CVE-2025-57681

The WorklogPRO - Timesheets for Jira plugin in Jira Data Center before version 4.23.6-jira10 and before version 4.23.5-jira9 allows users and attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability. The vulnerability is exploited via a specially crafted paylo...

CVE-2025-57681

The WorklogPRO - Timesheets for Jira plugin in Jira Data Center before version 4.23.6-jira10 and before version 4.23.5-jira9 allows users and attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability. The vulnerability is exploited via a specially crafted paylo...

CVE-2018-1000113

A cross-site scripting vulnerability exists in Jenkins TestLink Plugin 2.12 and earlier in TestLinkBuildAction/summary.jelly and others that allow an attacker who can control e.g. TestLink report names to have Jenkins serve arbitrary HTML and JavaScript...

EUVD-2003-0970

Malware in sbrugna...

EUVD-2007-2572

Malware in sbrugna...

EUVD-2015-2835

Malware in sbrugna...

EUVD-2019-17840

Malware in sbrugna...

EUVD-2004-0301

Malware in sbrugna...

EUVD-2008-5559

Malware in sbrugna...

EUVD-2004-2438

Malware in sbrugna...

EUVD-2022-3757

Malicious code in bioql PyPI...

MediaWiki >= 2.4.2 < 3.3.1 Multiple Vulnerabilities

MediaWiki is prone to multiple vulnerabilities. Note: This VT has been deprecated as it had targeted the wrong product. It is therefore no longer functional. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

CVE-2025-49578

Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. Various date messages returned by Language::userDate are inserted into raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. This impacts wikis where a group has the...

CVE-2023-47119

Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the stable branch and version 3.2.0.beta3 of the beta and tests-passed branches, some links can inject arbitrary HTML tags when rendered through our Onebox engine. The issue is patched in version 3.1.3 of the...

CVE-2022-46905

Insufficient processing of user input in WebSoft HCM 2021.2.3.327 allows an unauthenticated attacker to inject arbitrary HTML tags into the page processed by the user's browser, including scripts in the JavaScript programming language, which leads to Reflected XSS...

CVE-2020-29653

Froxlor through 0.10.22 does not perform validation on user input passed in the customermail GET parameter. The value of this parameter is reflected in the login webpage, allowing the injection of arbitrary HTML tags...

CVE-2019-10335

A stored cross site scripting vulnerability in Jenkins ElectricFlow Plugin 1.1.5 and earlier allowed attackers able to configure jobs in Jenkins or control the output of the ElectricFlow API to inject arbitrary HTML and JavaScript in the plugin-provided output on build status pages...

CVE-2011-5287

Multiple cross-site scripting XSS vulnerabilities in HESK before 2.4.1 allow remote attackers to inject arbitrary web script or HTML via the 1 hesksettingstmptitle or 2 hesklangENCODING parameter to inc/header.inc.php; the hesklangattempt parameter to 3 inc/assignmentsearch.inc.php, 4...

ROS-20240729-11

A vulnerability in the Cargo package manager of the Rust programming language involves the injection of arbitrary HTML after including it in a report generated by Cargo. Exploitation of the vulnerability could allow an attacker, acting remotely, to execute arbitrary code...

XWiki Commons 跨站脚本漏洞

XWiki Commons is a technology library shared by several other top XWiki projects of the French XWiki Foundation. A cross-site scripting vulnerability exists in XWiki Commons. An attacker can exploit this vulnerability to inject arbitrary HTML code...