450 matches found
EUVD-2006-3943
Malware in sbrugna...
EUVD-2008-7207
Malware in sbrugna...
EUVD-2007-3481
Malware in sbrugna...
EUVD-2021-0561
Malware in sbrugna...
EUVD-2024-44259
Malicious code in bioql PyPI...
EUVD-2022-33571
Malicious code in bioql PyPI...
EUVD-2025-30918
Malicious code in bioql PyPI...
EUVD-2023-42139
Malicious code in bioql PyPI...
EUVD-2025-31405
Malicious code in bioql PyPI...
CVE-2025-9816
The WP Statistics – The Most Popular Privacy-Friendly Analytics Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the User-Agent Header in all versions up to, and including, 14.5.4 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2025-9816
The WP Statistics – The Most Popular Privacy-Friendly Analytics Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the User-Agent Header in all versions up to, and including, 14.5.4 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2025-9816 WP Statistics <= 14.5.4 - Unauthenticated Stored Cross-Site Scripting via User-Agent Header
The WP Statistics – The Most Popular Privacy-Friendly Analytics Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the User-Agent Header in all versions up to, and including, 14.5.4 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2025-9816 WP Statistics <= 14.5.4 - Unauthenticated Stored Cross-Site Scripting via User-Agent Header
The WP Statistics – The Most Popular Privacy-Friendly Analytics Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the User-Agent Header in all versions up to, and including, 14.5.4 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2025-9816
CVE-2025-9816 : WP Statistics for WordPress is affected by unauthenticated Stored Cross‑Site Scripting via the User‑Agent header in all versions up to 14.5.4. Root cause: insufficient input sanitization and output escaping. Impact: arbitrary script injection executed when users load injected page...
PT-2025-39709
Name of the Vulnerable Software and Affected Versions WP Statistics – The Most Popular Privacy-Friendly Analytics Plugin versions through 14.5.4 Description The software is susceptible to Stored Cross-Site Scripting through the User-Agent Header due to inadequate input sanitization and output...
WordPress plugin WP Statistics 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...
CVE-2025-57407
A stored cross-site scripting XSS vulnerability in the Admin Log Viewer of S-Cart =10.0.3 allows a remote authenticated attacker to inject arbitrary web script or HTML via a crafted User-Agent header. The script is executed in an administrator's browser when they view the security log page, which...
GP247 and S-Cart have a stored cross-site scripting (XSS) vulnerability
A stored cross-site scripting XSS vulnerability in the Admin Log Viewer of S-Cart =10.0.3 allows a remote authenticated attacker to inject arbitrary web script or HTML via a crafted User-Agent header. The script is executed in an administrator's browser when they view the security log page, which...
GHSA-46V4-5MC8-Q2CF GP247 and S-Cart have a stored cross-site scripting (XSS) vulnerability
A stored cross-site scripting XSS vulnerability in the Admin Log Viewer of S-Cart =10.0.3 allows a remote authenticated attacker to inject arbitrary web script or HTML via a crafted User-Agent header. The script is executed in an administrator's browser when they view the security log page, which...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the User-Agent header in the Admin Log Viewer. An attacker can execute arbitrary web scripts in an administrator's browser by injecting crafted input, which is rendered when the security log page is viewed...