8 matches found
EUVD-2025-9754
Malicious code in bioql PyPI...
CVE-2025-3189
Stored Cross-Site Scripting XSS in DoWISP in versions prior to 1.16.2.50, which consists of an stored XSS through the upload of a profile picture in SVG format with malicious Javascript code in it...
CVE-2025-3189
Stored Cross-Site Scripting XSS in DoWISP in versions prior to 1.16.2.50, which consists of an stored XSS through the upload of a profile picture in SVG format with malicious Javascript code in it...
CVE-2025-3189 Stored Cross-Site Scripting (XSS) in DoWISP
Stored Cross-Site Scripting XSS in DoWISP in versions prior to 1.16.2.50, which consists of an stored XSS through the upload of a profile picture in SVG format with malicious Javascript code in it...
CVE-2025-3189
CVE-2025-3189 affects DoWISP before 1.16.2.50. A stored XSS flaw arises when a malicious SVG profile picture is uploaded, allowing code execution within DoWISP view contexts. Connected sources consistently report the same vulnerability and version boundary. The CVSS 4.0 vector indicates network a...
CVE-2025-3189 Stored Cross-Site Scripting (XSS) in DoWISP
Stored Cross-Site Scripting XSS in DoWISP in versions prior to 1.16.2.50, which consists of an stored XSS through the upload of a profile picture in SVG format with malicious Javascript code in it...
DoWISP 操作系统命令注入漏洞
DoWISP is a full-service cloud-based management software for Internet Service Providers ISPs from DoWISP, Inc. An operating system command injection vulnerability exists in DoWISP versions prior to 1.16.2.50, which stems from the fact that uploading a malicious profile picture in SVG format can...
PT-2025-14784 · Dowisp · Dowisp
Name of the Vulnerable Software and Affected Versions: DoWISP versions prior to 1.16.2.50 Description: The issue is related to a Stored Cross-Site Scripting XSS in DoWISP, where an attacker can upload a profile picture in SVG format containing malicious JavaScript code, leading to the execution o...