EUVD-2026-28795

i18next-locize-backend is a simple i18next backend for locize.com which can be used in Node.js, in the browser and for Deno. Prior to version 9.0.2, i18next-locize-backend interpolates lng, ns, projectId, and version directly into the configured loadPath / privatePath / addPath / updatePath /...

CVE-2023-53938

RockMongo 1.1.7 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts through multiple unencoded input parameters. Attackers can exploit the vulnerability by submitting crafted payloads in database, collection, and login parameters to execute...

CVE-2023-53938

RockMongo 1.1.7 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts through multiple unencoded input parameters. Attackers can exploit the vulnerability by submitting crafted payloads in database, collection, and login parameters to execute...

PT-2025-52317

Name of the Vulnerable Software and Affected Versions RockMongo version 1.1.7 Description RockMongo 1.1.7 contains a stored cross-site scripting issue that allows attackers to inject malicious scripts through multiple unencoded input parameters. Attackers can exploit this by submitting crafted...

CVE-2022-35224

SAP Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. This attack can be used to non-permanently deface or modify portal content. The execution of script content by a...

CVE-2021-38183

SAP NetWeaver - versions 700, 701, 702, 730, does not sufficiently encode user-controlled inputs, allowing an attacker to cause a potential victim to supply a malicious content to a vulnerable web application, which is then reflected to the victim and executed by the web browser, resulting in...

CVE-2021-33696

SAP BusinessObjects Business Intelligence Platform Crystal Report, versions - 420, 430, does not sufficiently encode user controlled inputs and therefore an authorized attacker can exploit a XSS vulnerability, leading to non-permanently deface or modify displayed content from a Web site...

CVE-2020-6257

SAP Business Objects Business Intelligence Platform CMC and BI Launchpad 4.2 does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability...

CVE-2020-6213

SAP NetWeaver AS ABAP Business Server Pages Test Application SBSPEXTPHTMLB, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, is vulnerable to reflected Cross-Site Scripting XSS via different URL parameters as it does not sufficiently encode user controlled inputs...

CVE-2019-0326

SAP BusinessObjects Business Intelligence Platform BI Workspace Enterprise, versions 4.1, 4.2, 4.3, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...

CVE-2018-18776

Microstrategy Web, version 7, does not sufficiently encode user-controlled inputs, resulting in a Cross-Site Scripting XSS vulnerability via the admin/admin.asp ShowAll parameter. NOTE: this is a deprecated product...

CVE-2018-2472

SAP BusinessObjects Business Intelligence Platform 4.10 and 4.20 Web Intelligence DHTML client does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...

CVE-2018-2415

SAP NetWeaver Application Server Java Web Container and HTTP Service Engine API, from 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50; J2EE Engine Server Core 7.11, 7.30, 7.31, 7.40, 7.50 do not sufficiently encode user controlled inputs, resulting in a content spoofing vulnerability when error pages are...