30 matches found
CVE-2025-13650
An attacker with access to the web application ZeusWeb of the provider Microcom in this case, registration is not necessary, but the action must be performed who has the vulnerable software could introduce arbitrary JavaScript by injecting an XSS payload into the ‘Surname’ parameter of the ‘Creat...
CVE-2019-11813
An issue was discovered in app/View/Elements/Events/View/valuefield.ctp in MISP before 2.4.107. There is persistent XSS via link type attributes with javascript:// links...
CVE-2019-12445
An issue was discovered in GitLab Community and Enterprise Edition 8.4 through 11.11. A malicious user could execute JavaScript code on notes by importing a specially crafted project file. It allows XSS...
EUVD-2018-9728
Malware in sbrugna...
EUVD-2019-7977
Malware in sbrugna...
EUVD-2019-5566
Malware in sbrugna...
EUVD-2019-5062
Malware in sbrugna...
EUVD-2018-12881
Malware in sbrugna...
EUVD-2017-4498
Malware in sbrugna...
EUVD-2022-43608
Malicious code in bioql PyPI...
EUVD-2022-27275
Malicious code in bioql PyPI...
EUVD-2023-58668
Malicious code in bioql PyPI...
EUVD-2023-27012
Malicious code in bioql PyPI...
EUVD-2022-32537
Malicious code in bioql PyPI...
EUVD-2025-16176
Malicious code in bioql PyPI...
CVE-2025-54783
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Versions 7.14.6 and below have a Reflected Cross-Site Scripting XSS vulnerability. This vulnerability allows an attacker to execute JavaScript code by modifying the HTTP Referer header to inclu...
CVE-2025-54783 SuiteCRM: Reflected Cross Site Scripting (XSS) through HTTP Referrer header
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Versions 7.14.6 and below have a Reflected Cross-Site Scripting XSS vulnerability. This vulnerability allows an attacker to execute JavaScript code by modifying the HTTP Referer header to inclu...
CVE-2025-7363 TitleIcon: Stored Cross-Site Scripting (XSS) via #titleicon_unicode parser function
The TitleIcon extension for MediaWiki is vulnerable to stored XSS through the titleiconunicode parser function. User input passed to this function is wrapped in an HtmlArmor object without sanitization and rendered directly into the page header, allowing attackers to inject arbitrary JavaScript...
CVE-2025-47056
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...
CVE-2024-57329
HortusFox v3.9 contains a stored XSS vulnerability in the "Add Plant" function. The name input field does not sanitize or escape user inputs, allowing attackers to inject and execute arbitrary JavaScript payloads...