EUVD-2020-5903

Malware in sbrugna...

EUVD-2025-25630

Malicious code in bioql PyPI...

CVE-2025-43765

A Stored cross-site scripting vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.13 and 7.4 GA through update 92 allows an remote non-authenticated attacker to inject...

CVE-2025-43765

A Stored cross-site scripting vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.13 and 7.4 GA through update 92 allows an remote non-authenticated attacker to inject...

CVE-2023-34103 Stored XSS (Cross Site Scripting) in html content based fields of avo

Avo is an open source ruby on rails admin panel creation framework. In affected versions some avo fields are vulnerable to Cross Site Scripting XSS when rendering html based content. Attackers do need form edit privilege in order to successfully exploit this vulnerability, but the results are...

CVE-2023-25439

Stored Cross Site Scripting XSS vulnerability in Square Pig FusionInvoice 2023-1.0, allows attackers to execute arbitrary code via the description or content fields to the expenses, tasks, and customer details...

PT-2022-23367 · Amasty +1 · Amasty Blog Pro +1

Name of the Vulnerable Software and Affected Versions: Amasty Blog Pro version 2.10.3 Description: The blog-post creation functionality in the Amasty Blog Pro plugin for Magento 2 allows injection of JavaScript code in the short content and full content fields, leading to XSS attacks against admi...

PluXml 跨站脚本漏洞

PluXml is a free and open source content management system that does not require a database to work. A security vulnerability exists in PluXml v5.8.7 that allows an attacker to execute arbitrary web script or HTML via a crafted payload in the content and thumbnail parameters...

Cross site scripting

The Entity Embed module provides a filter to allow embedding entities in content fields. In certain circumstances, the filter could allow an unprivileged user to inject HTML into a page when it is accessed by a trusted user with permission to embed entities. In some cases, this could lead to...

CVE-2020-13673

The Entity Embed module provides a filter to allow embedding entities in content fields. In certain circumstances, the filter could allow an unprivileged user to inject HTML into a page when it is accessed by a trusted user with permission to embed entities. In some cases, this could lead to...

Chamilo LMS 跨站脚本漏洞

Chamilo LMS is an open source online learning and collaboration system from the Chamilo Association that supports the creation of instructional content, remote training, and online question answering. Chamilo LMS is vulnerable to a cross-site scripting vulnerability that could be exploited to...

CVE-2020-15154

baserCMS 4.3.6 and earlier is affected by Cross Site Scripting XSS via arbitrary script execution. Admin access is required to exploit this vulnerability. The affected components are: contentfields.php, contentinfo.php, contentoptions.php, contentrelated.php, indexlisttree.php, jquery.bcTree.js...

Cross Site Scripting in baserCMS

baserCMS 4.3.6 and earlier is affected by Cross Site Scripting XSS. Impact: XSS via Arbitrary script execution. Attack vector is: Administrator must be logged in. Components are: contentfields.php, contentinfo.php, contentoptions.php, contentrelated.php, indexlisttree.php, jquery.bcTree.js Tested...

PT-2018-9852 · Wuzhi · Wuzhi Cms

Name of the Vulnerable Software and Affected Versions: WUZHI CMS version 4.1.0 Description: An issue was discovered in the content-management feature, which has Stored XSS via the title or content section. Recommendations: For WUZHI CMS version 4.1.0, update to a newer version that contains a fix...

Multiple Cross-Site Scripting Vulnerabilities in MetalGenix GeniXCMS

MetalGenix GeniXCMS is a PHP-based content management system and framework CMSF from MetalGenix Indonesia, which provides modules for user management, content management and menu management. A cross-site scripting vulnerability exists in MetalGenix GeniXCMS version 0.0.3. The vulnerability exists...