311 matches found
EUVD-2018-13358
Malware in sbrugna...
EUVD-2021-15889
Malware in sbrugna...
EUVD-2019-5890
Malware in sbrugna...
EUVD-2019-6242
Malware in sbrugna...
EUVD-2021-29625
Malicious code in bioql PyPI...
EUVD-2021-29623
Malicious code in bioql PyPI...
EUVD-2022-35232
Malicious code in bioql PyPI...
EUVD-2022-3314
Malicious code in bioql PyPI...
CVE-2022-30017
Rescue Dispatch Management System 1.0 suffers from Stored XSS, leading to admin account takeover via cookie stealing...
CVE-2021-42662
A Stored Cross Site Scripting XSS vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP/MySQL via the Holiday reason parameter. An attacker can leverage this vulnerability in order to run javascript commands on the web server surfers behalf, which can lead to...
CVE-2021-29250
BTCPay Server through 1.0.7.0 suffers from a Stored Cross Site Scripting XSS vulnerability within the POS Add Products functionality. This enables cookie stealing...
CVE-2020-27885
Cross-Site Scripting XSS vulnerability on WSO2 API Manager 3.1.0. By exploiting a Cross-site scripting vulnerability the attacker can hijack a logged-in user’s session by stealing cookies which means that a malicious hacker can change the logged-in user’s password and invalidate the session of th...
CVE-2020-26046
FUEL CMS 1.4.11 has stored XSS in Blocks/Navigation/Site variables. This could lead to cookie stealing and other malicious actions. This vulnerability can be exploited with an authenticated account and also impact other visitors...
CVE-2019-14750
An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. Stored XSS exists in setup/install.php. It was observed that no input sanitization was provided in the firstname and lastname fields of the application. The insertion of malicious queries in those fields leads to the...
CVE-2019-1010016
Dolibarr 6.0.4 is affected by: Cross Site Scripting XSS. The impact is: Cookie stealing. The component is: htdocs/product/stats/card.php. The attack vector is: Victim must click a specially crafted link sent by the attacker...
Security Bulletin:Vulnerabiilties in swagger-ui and Bootstrap affect watsonx.data
Summary swagger-ui is vulnerable to conduct spoofing attacks. Bootstrap is vulnerable to cross-site scripting. These could affect watsonx.data. Vulnerability Details CVEID:CVE-2018-25031 DESCRIPTION: swagger-ui could allow a remote attacker to conduct spoofing attacks. By persuading a victim to...
CVE-2022-1411
Unrestructed file upload in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. Attacker can send malicious files to the victims is able to retrieve the stored data from the web application without that data being made safe to render in the browser and steals victim's cookie leads to...
MAL-2024-12308 Malicious code in my-main-manager (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 ac004ff76ebc011d60ae86c56b7f57ddb6ac0d24ff0ddd9ad777319775f79282 While the package appears to be a manager for Windows service, the linked executable is an infostealer with capabilities like cookie stealing ang keylogger. Th...
CVE-2021-3988 Cross-site Scripting (XSS) in janeczku/calibre-web
A Cross-site Scripting XSS vulnerability exists in janeczku/calibre-web, specifically in the file editbooks.js. The vulnerability occurs when editing book properties, such as uploading a cover or a format. The affected code directly inserts user input into the DOM without proper sanitization,...
UnoPim Cross-site Scripting vulnerability
UnoPim 0.1.3 and below is vulnerable to Cross Site Scripting XSS in the Create User function. The vulnerability allows attackers to perform XSS in SVG file extension, which can be used to stealing cookies...