EUVD-2021-11566

Malware in sbrugna...

EUVD-2021-11626

Malware in sbrugna...

EUVD-2022-24351

Malicious code in bioql PyPI...

CVE-2022-1001

The WP Downgrade WordPress plugin before 1.2.3 only perform client side validation of its "WordPress Target Version" settings, but does not sanitise and escape it server side, allowing high privilege users such as admin to perform Cross-Site attacks even when the unfilteredhtml capability is...

CVE-2025-46721

nosurf is cross-site request forgery CSRF protection middleware for Go. A vulnerability in versions prior to 1.2.0 allows an attacker who controls content on the target site, or on a subdomain of the target site either via XSS, or otherwise to bypass CSRF checks and issue requests on user's behal...

PT-2023-8750 · Quarkus · Quarkus

Name of the Vulnerable Software and Affected Versions: Quarkus affected versions not specified Description: The issue is related to the Quarkus Form Authentication session cookie Path attribute being set to /, which may lead to a cross-site attack and potentially result in Information Disclosure...

SAP Enable Now Cross-Site Scripting Vulnerability

SAP Enable Now is a collaborative content creation, management and sharing platform from SAP. The platform is primarily used for e-learning and training in SAP and non-SAP systems. A cross-site scripting vulnerability exists in SAP Enable Now 10 version 1. The vulnerability stems from failure to...

CVE-2022-27779

A vulnerability was found in curl. The issue occurs because curl wrongly allows HTTP cookies to be set for Top Level Domains TLDs if the hostname is provided with a trailing dot. This flaw allows arbitrary sites to set cookies that get sent to a different and unrelated site or domain by a malicio...

WordPress plugin Donorbox cross-site scripting vulnerability

WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. cross-site scripting vulnerability exists in versions prior to WordPress plugin Donorbox 7.1.7. The vulnerability stems from the fact that...

CVE-2022-1001

The WP Downgrade WordPress plugin before 1.2.3 only perform client side validation of its "WordPress Target Version" settings, but does not sanitise and escape it server side, allowing high privilege users such as admin to perform Cross-Site attacks even when the unfilteredhtml capability is...

CVE-2022-1001

CVE-2022-1001 corresponds to a stored Cross-Site Scripting vulnerability in the WordPress WP Downgrade plugin prior to version 1.2.3. The issue arises because the plugin validates the WordPress Target Version setting only on the client side and does not sanitize/escape it server-side, enabling hi...

CVE-2021-24714

The Import any XML or CSV File to WordPress plugin before 3.6.3 does not escape the Import's Title and Unique Identifier fields before outputting them in admin pages, which could allow high privilege users to perform Cross-Site attacks even when the unfilteredhtml capability is disallowed...

Cross site scripting

The Import any XML or CSV File to WordPress plugin before 3.6.3 does not escape the Import's Title and Unique Identifier fields before outputting them in admin pages, which could allow high privilege users to perform Cross-Site attacks even when the unfilteredhtml capability is disallowed...

CVE-2021-24714

CVE-2021-24714 affects the WordPress plugin WP All Import (Import any XML or CSV File to WordPress)

14 New XS-Leaks (Cross-Site Leaks) Attacks Affect All Modern Web Browsers

Researchers have discovered 14 new types of cross-site data leakage attacks against a number of modern web browsers, including Tor Browser, Mozilla Firefox, Google Chrome, Microsoft Edge, Apple Safari, and Opera, among others. Collectively known as "XS-Leaks," the browser bugs enable a malicious...

CVE-2021-24654

The User Registration WordPress plugin before 2.0.2 does not properly sanitise the userregistrationprofilepicurl value when submitted directly via the userregistrationupdateprofiledetails AJAX action. This could allow any authenticated user, such as subscriber, to perform Stored Cross-Site attack...

CVE-2021-24654

CVE-2021-24654 affects the WordPress plugin User Registration (before 2.0.2). The vulnerability arises because user_registration_profile_pic_url is not properly sanitised when submitted via the user_registration_update_profile_details AJAX action, allowing any authenticated user (e.g., a subscrib...

Pagekit 跨站脚本漏洞

Pagekit is a modular, lightweight CMS content management system. pageKit has a cross-site scripting vulnerability, which stems from the fact that SVG files may contain malicious scripts that can be exploited by attackers to trigger XSS attacks...

Mattermost Cross-Site Scripting Vulnerability

Mattermost is an open source alternative to Slack.Developed in the Go language, Mattermost is an open source team communication service. Mattermost suffers from a cross-site scripting vulnerability that can be exploited by unauthenticated attackers to trigger cross-site attacks...

EaseUS CMS Message Storage Type Cross-site Scripting Vulnerability

EECO CMS is a marketing enterprise website system based on SEO development. A stored cross-site scripting vulnerability exists in the EE CMS message, due to the program not filtering the title and so on. Allow attackers to exploit the vulnerability to carry out cross-site attacks...