CVE-2025-1484

A vulnerability exists in the media upload component of the Asset Suite versions listed below. If successfully exploited an attacker could impact the confidentiality or integrity of the system. An attacker can use this vulnerability to construct a request that will cause JavaScript code supplied ...

EUVD-2025-5539

Malicious code in bioql PyPI...

GHSA-9Q4R-X2HJ-JMVR copyparty has DOM-Based XSS vulnerability when displaying multimedia metadata

Summary An unauthenticated attacker is able to execute arbitrary JavaScript code in a victim's browser due to improper sanitization of multimedia tags in music files, including m3u files. Details Multimedia metadata is rendered in the web-app without sanitization. This can be exploited in two way...

CVE-2025-4779

lunary-ai/lunary versions prior to 1.9.24 are vulnerable to stored cross-site scripting XSS. An unauthenticated attacker can inject malicious JavaScript into the v1/runs/ingest endpoint by adding an empty citations field, triggering a code path where dangerouslySetInnerHTML is used to render...

CVE-2018-1000847

FreshDNS version 1.0.3 and prior contains a Cross Site Scripting XSS vulnerability in Account data form; Zone editor that can result in Execution of attacker's JavaScript code in victim's session. This attack appear to be exploitable via The attacker stores a specially crafted string as their Ful...

CVE-2024-51959

There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required...