CVE-2021-47906

BloofoxCMS 0.5.2.1 contains a stored cross-site scripting vulnerability in the articles text parameter that allows authenticated attackers to inject malicious scripts. Attackers can insert malicious javascript payloads in the text field to execute scripts and potentially steal authenticated users...

CVE-2018-25132

MyBB Trending Widget Plugin 1.2 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through thread titles. Attackers can modify thread titles with script payloads that will execute when other users view the trending widget...

CVE-2018-25116

MyBB Thread Redirect Plugin 0.2.1 contains a cross-site scripting vulnerability in the custom text input field for thread redirects. Attackers can inject malicious SVG scripts that will execute when other users view the thread, allowing arbitrary script execution...

CVE-2021-47906

CVE-2021-47906 affects BloofoxCMS 0.5.2.1, with a stored cross-site scripting (XSS) vulnerability in the articles text parameter. The root cause is unfiltered user input in the text field, allowing authenticated attackers to inject JavaScript payloads that can execute in other users’ browsers and...

CVE-2018-25116 MyBB Thread Redirect Plugin 0.2.1 - Cross-Site Scripting

MyBB Thread Redirect Plugin 0.2.1 contains a cross-site scripting vulnerability in the custom text input field for thread redirects. Attackers can inject malicious SVG scripts that will execute when other users view the thread, allowing arbitrary script execution...

GO-2026-4312 Envoy Extension Policy lua scripts injection causes arbitrary command execution in github.com/envoyproxy/gateway

Envoy Extension Policy lua scripts injection causes arbitrary command execution in github.com/envoyproxy/gateway...

PT-2026-4508

Name of the Vulnerable Software and Affected Versions PEEL Shopping version 9.3.0 Description PEEL Shopping 9.3.0 has a stored cross-site scripting issue in the 'Comments / Special Instructions' parameter of the purchase page. An attacker can inject malicious JavaScript payloads that execute when...

MAL-2026-470 Malicious code in urlsssser (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 242b446cd6cce908f668bfc1b199aa8f54a9ee1138b399ea6012f3b2bd2624e8 Package does not contain malicious code, but was published as a part of the malicious campaign and is used during further infection stages --- Category:...

CVE-2025-69317

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in scriptsbundle CarSpot carspot allows Reflected XSS.This issue affects CarSpot: from n/a through 2.4.6...

Delta Electronics DIAView

RISK EVALUATION Successful exploitation of this vulnerability could enable an attacker to execute arbitrary code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. CISA reminds organizations to perform proper impact...

CVE-2026-24037

Horilla is a free and open source Human Resource Management System HRMS. In version 1.4.0, the hasxss function attempts to block XSS by matching input against a set of regex patterns. However, the regexes are incomplete and context-agnostic, making them easy to bypass. Attackers are able to...

Rufus security vulnerabilities

Rufus is a reliable USB formatting tool developed by Pete Batard as an individual developer. Versions of Rufus 4.11 and earlier contained security vulnerabilities. These vulnerabilities stemmed from race conditions during the creation, validation, and execution of Fido PowerShell scripts, which...

PT-2026-4030

Name of the Vulnerable Software and Affected Versions AdForest Elementor versions through 3.0.11 Description The software contains a flaw due to improper handling of user-supplied data when creating web pages, potentially leading to Reflected Cross-site Scripting XSS. This means that malicious co...

CVE-2021-47858

Genexis Platinum-4410 P4410-V2-1.31A contains a stored cross-site scripting (XSS) vulnerability in the start_addr field of the Security Management interface. The vulnerability allows injecting scripts that persist and execute for privileged users when they access the security management page. A P...

CVE-2021-47851

Mini Mouse 9.2.0 is affected by a remote code execution vulnerability exposed via an unauthenticated HTTP endpoint. The issue allows an attacker to download and execute payloads by sending crafted JSON to /op=command, resulting in arbitrary command execution with network access and high confident...

CVE-2025-41084

Stored Cross-Site Scripting XSS vulnerability in Sesame web application, due to the fact that uploaded SVG images are not properly sanitized. This allows attackers to embed malicious scripts in SVG files by sending a POST request using the 'logo' parameter in '/api/v3/companies//logo', which are...

Control Web Panel key parameter command injection

Added: 01/21/2026 Background Control Web Panel is a web hosting panel for Linux. Problem A command injection vulnerability allows remote attackers to execute arbitrary commands by sending a specially crafted key parameter. Resolution Upgrade to Control Web Panel 0.9.8.1209 or higher. References...

Control Web Panel key parameter command injection

Added: 01/21/2026 Background Control Web Panel is a web hosting panel for Linux. Problem A command injection vulnerability allows remote attackers to execute arbitrary commands by sending a specially crafted key parameter. Resolution Upgrade to Control Web Panel 0.9.8.1209 or higher. References...

CVE-2025-41084 Stored Cross-Site Scripting (XSS) in Sesame web application

Stored Cross-Site Scripting XSS vulnerability in Sesame web application, due to the fact that uploaded SVG images are not properly sanitized. This allows attackers to embed malicious scripts in SVG files by sending a POST request using the 'logo' parameter in '/api/v3/companies//logo', which are...

PT-2026-3640

Abacre Retail Point of Sale 14.0.0.396 is affected by a stored cross-site scripting XSS vulnerability in the Clients module. The application fails to properly sanitize user-supplied input stored in the Name and Surname fields. An attacker can insert malicious HTML or script content into these...