133 matches found
GHSA-R29H-37FJ-X2W6 Open WebUI Has Stored Cross-Site Scripting in SVG Renderer
Summary There is a Cross-Site Scripting vulnerability in Open WebUI SVG renderer implementation. Details It is possible permanently save any HTML/JavaScript code in the application, which can be then executed in the context of the application domain. This behaviour can be used to extract and stea...
EUVD-2026-30155
The HCL BigFix SCM Reporting site contains an outdated and unsupported version of the jQuery 1.x library. Since jQuery 1.x has reached end-of-life and no longer receives security updates, it may expose the application to publicly known security weaknesses and increase the risk of client-side...
HCL BigFix SCM Reporting 安全漏洞
HCL BigFix SCM Reporting is a security configuration management reporting component developed by the Indian company HCL. HCL BigFix SCM Reporting has a security vulnerability that stems from the use of outdated and unsupported jQuery 1.x libraries. This vulnerability may increase the risk of...
EUVD-2026-29487
External control of a file name in Ivanti Xtraction before version 2026.2 allows a remote authenticated attacker to read sensitive files and write arbitrary HTML files to a web directory, leading to information disclosure and possible client-side attacks...
CVE-2026-8043
External control of a file name in Ivanti Xtraction before version 2026.2 allows a remote authenticated attacker to read sensitive files and write arbitrary HTML files to a web directory, leading to information disclosure and possible client-side attacks...
CVE-2026-8043
External control of a file name in Ivanti Xtraction before version 2026.2 allows a remote authenticated attacker to read sensitive files and write arbitrary HTML files to a web directory, leading to information disclosure and possible client-side attacks...
CVE-2026-8043
External control of a file name in Ivanti Xtraction before version 2026.2 allows a remote authenticated attacker to read sensitive files and write arbitrary HTML files to a web directory, leading to information disclosure and possible client-side attacks...
CVE-2026-8043
Ivanti Xtraction is affected prior to version 2026.2 by CVE-2026-8043 due to external control of a file name. An authenticated remote attacker can read sensitive files and write arbitrary HTML files to a web directory, enabling information disclosure and potential client-side attacks. The vulnera...
CVE-2026-8043
External control of a file name in Ivanti Xtraction before version 2026.2 allows a remote authenticated attacker to read sensitive files and write arbitrary HTML files to a web directory, leading to information disclosure and possible client-side attacks...
Ivanti Xtraction 安全漏洞
Ivanti Xtraction is a data analysis and visualization reporting platform developed by the American company Ivanti, designed for IT operations and service management scenarios. Versions of Ivanti Xtraction prior to 2026.2 contained security vulnerabilities. These vulnerabilities stemmed from...
EUVD-2021-34760
Affiliate Pro 1.7 contains multiple reflected cross-site scripting vulnerabilities in the index module's input fields. Attackers can inject malicious scripts through fullname, username, and email parameters to execute client-side attacks and manipulate browser requests...
CVE-2021-47911
Affiliate Pro 1.7 contains multiple reflected cross-site scripting vulnerabilities in the index module's input fields. Attackers can inject malicious scripts through fullname, username, and email parameters to execute client-side attacks and manipulate browser requests...
PT-2026-5556
Affiliate Pro 1.7 contains multiple reflected cross-site scripting vulnerabilities in the index module's input fields. Attackers can inject malicious scripts through fullname, username, and email parameters to execute client-side attacks and manipulate browser requests...
CVE-2025-69517
An HTML injection vulnerability in Amidaware Inc Tactical RMM v1.3.1 and earlier allows authenticated users to inject arbitrary HTML content during the creation of a new agent via the POST /api/v3/newagent/ endpoint. The agentid parameter accepts up to 255 characters and is improperly sanitized...
EUVD-2024-55313
Chyrp 2.5.2 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts into post titles. Attackers can craft payloads in the title field that will execute when the post is viewed by other users, potentially stealing session cookies or performi...
PT-2025-50534
Name of the Vulnerable Software and Affected Versions Chyrp version 2.5.2 Description An authenticated user can inject malicious scripts into post titles. This is a stored cross-site scripting issue. An attacker can create payloads within the title field that will execute when a post is viewed by...
CVE-2025-63417
A Stored Cross-Site Scripting XSS vulnerability in the chat functionality of the SelfBest platform 2023.3 allows authenticated attackers to inject arbitrary web scripts or HTML via the chat message input field. This malicious content is stored and then executed in the context of other users'...
EUVD-2025-37918
A Stored Cross-Site Scripting XSS vulnerability in the chat functionality of the SelfBest platform 2023.3 allows authenticated attackers to inject arbitrary web scripts or HTML via the chat message input field. This malicious content is stored and then executed in the context of other users'...
EUVD-2018-18297
Malware in sbrugna...
EUVD-2018-1945
Malware in sbrugna...