79 matches found
CVE-2026-45551 Group-Office: Authenticated Stored XSS in Administrator Context via Arbitrary Cross-User Setting Write
Group-Office is an enterprise customer relationship management and groupware tool. Prior to 26.0.25, 25.0.100, and 6.8.165, GroupOffice allows authenticated users to persist arbitrary legacy settings for any userid via index.php?r=core/saveSetting. A separate client-side sink in the email module...
cross-site-scripting-lab
XSS Lab Documentation Overview What Is Cross-Site Scr...
CVE-2026-33061
CVE-2026-33061 affects Jexactyl (previously named Exactyl), a configurable game management panel and billing system. The issue arises from injecting server-side objects into client-side JavaScript via resources/views/templates/wrapper.blade.php, where unescaped {!! json_encode(...) !!} is used wi...
CVE-2025-9292
A permissive web security configuration may allow cross-origin restrictions enforced by modern browsers to be bypassed under specific circumstances. Exploitation requires the presence of an existing client-side injection vulnerability and user access to the affected web interface. Successful...
CVE-2025-9292
A permissive web security configuration may allow cross-origin restrictions enforced by modern browsers to be bypassed under specific circumstances. Exploitation requires the presence of an existing client-side injection vulnerability and user access to the affected web interface. Successful...
CVE-2025-9292
A permissive web security configuration may allow cross-origin restrictions enforced by modern browsers to be bypassed under specific circumstances. Exploitation requires the presence of an existing client-side injection vulnerability and user access to the affected web interface. Successful...
CVE-2025-9292 Permissive Web Security Policy Allows Cross-Origin Access Control Bypass on Omada Cloud Controllers
A permissive web security configuration may allow cross-origin restrictions enforced by modern browsers to be bypassed under specific circumstances. Exploitation requires the presence of an existing client-side injection vulnerability and user access to the affected web interface. Successful...
CVE-2025-9292
The CVE-2025-9292 affects Omada Cloud Controllers (TP-Link). A permissive web security policy may bypass cross-origin restrictions under specific conditions, enabling potentially unauthorized disclosure of sensitive data when a client-side injection vulnerability is present and the attacker has a...
PT-2026-7955
A permissive web security configuration may allow cross-origin restrictions enforced by modern browsers to be bypassed under specific circumstances. Exploitation requires the presence of an existing client-side injection vulnerability and user access to the affected web interface. Successful...
Client-Side Content Injection (XSS)
dotnetnuke.core is vulnerable to Client-Side Content Injection XSS. The vulnerability is due to improper validation of query parameters, which allows an attacker to load and exploit vulnerable themes on client browsers without the site owner’s knowledge...
EUVD-2020-30257
Malware in sbrugna...
EUVD-2024-52722
Malicious code in bioql PyPI...
EUVD-2024-52724
Malicious code in bioql PyPI...
EUVD-2024-35000
Malicious code in bioql PyPI...
EUVD-2024-52723
Malicious code in bioql PyPI...
EUVD-2024-52996
Malicious code in bioql PyPI...
EUVD-2024-52720
Malicious code in bioql PyPI...
EUVD-2024-52721
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2020-13262
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Client-Side code injection through Mermaid markup in GitLab CE/EE 12.9 and later through 13.0.1 allows a specially crafted Mermaid payload to PUT requests on...
CVE-2024-54999
MonicaHQ v4.1.2 was discovered to contain a Client-Side Injection vulnerability via the lastname parameter the General Information module...