EUVD-2026-32627

RELATE is a web-based courseware package. Versions prior to commit 555f0efb1c5bd7531c07cd73724d7e566a81f620 have a stored cross-site scripting vulnerability that allows any enrolled student to execute arbitrary JavaScript in an administrator's browser session, potentially leading to full admin...

CVE-2026-42197

CVE-2026-42197 affects RELATE, a web-based courseware package. Versions prior to commit 555f0efb1c5bd7531c07cd73724d7e566a81f620 are vulnerable to a stored XSS via an unprivileged user profile. The vulnerability arises in the get_user() method of ParticipationAdmin, which renders user-controlled ...

CVE-2026-32891

Anchorr is a Discord bot for requesting movies and TV shows and receiving notifications when items are added to a media server. Versions 1.4.1 and below contain a stored XSS vulnerability in the Jellyseerr user selector. Jellyseerr allows any account holder to execute arbitrary JavaScript in the...

EUVD-2017-6675

Malware in sbrugna...

EUVD-2025-25890

Malicious code in bioql PyPI...

PT-2025-34846 · Clininet · Clininet

Name of the Vulnerable Software and Affected Versions: CliniNET affected versions not specified Description: Unauthenticated access to the /cgi-bin/CliniNET.prd/GetActiveSessions.pl endpoint allows takeover of any user session logged into the system, including those with administrative privileges...

CVE-2017-15215

Reflected XSS vulnerability in Shaarli v0.9.1 allows an unauthenticated attacker to inject JavaScript via the searchtags parameter to index.php. If the victim is an administrator, an attacker can for example take over the admin session or change global settings or add/delete links. It is also...

ItSourceCode 'Online Blood Bank Management System in PHP" Stored XSS

Stored XSS in Online Blood Bank Management System V1.0...

WordPress 跨站脚本漏洞

WordPress plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in WordPress plugin GDPR versions prior to 1.9.26. An attacker utilizing Javascript code may be able to execute on the victim's browser. If the victim is an administrator with a valid...

CVE-2022-22115

In Teedy, versions v1.5 through v1.9 are vulnerable to Stored Cross-Site Scripting XSS in the name of a created Tag. Since the Tag name is not being sanitized properly in the edit tag page, a low privileged attacker can store malicious scripts in the name of the Tag. In the worst case, the victim...

CVE-2017-15215

Reflected XSS vulnerability in Shaarli v0.9.1 allows an unauthenticated attacker to inject JavaScript via the searchtags parameter to index.php. If the victim is an administrator, an attacker can for example take over the admin session or change global settings or add/delete links. It is also...

CVE-2017-15215

Reflected XSS vulnerability in Shaarli v0.9.1 allows an unauthenticated attacker to inject JavaScript via the searchtags parameter to index.php. If the victim is an administrator, an attacker can for example take over the admin session or change global settings or add/delete links. It is also...

CVE-2017-15215

Reflected XSS vulnerability in Shaarli v0.9.1 allows an unauthenticated attacker to inject JavaScript via the searchtags parameter to index.php. If the victim is an administrator, an attacker can for example take over the admin session or change global settings or add/delete links. It is also...

XT:Commerce < 3.04 SP2.1 XSS Vulnerability

No description provided by source. ---------------------------------------------------------------------------------- Cross-Site-Scripting XT:Commerce 3.04 SP2.1 ---------------------------------------------------------------------------------- Affected Software .: XT:Commerce 3.04 SP2.1 Venedor...

XT:Commerce &lt; 3.04 SP2.1 - Cross-Site Scripting

---------------------------------------------------------------------------------- Cross-Site-Scripting XT:Commerce alertdocument.cookie and place an order. When the administrator opens the order in the backend of the shop, the javascript will be executed. By getting the cookie of the admin, the...