CVE-2021-33179

The general user interface in Nagios XI versions prior to 5.8.4 is vulnerable to authenticated reflected cross-site scripting. An authenticated victim, who accesses a specially crafted malicious URL, would unknowingly execute the attached payload...

EUVD-2019-0834

Malware in sbrugna...

EUVD-2018-8642

Malware in sbrugna...

EUVD-2019-4623

Malware in sbrugna...

EUVD-2019-10695

Malware in sbrugna...

EUVD-2019-16200

Malware in sbrugna...

EUVD-2024-47515

Malicious code in bioql PyPI...

EUVD-2024-16347

Malicious code in bioql PyPI...

EUVD-2021-9105

Malicious code in bioql PyPI...

EUVD-2023-43235

Malicious code in bioql PyPI...

EUVD-2023-33404

Malicious code in bioql PyPI...

EUVD-2022-24917

Malicious code in bioql PyPI...

EUVD-2023-31048

Malicious code in bioql PyPI...

EUVD-2022-38844

Malicious code in bioql PyPI...

CVE-2025-4439

CVE-2025-4439 : In GitLab CE/EE, versions 15.10 up to before 18.0.5, 18.1 up to before 18.1.3, and 18.2 up to before 18.2.1 are affected by a cross-site scripting vulnerability (CVE-2025-4439) described as an issue of improper neutralization of input during web page generation. The flaw could all...

CVE-2025-49462

Cross-site scripting in certain Zoom Clients before version 6.4.5 may allow an authenticated user to conduct a disclosure of information via network access...

CVE-2024-9017 PeepSo Core: Groups <= 6.4.6.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Group Description

The PeepSo Core: Groups plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Group Description field in all versions up to, and including, 6.4.6.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2025-3899

CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists in Certificates page on Webserver that could cause an unvalidated data injected by authenticated malicious user leading to modify or read data in a victim’s browser...

CVE-2025-20088

Mattermost versions 10.2.x = 10.2.0, 9.11.x = 9.11.5, 10.0.x = 10.0.3, 10.1.x = 10.1.3 fail to properly validate post props which allows a malicious authenticated user to cause a crash via a malicious post...

CVE-2022-28599

A stored cross-site scripting XSS vulnerability exists in FUEL-CMS 1.5.1 that allows an authenticated user to upload a malicious .pdf file which acts as a stored XSS payload. If this stored XSS payload is triggered by an administrator it will trigger a XSS attack...