CVE-2025-55266

CVE-2025-55266 concerns HCL Aftermarket DPC, where a session fixation flaw could allow an attacker to hijack a user session and perform unauthorized transactions on behalf of the user. The provided documents identify the impact (session takeover) and the affected product but do not specify affect...

EUVD-2024-2677

Malicious code in bioql PyPI...

EUVD-2024-32155

Malicious code in bioql PyPI...

EUVD-2024-34569

Malicious code in bioql PyPI...

CVE-2025-30039

Technical details about CVE-2025-30039 are not publicly available in the provided documents; no explicit affected products, versions, or remediation are given in connected documents. Monitor for updates.

Graylog Allows Stored Cross-Site Scripting via Files Plugin and API Browser

Impact Two minor vulnerabilities were identified in the Graylog2 enterprise server, which can be combined to carry out a stored cross-site scripting attack. An attacker with the permission FILESCREATE can exploit these vulnerabilities to upload arbitrary Javascript code to the Graylog2 server,...

PT-2025-20319 · Maven · Org.Graylog2:Graylog2-Server

Impact Two minor vulnerabilities were identified in the Graylog2 enterprise server, which can be combined to carry out a stored cross-site scripting attack. An attacker with the permission FILES CREATE can exploit these vulnerabilities to upload arbitrary Javascript code to the Graylog2 server,...

CVE-2025-46549 Yeswiki Vulnerable to Unauthenticated Reflected Cross-site Scripting

YesWiki is a wiki system written in PHP. Prior to version 4.5.4, an attacker can use a reflected cross-site scripting attack to steal cookies from an authenticated user by having them click on a malicious link. Stolen cookies allow the attacker to take over the user’s session. This vulnerability...

CVE-2024-8314

An Incorrect Implementation of Authentication Algorithm and Exposure of Data Element to Wrong Ses-sion vulnerability in the session handling used in B&R APROL 4.4-00P5 may allow an authenticated network attacker to take over a currently active user session without login credentials...

CVE-2024-8314

CVE-2024-8314 affects B&R APROL

Cross Site Scripting

phpoffice/phpspreadsheet is vulnerable to Cross Site ScriptingXSS. The vulnerability is due to insufficient sanitization of spreadsheet styling information by \PhpOffice\PhpSpreadsheet\Writer\Html, which fails to remove or neutralize potentially harmful content before rendering it in HTML. It...

PT-2023-7322 · Unknown · Alumne Lms

Name of the Vulnerable Software and Affected Versions: Alumne LMS version 4.0.0.1.08 Description: A Cross-Site Scripting XSS issue has been found in Alumne LMS, where an attacker could exploit the localidad parameter to inject a custom JavaScript payload. This could allow the attacker to partiall...

CVE-2021-27416 Cross-site scripting in Hitachi ABB Power Grids Ellipse EAM

An attacker could exploit this vulnerability in Hitachi ABB Power Grids Ellipse Enterprise Asset Management EAM versions prior to and including 9.0.25 by tricking a user to click on a link containing malicious code that would then be run by the web browser. This can result in the compromise of...