EUVD-2025-22897

Malicious code in bioql PyPI...

Malicious code in react-native-chorus-player (npm)

The package react-native-chorus-player was found to contain malicious code...

MAL-2025-31810 Malicious code in react-native-chorus-player (npm)

The package react-native-chorus-player was found to contain malicious code...

CVE-2025-40730

HTML injection in Vox Media's Chorus CMS. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL using the 'q' parameter in '/search'. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to...

CVE-2025-40730

The CVE-2025-40730 entry concerns HTML injection in Vox Media’s Chorus CMS. The vulnerability arises from an injection in the /search?q parameter, allowing an attacker to execute JavaScript in a victim’s browser and potentially steal session cookies or perform actions on behalf of the user. Affec...

CVE-2025-40730 HTML injection in Vox Media's Chorus CMS

HTML injection in Vox Media's Chorus CMS. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL using the 'q' parameter in '/search'. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to...

CVE-2025-40730 HTML injection in Vox Media's Chorus CMS

HTML injection in Vox Media's Chorus CMS. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL using the 'q' parameter in '/search'. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to...

Vox Media Chorus CMS 跨站脚本漏洞

Vox Media Chorus CMS is a content publishing system from Vox Media, Inc. Vox Media Chorus CMS suffers from a cross-site scripting vulnerability that originates from HTML injection and could lead to cross-site scripting attacks...

PT-2025-31063 · Vox Media · Horus Cms

Name of the Vulnerable Software and Affected Versions: Vox Media Chorus CMS affected versions not specified Description: An HTML injection issue exists in Vox Media’s Chorus CMS. An attacker can execute JavaScript code in a victim’s browser by sending a malicious URL utilizing the q parameter in...

CVE-2023-29062

The Operating System hosting the FACSChorus application is configured to allow transmission of hashed user credentials upon user action without adequately validating the identity of the requested resource. This is possible through the use of LLMNR, MBT-NS, or MDNS and will result in NTLMv2 hashes...

CVE-2023-29061

There is no BIOS password on the FACSChorus workstation. A threat actor with physical access to the workstation can potentially exploit this vulnerability to access the BIOS configuration and modify the drive boot order and BIOS pre-boot authentication...

PT-2023-22117 · Unknown · Facschorus

Name of the Vulnerable Software and Affected Versions: FACSChorus workstation operating system affected versions not specified Description: The issue concerns the lack of restriction on devices that can interact with the USB ports of the FACSChorus workstation operating system. This could allow a...

chorus-a.de Improper Access Control vulnerability OBB-3778162

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

login1.chorus.co.nz Cross Site Scripting vulnerability OBB-2829957

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

chorus-a.de Improper Access Control vulnerability OBB-2405515

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

durhamshoreschorus.com XSS vulnerability

Open Bug Bounty ID: OBB-500994 Description| Value ---|--- Affected Website:| durhamshoreschorus.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Disclosure Standard:| Coordinated...

indianapoliswomenschorus.org XSS vulnerability

Open Bug Bounty ID: OBB-481386 Description| Value ---|--- Affected Website:| indianapoliswomenschorus.org Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Disclosure Standard:| Coordinated...

Kodi Local File Inclusion Information Disclosure

The Kodi media player server running on the remote host is affected by an information disclosure vulnerability in the Chorus web interface due to improper validation of user-supplied input to the /image/ script, specifically when path traversal is employed e.g., %2F in the URL. An unauthenticated...

DEBIAN-CVE-2017-5982

Directory traversal vulnerability in the Chorus2 2.4.2 add-on for Kodi allows remote attackers to read arbitrary files via a %2E%2E%252e encoded dot dot slash in the image path, as demonstrated by image/image%3A%2F%2F%2e%2e%252fetc%252fpasswd...

Kodi 17.1 Local File Inclusion

Exploit Title: Kodi - Local File Inclusion Date: 12 February 2017 Exploit Author: Eric Flokstra Vendor Homepage: https://kodi.tv/ Software Link: https://kodi.tv/download/ Version: Kodi version 17.1 Krypton, Chorus version 2.4.2 Tested on: Linux CVE: CVE-2017-5982 Kodi formerly XBMC is a free and...