CVE-2025-60298

Novel-Plus up to 5.2.4 was discovered to contain a Stored Cross-Site Scripting XSS vulnerability via the /author/updateIndexName endpoint. This vulnerability allows authenticated attackers to inject malicious JavaScript code through the indexName parameter, which gets stored in the database and...

EUVD-2025-32189

Malicious code in bioql PyPI...

CVE-2025-56154

htmly v3.0.8 is vulnerable to Cross Site Scripting XSS in the /author/:name endpoint of the affected application. The name parameter is not properly sanitized before being reflected in the HTML response, allowing attackers to inject arbitrary JavaScript payloads...

CVE-2025-56154

htmly v3.0.8 is vulnerable to Cross Site Scripting XSS in the /author/:name endpoint of the affected application. The name parameter is not properly sanitized before being reflected in the HTML response, allowing attackers to inject arbitrary JavaScript payloads...

CVE-2025-56154

htmly v3.0.8 is vulnerable to Cross Site Scripting XSS in the /author/:name endpoint of the affected application. The name parameter is not properly sanitized before being reflected in the HTML response, allowing attackers to inject arbitrary JavaScript payloads...

PT-2025-40403

Name of the Vulnerable Software and Affected Versions htmly version 3.0.8 Description The application is susceptible to Cross Site Scripting XSS due to insufficient sanitization of user-supplied input. Specifically, the /author/:name API endpoint does not properly sanitize the name parameter befo...

CVE-2025-56154

htmly v3.0.8 is vulnerable to Cross Site Scripting XSS in the /author/:name endpoint of the affected application. The name parameter is not properly sanitized before being reflected in the HTML response, allowing attackers to inject arbitrary JavaScript payloads...