178 matches found
EUVD-2007-6200
Malware in sbrugna...
EUVD-2021-21300
Malware in sbrugna...
EUVD-2006-5638
Malware in sbrugna...
EUVD-2021-12024
Malware in sbrugna...
EUVD-2006-4881
Malware in sbrugna...
EUVD-2025-23134
Malicious code in bioql PyPI...
EUVD-2021-29534
Malicious code in bioql PyPI...
Langley Online Banking System 代码注入漏洞
Langley Online Banking System is an online banking system from Langley Corporation. A code injection vulnerability exists in the Langley Online Banking System, which originates from a misuse of the parameter Error in file /connectionerror.php and could lead to a cross-site scripting attack...
CVE-2025-11125 langleyfcu Online Banking System Error Message connection_error.php cross site scripting
A vulnerability was found in langleyfcu Online Banking System up to 57437e6400ce0ae240e692c24e6346b8d0c17d7a. Affected by this vulnerability is an unknown functionality of the file /connectionerror.php of the component Error Message Handler. Performing manipulation of the argument Error results i...
PT-2025-36327
Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw exists in Keycloak where the account console and other pages accept arbitrary text in the error description query parameter. This text is directly rendered in error pages without...
CVE-2025-8319
the BMA login interface allows arbitrary JavaScript or HTML to be written straight into the page’s Document Object Model via the error= URL parameter...
Barracuda Message Archiver 安全漏洞
Barracuda Message Archiver is an email archiving platform from Barracuda USA. A security vulnerability exists in Barracuda Message Archiver that stems from the error parameter allowing direct writing to JavaScript or HTML, which could lead to a cross-site scripting attack...
CVE-2025-52358
A cross-site scripting vulnerability in Vivaldi United Group iCONTROL+ Server including Firmware version 4.7.8.0.eden Logic version 5.32 and below. This issue allows attackers to inject JavaScript payloads within the error or edit-menu-item parameters which are then executed in the victim's brows...
WeGIA Cross-Site Scripting Vulnerability
WeGIA is a web manager for welfare organizations. WeGIA suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data by the parameter err in the file personalizacao.php, for which no detailed vulnerability details are availab...
CVE-2025-6588 FunnelCockpit <= 1.4.3 - Reflected Cross-Site Scripting via `error` Parameter
The FunnelCockpit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘error’ parameter in all versions up to, and including, 1.4.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
CVE-2025-54078
WeGIA is an open source web manager. A Reflected Cross‑Site Scripting (XSS) vulnerability exists in the personalizacao_imagem.php endpoint, caused by insufficient input filtering/escaping of the err parameter. Affected versions are prior to 3.4.6; version 3.4.6 contains the fix. Impact is XSS exp...
CVE-2025-53820
WeGIA is an open-source web manager for welfare organizations. A reflected Cross‑Site Scripting (XSS) vulnerability exists in the index.php endpoint before version 3.4.5, exploitable via the erro parameter due to insufficient input escaping/validation. Impact is described as user-injected script ...
CVE-2023-44915
A cross-site scripting XSS vulnerability in the component /Login.php of c3crm up to v3.0.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the loginerror parameter...
CVE-2024-44794
A cross-site scripting XSS vulnerability in the component /master/auth/OnedriveRedirect.php of PicUploader commit fcf82ea allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the errordescription parameter...
CVE-2023-46019
Cross Site Scripting XSS vulnerability in abs.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary code via the 'error' parameter...