255 matches found
EUVD-2018-2052
Malware in sbrugna...
EUVD-2019-13785
Malware in sbrugna...
EUVD-2018-12426
Malware in sbrugna...
EUVD-2019-13991
Malware in sbrugna...
EUVD-2022-36210
Malicious code in bioql PyPI...
CVE-2025-52462
Cross-site scripting vulnerability exists in Active! mail 6 BuildInfo: 6.30.01004145 to 6.60.06008562. If this vulnerability is exploited, an arbitrary script may be executed on the logged-in user's web browser when the user is accessing a specially crafted URL...
CVE-2025-52462
CVE-2025-52462 is a Cross-site scripting vulnerability affecting Active! mail versions 6.30.01004145 through 6.60.06008562. The issue can allow arbitrary script execution in the logged-in user’s browser when visiting a specially crafted URL. Affected product: Active! mail. Remediation per multipl...
GHSA-79M3-RVX2-3QQ9 Reflected Cross-Site Scripting (XSS) in module actions in edit mode
A specially crafted URL may be constructed which can inject an XSS payload that is triggered by using some module actions...
CVE-2022-33165
IBM Security Directory Server 6.4.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system. IBM X-Force ID: 228582...
CVE-2023-38012 IBM Cloud Pak System directory traversal
IBM Cloud Pak System 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, and 2.3.4.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system...
CVE-2024-41784 IBM Sterling Secure Proxy directory traversal
IBM Sterling Secure Proxy 6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, and 6.1.0.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot dot" sequences /.../ to view arbitrary files on the system...
CVE-2024-8942
Vulnerability in Scriptcase version 9.4.019 that consists of a Cross-Site Scripting XSS, due to the lack of input validation, affecting the “idformmsgtitle” parameter, among others. This vulnerability could allow a remote user to send a specially crafted URL to a victim and retrieve their...
CVE-2024-8942 Cross-site Scripting vulnerability on Scriptcase
Vulnerability in Scriptcase version 9.4.019 that consists of a Cross-Site Scripting XSS, due to the lack of input validation, affecting the “idformmsgtitle” parameter, among others. This vulnerability could allow a remote user to send a specially crafted URL to a victim and retrieve their...
CVE-2024-6456
AVEVA Historian Server has a vulnerability, if exploited, could allow a malicious SQL command to execute under the privileges of an interactive Historian REST Interface user who had been socially engineered by a miscreant into opening a specially crafted URL...
CVE-2024-33993
Cross-Site Scripting XSS vulnerability in School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain their session details via the 'view' parameter in /candidate/index.php'...
CVE-2024-33988
Cross-Site Scripting XSS vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'Attendance', 'attenddate' and...
CVE-2024-33985
Cross-Site Scripting XSS vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'View' parameter in '/course/index.php...
CVE-2024-33994
The CVE-2024-33994 describes a Cross-Site Scripting (XSS) vulnerability in School Event Management System version 1.0. The issue is triggered by crafting a URL that targets the view parameter in /event/index.php, enabling an attacker to obtain a victim’s session details. The NVD entry lists the a...
CVE-2024-33993 Cross-Site Scripting (XSS) vulnerability in Janobe School Event Management System
Cross-Site Scripting XSS vulnerability in School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain their session details via the 'view' parameter in /candidate/index.php'...
CVE-2024-33993
CVE-2024-33993 describes a Cross-Site Scripting (XSS) vulnerability in School Event Management System v1.0. The issue is triggered when an attacker constructs a specially crafted URL exploiting the 'view' parameter in /candidate/index.php to obtain a victim’s session details. The connected source...