Weblate 安全漏洞

Weblate is an open-source, copyleft, web-based free software system for continuous localization. Versions of Weblate prior to 5.17.1 contained a security vulnerability, which was caused by the Markdown renderer used in user comments and other user-generated content not properly cleaning certain...

CVE-2018-25249

CVE-2018-25249 concerns the MyBB My Arcade Plugin 1.3, which contains a persistent cross-site scripting (XSS) vulnerability in the arcade game score comments. The issue allows authenticated users to inject HTML/JavaScript payloads in the comment field, which execute when other users view or edit ...

EUVD-2018-11265

Malware in sbrugna...

EUVD-2018-6686

Malware in sbrugna...

EUVD-2005-2153

Malware in sbrugna...

EUVD-2015-6901

Malware in sbrugna...

EUVD-2021-0945

Malware in sbrugna...

EUVD-2023-1210

Malicious code in bioql PyPI...

EUVD-2025-18810

Malicious code in bioql PyPI...

EUVD-2024-19966

Malicious code in bioql PyPI...

CVE-2025-22828

CloudStack users can add and read comments annotations on resources they are authorised to access. Due to an access validation issue that affects Apache CloudStack versions from 4.16.0, users who have access, prior access or knowledge of resource UUIDs can list and add comments annotations to suc...

CVE-2023-30959

In Apollo change requests, comments added by users could contain a javascript URI link that when rendered will result in an XSS that require user interaction...

CVE-2020-23960

Multiple cross-site request forgery CSRF vulnerabilities in the Admin Console in Fork before 5.8.3 allows remote attackers to perform unauthorized actions as administrator to 1 approve the mass of the user's comments, 2 restoring a deleted user, 3 installing or running modules, 4 resetting the...

HackerOne: Private draft report exposure in a program a user is added as a viewer to

A vulnerability was identified where adding a user as a program viewer caused them to be subscribed to draft reports within that program. This subscription resulted in the program viewer receiving notifications for every comment posted on a draft report. The vulnerability led to the exposure of...

CVE-2024-22414

flaskBlog is a simple blog app built with Flask. Improper storage and rendering of the /user/ page allows a user's comments to execute arbitrary javascript code. The html template user.html contains the following code snippet to render comments made by a user: comment2|safe. Use of the "safe" tag...

Design/Logic Flaw

flaskBlog is a simple blog app built with Flask. Improper storage and rendering of the /user/ page allows a user's comments to execute arbitrary javascript code. The html template user.html contains the following code snippet to render comments made by a user: comment2|safe. Use of the "safe" tag...

CVE-2024-22414

CVE-2024-22414 affects the FlaskBlog app. The root cause is improper storage/rendering on the /user/ page due to using the template snippet {{comment[2]|safe}}, which disables HTML escaping via the safe filter. As a result, user comments can render arbitrary JavaScript, enabling XSS. A remediatio...

PT-2024-19405 · Flaskblog · Flaskblog

Name of the Vulnerable Software and Affected Versions: flaskBlog affected versions not specified Description: The issue is related to improper storage and rendering of user comments on the /user/ page, allowing arbitrary javascript code execution. This is due to the use of the |safe tag in the...

CVE-2023-30959

In Apollo change requests, comments added by users could contain a javascript URI link that when rendered will result in an XSS that require user interaction...

PT-2023-23087 · Apollo · Apollo

Name of the Vulnerable Software and Affected Versions: Apollo affected versions not specified Description: The issue allows comments added by users in Apollo change requests to contain a javascript URI link. When rendered, this link can result in a cross-site scripting XSS attack that requires us...