178 matches found
PT-2025-48463
Name of the Vulnerable Software and Affected Versions Blood Bank Management System version 1.0 Description The application does not properly sanitize or encode user-supplied input before rendering it, leading to a cross-site scripting XSS issue. An attacker can inject malicious JavaScript payload...
CVE-2025-63528
CVE-2025-63528 describes an XSS vulnerability in Blood Bank Management System 1.0, specifically in the blooddinfo.php component. The root cause is inadequate sanitization/encoding of user-supplied input, allowing an attacker to inject JavaScript payloads that execute in a victim’s browser when th...
CVE-2025-63534
CVE-2025-63534 describes a reflected XSS vulnerability in Blood Bank Management System 1.0, specifically in the login.php component. The root cause is improper sanitization/encoding of user-provided input, allowing an attacker to inject JavaScript via the msg and error parameters, which executes ...
Linux Distros Unpatched Vulnerability : CVE-2025-66040
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Spotipy is a Python library for the Spotify Web API. Prior to version 2.25.2, there is a cross-site scripting XSS vulnerability in the OAuth callback server tha...
EUVD-2025-199997
A cross-site scripting XSS vulnerability exists in the Blood Bank Management System 1.0 within the blooddinfo.php component. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious JavaScript payloads into the erro...
CVE-2025-63534
A cross-site scripting XSS vulnerability exists in the Blood Bank Management System 1.0 within the login.php component. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious JavaScript payloads into the msg and...
SUSE CVE-2025-66040
Spotipy is a Python library for the Spotify Web API. Prior to version 2.25.2, there is a cross-site scripting XSS vulnerability in the OAuth callback server that allows for JavaScript injection through the unsanitized error parameter. Attackers can execute arbitrary JavaScript in the user's brows...
DEBIAN-CVE-2025-66040
Spotipy is a Python library for the Spotify Web API. Prior to version 2.25.2, there is a cross-site scripting XSS vulnerability in the OAuth callback server that allows for JavaScript injection through the unsanitized error parameter. Attackers can execute arbitrary JavaScript in the user's brows...
UBUNTU-CVE-2025-66040
Spotipy is a Python library for the Spotify Web API. Prior to version 2.25.2, there is a cross-site scripting XSS vulnerability in the OAuth callback server that allows for JavaScript injection through the unsanitized error parameter. Attackers can execute arbitrary JavaScript in the user's brows...
Cross-site Scripting (XSS)
Overview spotipy is an A light weight Python library for the Spotify Web API Affected versions of this package are vulnerable to Cross-site Scripting XSS via the RequestHandler.doGET function due to the error parameter in the OAuth callback server. An attacker can execute arbitrary JavaScript in...
CVE-2025-66040 Spotipy has a XSS vulnerability in OAuth callback server
Spotipy is a Python library for the Spotify Web API. Prior to version 2.25.2, there is a cross-site scripting XSS vulnerability in the OAuth callback server that allows for JavaScript injection through the unsanitized error parameter. Attackers can execute arbitrary JavaScript in the user's brows...
CVE-2025-66040
Spotipy is a Python library for the Spotify Web API. Prior to version 2.25.2, there is a cross-site scripting XSS vulnerability in the OAuth callback server that allows for JavaScript injection through the unsanitized error parameter. Attackers can execute arbitrary JavaScript in the user's brows...
PT-2025-48208
Spotipy is a Python library for the Spotify Web API. Prior to version 2.25.2, there is a cross-site scripting XSS vulnerability in the OAuth callback server that allows for JavaScript injection through the unsanitized error parameter. Attackers can execute arbitrary JavaScript in the user's brows...
CVE-2025-59113
Windu CMS implements weak client-side brute-force protection by using parameter loginError. Information about attempt count or timeout is not stored on the server, which allows a malicious attacker to bypass this brute-force protection by resetting this parameter. Only version 4.1 was tested and...
📄 Ilevia EVE X1 Server 4.7.18.0.eden Cross Site Scripting
Ilevia EVE X1 Server versions 4.7.18.0.eden and below suffer from a reflective cross site scripting vulnerability. Ilevia EVE X1 Server 4.7.18.0.eden Unauthenticated Reflected XSS Vendor: Ilevia Srl. Product web page: https://www.ilevia.com Affected version: =4.7.18.0.eden Summary: EVE is a smart...
Ilevia EVE X1 Server 4.7.18.0.eden Unauthenticated Reflected XSS
Summary EVE is a smart home and building automation solution designed for both residential and commercial environments, including malls, hotels, restaurants, bars, gyms, spas, boardrooms, and offices. It enables comprehensive control and monitoring of electrical installations through a highly...
EUVD-2007-6200
Malware in sbrugna...
EUVD-2005-3396
Malware in sbrugna...
EUVD-2021-21300
Malware in sbrugna...
EUVD-2005-0304
Malware in sbrugna...