Zabbix 6.0.x < 6.0.45 / 7.0.x < 7.0.24 / 7.4.x < 7.4.8 XSS (ZBX-27760)

The version of Zabbix Server installed on the remote host is prior to 6.0.45, 7.0.24, 7.4.8. It is, therefore, affected by a stored cross-site scripting XSS vulnerability. The Item history widget in Zabbix 7.0+ or the Plain text widget in Zabbix 6.0 can execute injected JavaScript when HTML displ...

CVE-2023-49743

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jeff Starr Dashboard Widgets Suite allows Stored XSS.This issue affects Dashboard Widgets Suite: from n/a through 3.4.1...

EUVD-2005-1729

Malware in sbrugna...

EUVD-2023-56984

Malicious code in bioql PyPI...

EUVD-2023-30314

Malicious code in bioql PyPI...

EUVD-2025-18185

Malicious code in bioql PyPI...

EUVD-2023-53666

Malicious code in bioql PyPI...

EUVD-2024-19851

Malicious code in bioql PyPI...

CVE-2025-49185

The web application is susceptible to cross-site-scripting attacks. An attacker who can create new dashboard widgets can inject malicious JavaScript code into the Transform Function which will be executed when the widget receives data from its data source...

CVE-2025-49185

The web application is susceptible to cross-site-scripting attacks. An attacker who can create new dashboard widgets can inject malicious JavaScript code into the Transform Function which will be executed when the widget receives data from its data source...

CVE-2025-49185

CVE-2025-49185 is a stored cross-site scripting vulnerability affecting SICK Field Analytics and SICK Media Server. The issue arises in dashboard widgets: an attacker who can create new widgets can inject malicious JavaScript into the Transform Function, which executes when the widget processes d...

CVE-2025-49185 Stored Cross-Site-Script

The web application is susceptible to cross-site-scripting attacks. An attacker who can create new dashboard widgets can inject malicious JavaScript code into the Transform Function which will be executed when the widget receives data from its data source...

CVE-2025-49185 Stored Cross-Site-Script

The web application is susceptible to cross-site-scripting attacks. An attacker who can create new dashboard widgets can inject malicious JavaScript code into the Transform Function which will be executed when the widget receives data from its data source...

SICK Field Analytics和SICK Media Server 跨站脚本漏洞

SICK Field Analytics and SICK Media Server are both products of the German company SICK.SICK Field Analytics is software for evaluating manufacturing data.SICK Media Server is a media server. A security vulnerability exists in SICK Field Analytics and SICK Media Server that stems from the...

CVE-2024-0979

The Dashboard Widgets Suite plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 3.4.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...

CVE-2023-32532

Certain dashboard widgets on Trend Micro Apex Central on-premise are vulnerable to cross-site scripting XSS attacks that may allow an attacker to achieve remote code execution on affected servers. This is similar to, but not identical to CVE-2023-32531 through 32535...

CVE-2024-22290

Cross-Site Request Forgery CSRF vulnerability in AboZain,O7abeeb,UnitOne Custom Dashboard Widgets allows Cross-Site Scripting XSS.This issue affects Custom Dashboard Widgets: from n/a through 1.3.1...

WordPress Dashboard Widgets Suite plugin <= 3.4.3 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Krzysztof Zając in WordPress Plugin Dashboard Widgets Suite versions = 3.4.3...

CVE-2024-0979

The Dashboard Widgets Suite plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 3.4.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...

CVE-2024-0979

CVE-2024-0979 affects the WordPress plugin Dashboard Widgets Suite. The vulnerability is a Reflected Cross‑Site Scripting (XSS) via the tab parameter in all versions up to and including 3.4.3, caused by insufficient input sanitization and output escaping. It permits unauthenticated attackers to i...