Persistent Cross-Site Scripting
DotNetNuke 9.5 contains a persistent cross-site scripting vulnerability that allows normal users to upload malicious XML files with executable scripts through journal tools. Attackers can upload XML files with XHTML namespace scripts to execute arbitrary JavaScript in users' browsers, potentially...
Malicious code in tableshow (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 4fe9c764b4cb621cdd65c3dee4c4cf00cc273aab33642ebce5690b3d5c8d71e1 Packages contain hidden code that is effectively run during importing or using the library, and downloads second stage code. Then, a process running in...
MAL-2026-686 Malicious code in tableapys (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 2aff2faef3705b6233a6df3d6b39f4f9b88ff522aa7c343cd8d36eb1a40405d6 Packages contain hidden code that is effectively run during importing or using the library, and downloads second stage code. Then, a process running in...
Tendenci CMS Contains a Cross-site Scripting Vulnerability in its Jobs Module
A stored cross-site scripting XSS vulnerability in the Jobs module of Tendenci CMS v15.3.7 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload...
UBUNTU-CVE-2025-61637
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Action/mediawiki.Action.Edit.Preview.Js, resources/src/mediawiki.Page.Preview.Js...
Brocade SANnav ćźć šæŒæŽ
Brocade SANnav is a storage area network management software developed by the American company Brocade. Prior to version 3.0 of Brocade SANnav, there were security vulnerabilities. These vulnerabilities stemmed from issues with migration scripts, which could lead to SQL queries from the database...
CVE-2025-69983
FUXA v1.2.7 allows Remote Code Execution RCE via the project import functionality. The application does not properly sanitize or sandbox user-supplied scripts within imported project files. An attacker can upload a malicious project containing system commands, leading to full system compromise...
CVE-2025-69983
FUXA v1.2.7 allows Remote Code Execution RCE via the project import functionality. The application does not properly sanitize or sandbox user-supplied scripts within imported project files. An attacker can upload a malicious project containing system commands, leading to full system compromise...
CVE-2025-69983
FUXA v1.2.7 allows Remote Code Execution RCE via the project import functionality. The application does not properly sanitize or sandbox user-supplied scripts within imported project files. An attacker can upload a malicious project containing system commands, leading to full system compromise...
EUVD-2025-206715
FUXA v1.2.7 allows Remote Code Execution RCE via the project import functionality. The application does not properly sanitize or sandbox user-supplied scripts within imported project files. An attacker can upload a malicious project containing system commands, leading to full system compromise...
PT-2026-5981
Name of the Vulnerable Software and Affected Versions FUXA version 1.2.7 Description FUXA version 1.2.7 contains a Remote Code Execution RCE issue through the project import functionality. The application fails to properly sanitize or sandbox user-supplied scripts within imported project files. A...
PT-2026-5824
Victor CMS 1.0 contains an authenticated file upload vulnerability that allows administrators to upload PHP files with arbitrary content through the user image parameter. Attackers can upload a malicious PHP shell to the /img/ directory and execute system commands by accessing the uploaded file...
CVE-2025-69983
FUXA v1.2.7 is affected by a Remote Code Execution (RCE) vulnerability through the project import functionality. The root cause is improper sanitization/sandboxing of user-supplied scripts within imported project files, enabling an attacker to upload a malicious project containing system commands...
PT-2026-6408
Summary FacturaScripts contains a critical SQL Injection vulnerability in the REST API that allows authenticated API users to execute arbitrary SQL queries through the sort parameter. The vulnerability exists in the ModelClass::getOrderBy method where user-supplied sorting parameters are directly...
melange pipeline working-directory could allow command injection
An attacker who can provide build input values, but not modify pipeline definitions, could execute arbitrary shell commands if the pipeline uses $vars. or $inputs. substitutions in working-directory. The field is embedded into shell scripts without proper quote escaping...