EUVD-2025-34777

A vulnerability has been found in Apeman ID71 EN75.8.53.20. The affected element is an unknown function of the file /setalias.cgi. Such manipulation of the argument alias leads to cross site scripting. The attack can be executed remotely. The exploit has been disclosed to the public and may be...

EUVD-2025-28816

Malicious code in bioql PyPI...

CVE-2025-9718

CVE-2025-9718 affects O2OA up to 10.0-410, specifically the Personal Profile Page component’s file /x_processplatform_assemble_designer/jaxrs/process. The vulnerability arises from manipulating the name/alias argument, enabling cross-site scripting; the issue is remotely exploitable and has been ...

PT-2025-35392

Name of the Vulnerable Software and Affected Versions: O2OA versions up to 10.0-410 Description: A security flaw exists in O2OA that allows for cross site scripting. The issue is located in an unknown part of the file /x processplatform assemble designer/jaxrs/process within the Personal Profile...

CVE-2025-9234

A vulnerability was detected in Scada-LTS up to 2.7.8.1. The affected element is an unknown function of the file maintenanceevents.shtm. The manipulation of the argument Alias results in cross site scripting. The attack can be executed remotely. The exploit is now public and may be used...

CVE-2024-6303 Missing Authorization in Conduit

Missing authorization in Client-Server API in Conduit =0.7.0, allowing for any alias to be removed and added to another room, which can be used for privilege escalation by moving the admins alias to a room which they control, allowing them to run commands resetting passwords, siging json with the...

PT-2023-30462 · Dedecms · Dedecms

Name of the Vulnerable Software and Affected Versions: DedeCMS version 5.7.110 Description: A critical issue was found in DedeCMS, affecting the /uploads/tags.php file. The manipulation of the tag alias argument leads to SQL injection. This issue can be exploited remotely. Recommendations: For...