CVE-2026-44259

efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, the previewServlet serves files with their detected MIME type based on file extension, without any content sanitization or security headers. Files with .html, .htm, or .svg extensions are served as text/html or image/svg+xml...

EUVD-2000-0328

Malware in sbrugna...

EUVD-2014-3856

Malware in sbrugna...

CVE-2004-2291

Microsoft Windows Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code via an embedded script that uses Shell Helper objects and a shortcut link to execute the target script...

CVE-2024-52305

UnoPim is an open-source Product Information Management PIM system built on the Laravel framework. A vulnerability exists in the Create User process, allowing the creation of a new admin account with an option to upload a profile image. An attacker can upload a malicious SVG file containing an...

CVE-2024-52305 UnoPim Stored XSS : Cookie hijacking through Create User function

UnoPim is an open-source Product Information Management PIM system built on the Laravel framework. A vulnerability exists in the Create User process, allowing the creation of a new admin account with an option to upload a profile image. An attacker can upload a malicious SVG file containing an...

CVE-2024-52305

CVE-2024-52305 affects UnoPim (Laravel). The issue resides in the Create User flow, where uploading a profile image (notably SVG) can execute embedded scripts, enabling a stored XSS that can steal cookies and potentially hijack sessions. Affected versions include the UnoPim releases prior to the ...

CVE-2024-7847

VULNERABILITY DETAILS Rockwell Automation used the latest versions of the CVSS scoring system to assess the following vulnerabilities. The following vulnerabilities were reported to us by Sharon Brizinov of Claroty Research - Team82. A feature in the affected products enables users to prepare a...

CVE-2024-7847 RSLogix™ 5 and RSLogix 500® Remote Code Execution Via VBA Embedded Script

VULNERABILITY DETAILS Rockwell Automation used the latest versions of the CVSS scoring system to assess the following vulnerabilities. The following vulnerabilities were reported to us by Sharon Brizinov of Claroty Research - Team82. A feature in the affected products enables users to prepare a...

CVE-2024-7847 RSLogix™ 5 and RSLogix 500® Remote Code Execution Via VBA Embedded Script

VULNERABILITY DETAILS Rockwell Automation used the latest versions of the CVSS scoring system to assess the following vulnerabilities. The following vulnerabilities were reported to us by Sharon Brizinov of Claroty Research - Team82. A feature in the affected products enables users to prepare a...

CVE-2020-7304

Cross site request forgery vulnerability in McAfee Data Loss Prevention DLP ePO extension prior to 11.5.3 allows authenticated remote attacker to embed a CRSF script via adding a new label...

CVE-2014-3919

A vulnerability exists in Netgear CG3100 devices before 3.9.2421.13.mp3 V0027 via an embed malicious script in an unspecified page, which could let a malicious user obtain sensitive information...

CVE-2014-3919

A vulnerability exists in Netgear CG3100 devices before 3.9.2421.13.mp3 V0027 via an embed malicious script in an unspecified page, which could let a malicious user obtain sensitive information...

CVE-2018-7834

A CWE-79 Cross-Site Scripting vulnerability exists in all versions of the TSXETG100 allowing an attacker to send a specially crafted URL with an embedded script to a user that would then be executed within the context of that user...

CVE-2018-7834

A CWE-79 Cross-Site Scripting vulnerability exists in all versions of the TSXETG100 allowing an attacker to send a specially crafted URL with an embedded script to a user that would then be executed within the context of that user...

Unpatched MS Word Flaw Could Allow Hackers to Infect Your Computer

Cybersecurity researchers have revealed an unpatched logical flaw in Microsoft Office 2016 and older versions that could allow an attacker to embed malicious code inside a document file, tricking users into running malware onto their computers. Discovered by researchers at Cymulate, the bug abuse...

projectpier-xssxsrf.txt

====================================================================== ProjectPier Impact: Cross Site Scripting Cross Site Request Forgery Status: patch available ------------------------------ Affected software description: ------------------------------ Application: ProjectPier Version: = 0.80...

Cross-site scripting-vulnerability warning-the black bar safety net

What is cross-site scriptingCSS/XSS? We said the cross-site scripting refers to a remote WEB page's html code is inserted with the malicious purpose of the data, the user that the The page is trustworthy, but when the browser downloads the page, the embedded script will be interpreted, Sometimes...

CVE-2004-2291

CVE-2004-2291 affects Microsoft Windows Internet Explorer 5.5 and 6.0. A remote attacker can run arbitrary code by delivering an embedded script that uses Shell Helper objects and a shortcut (link) to trigger the target script. No exploitation details are provided in the connected documents. No r...

CVE-2000-0329

A Microsoft ActiveX control allows a remote attacker to execute a malicious cabinet file via an attachment and an embedded script in an HTML mail, aka the "Active Setup Control" vulnerability...