EUVD-2021-29663

Malicious code in bioql PyPI...

CVE-2020-26221

touchbase.ai before version 2.0 is vulnerable to Cross-Site Scripting XSS. The vulnerability allows an attacker to send malicious JavaScript code which could result in hijacking of the user's cookie/session tokens, redirecting the user to a malicious webpage and performing unintended browser...

CVE-2024-36229

Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting XSS vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue typically...

CVE-2024-21497

Versions of the package github.com/greenpau/caddy-security are vulnerable to Open Redirect via the redirecturl parameter. An attacker could perform a phishing attack and trick users into visiting a malicious website by crafting a convincing URL with this parameter. To exploit this vulnerability,...

CVE-2021-41541

A vulnerability has been identified in Climatix POL909 AWB module All versions V11.44, Climatix POL909 AWM module All versions V11.36. The Group Management page of affected devices is vulnerable to cross-site scripting XSS. The vulnerability allows an attacker to send malicious JavaScript code...

Cross site scripting

A vulnerability has been identified in Climatix POL909 AWB module All versions V11.44, Climatix POL909 AWM module All versions V11.36. The User Management page of affected devices is vulnerable to cross-site scripting XSS. The vulnerability allows an attacker to send malicious JavaScript code whi...

CVE-2021-42703

This vulnerability could allow an attacker to send malicious Javascript code resulting in hijacking of the user’s cookie/session tokens, redirecting the user to a malicious webpage, and performing unintended browser action...

CVE-2021-42703

This vulnerability could allow an attacker to send malicious Javascript code resulting in hijacking of the user’s cookie/session tokens, redirecting the user to a malicious webpage, and performing unintended browser action...

Deserialization of untrusted data

This vulnerability could allow an attacker to send malicious Javascript code resulting in hijacking of the user’s cookie/session tokens, redirecting the user to a malicious webpage, and performing unintended browser action...

CVE-2021-22676

UserExcelOut.asp within WebAccess/SCADA is vulnerable to cross-site scripting XSS, which could allow an attacker to send malicious JavaScript code. This could result in hijacking of cookie/session tokens, redirection to a malicious webpage, and unintended browser action on the WebAccess/SCADA...

CVE-2020-26221

touchbase.ai before version 2.0 is vulnerable to Cross-Site Scripting XSS. The vulnerability allows an attacker to send malicious JavaScript code which could result in hijacking of the user's cookie/session tokens, redirecting the user to a malicious webpage and performing unintended browser...

Cross site scripting

touchbase.ai before version 2.0 is vulnerable to Cross-Site Scripting XSS. The vulnerability allows an attacker to send malicious JavaScript code which could result in hijacking of the user's cookie/session tokens, redirecting the user to a malicious webpage and performing unintended browser...

VulnCheck KEV: CVE-2019-16072

An OS command injection vulnerability in the discoverandmanage CGI script in NETSAS Enigma NMS 65.0.0 and prior allows an attacker to execute arbitrary code because of improper neutralization of shell metacharacters in the ipaddress variable within an snmpbrowser action...