CVE-2026-2374

The Login No Captcha reCAPTCHA plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the $SERVER'PHPSELF' superglobal in all versions up to, and including, 1.8.0. This is due to the authenticate function storing the unsanitized output of basename$SERVER'PHPSELF' in the...

EUVD-2023-38681

Malicious code in bioql PyPI...

CVE-2025-27448

The web application is susceptible to cross-site-scripting attacks. An attacker who can create new dashboards can inject JavaScript code into the dashboard name which will be executed when the website is loaded...

CVE-2025-27448

CVE-2025-27448 affects Endress+Hauser MEAC300-FNADE4 web interface. The vulnerability is a cross-site scripting (XSS) flaw caused by improper validation of user input in the dashboard name. An attacker who can create dashboards can inject JavaScript into the dashboard name, which executes when th...

CVE-2024-37394

A stored cross-site scripting XSS vulnerability in the Project Dashboards of REDCap 13.1.9 allows authenticated users to execute arbitrary web script or HTML by injecting a crafted payload into the 'Dashboard title' and 'Dashboard content' text boxes. This can lead to the execution of malicious...

CVE-2024-37394

CVE-2024-37394 (REDCap) : A stored XSS in REDCap 13.1.9 affects the Project Dashboards, allowing authenticated users to inject payloads into the Dashboard title and content. Exploitation leads to execution of malicious scripts when the dashboard is viewed. Red Hat CVE records mirror this issue fo...

Wowza Media Systems Wowza Streaming Engine 跨站脚本漏洞

Wowza Media Systems Wowza Streaming Engine is a powerful, customizable and extensible media server software from Wowza Media Systems, USA. It is used to reliably stream high-quality video and audio to any device, anywhere. A cross-site scripting vulnerability exists in Wowza Media Systems Wowza...

Vaultwarden 安全漏洞

Vaultwarden is an alternative implementation of the Bitwarden server API written in Rust by Daniel García Personal Developer. A security vulnerability exists in Vaultwarden version 1.30.3, which stems from the presence of stored cross-site scripting XSS that allows an authenticated attacker to...

CVE-2022-3695

Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.3.0.0, 9.2.0.4 and 8.3.0.27 allow a malicious URL to inject content into a dashboard when the CDE plugin is present...

Hitachi Vantara Pentaho Business Analytics Server 跨站脚本漏洞

Hitachi Vantara Pentaho Business Analytics Server is a modern data blending, integration, and business analytics platform from Hitachi, Ltd Hitachi, Japan. A security vulnerability exists in Hitachi Vantara Pentaho Business Analytics Server that stems from allowing malicious URLs to inject conten...

SAP MII 代码注入漏洞

SAP MII is a software application from SAP Germany. It provides manufacturing operations management functions. SAP MII has a security vulnerability. sapmii allows users to create dashboards via SSCE Self Service Combined Environment and save them as JSPs. an attacker can intercept requests to the...