EUVD-2025-10903

Malicious code in bioql PyPI...

CVE-2025-22373

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in SicommNet BASEC on SaaS allows Reflected XSS, XSS Through HTTP Query Strings, Rendering of Arbitrary HTML and alternation of CSS Styles This issue affects BASEC: from 14 Dec 2021...

CVE-2025-22373 XSS, HTML and Style injection on login page

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in SicommNet BASEC on SaaS allows Reflected XSS, XSS Through HTTP Query Strings, Rendering of Arbitrary HTML and alternation of CSS Styles This issue affects BASEC: from 14 Dec 2021...

CVE-2024-6617 NinjaTeam Header Footer Custom Code <= 1.2 - Admin+ Stored XSS via CSS Styles

The NinjaTeam Header Footer Custom Code WordPress plugin before 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...

PT-2024-5873

Name of the Vulnerable Software and Affected Versions Roundcube versions 1.5.0 through 1.5.7 Roundcube versions 1.6.0 through 1.6.7 Description The issue is related to the mod css styles function in Roundcube, which insufficiently filters Cascading Style Sheets CSS token sequences in rendered...

CVE-2024-42010

modcssstyles in Roundcube through 1.5.7 and 1.6.x through 1.6.7 insufficiently filters Cascading Style Sheets CSS token sequences in rendered e-mail messages, allowing a remote attacker to obtain sensitive information...

MAL-2022-1465 Malicious code in base-css-styles (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f81c6f392029b9702f5a17b445a87e8a4378d5931d872e0755c58ae4c55ea005 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in base-css-styles (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f81c6f392029b9702f5a17b445a87e8a4378d5931d872e0755c58ae4c55ea005 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Support drag-and-drop“click-hijacking vulnerability in”using the tools: CJExploiter-vulnerability warning-the black bar safety net

CJExploiter is a support drag-and-drop Clickjacking vulnerability using an auxiliary tool. First, in the local use browser to open“index.html”, enter the target URL and click on“View Site”to. You can customize the JS, and finally click on the“Exploit it”, you will be able to get the POC. !...