EUVD-2009-2061

Malware in sbrugna...

EUVD-2022-44587

Malicious code in bioql PyPI...

Amazon Linux 2 : yelp-xsl (ALAS-2025-2861)

The version of yelp-xsl installed on the remote host is prior to 3.28.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2861 advisory. A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerabili...

CVE-2020-36415

A stored cross scripting XSS vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Create a new Stylesheet" parameter under the "Stylesheets" module...

Cross-Site Scripting

moodle/moodle is vulnerable to Cross-site scripting XSS. The vulnerability is due to insufficient sanitization of the return URL in the policy tool, allows for malicious scripts to be executed...

CVE-2024-46209

A stored cross-site scripting XSS vulnerability in the component /media/test.html of REDAXO CMS v5.17.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the password parameter...

[SECURITY] [DSA 5729-1] apache2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5729-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 11, 2024 https://www.debian.org/security/faq -...

CVE-2023-5112

Os Commerce is currently susceptible to a Cross-Site Scripting XSS vulnerability. This vulnerability allows attackers to inject JS through the "specialstypename1" parameter, potentially leading to unauthorized execution of scripts within a user's web browser...

CVE-2023-43721

Os Commerce is currently susceptible to a Cross-Site Scripting XSS vulnerability. This vulnerability allows attackers to inject JS through the "PACKINGSLIPSSUMMARYTITLE1" parameter, potentially leading to unauthorized execution of scripts within a user's web browser...

CVE-2023-43724 Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS)

Os Commerce is currently susceptible to a Cross-Site Scripting XSS vulnerability. This vulnerability allows attackers to inject JS through the "derb6zmklgtjuhh2cn5chn2qjbm2stgmfa4.oastify.comscription1name" parameter, potentially leading to unauthorized execution of scripts within a user's web...

Improper file handling in matrix-react-sdk

Matrix-React-SDK is a react-based SDK for inserting a Matrix chat/voip client into a web page. Before version 3.21.0, when uploading a file, the local file preview can lead to execution of scripts embedded in the uploaded file. This can only occur after several user interactions to open the previ...

CVE-2020-12391

Documents formed using data: URLs in an OBJECT element failed to inherit the CSP of the creating context. This allowed the execution of scripts that should have been blocked, albeit with a unique opaque origin. This vulnerability affects Firefox 76...

CVE-2020-12391

The Mozilla Foundation Security Advisory describes this flaw as: Documents formed using data: URLs in an object element failed to inherit the CSP of the creating context. This allowed the execution of scripts that should have been blocked, albeit with a unique opaque origin...

Update Protection against Mozilla Firefox nsDirIndexParser Overflow

The Mozilla Foundation has reported various vulnerabilities in Mozilla Firefox, Thunderbird, and SeaMonkey. If expolited, these vulnerabilities may lead to theft of authentication credentials, disclosure of sensitive information, execution of scripts with elevated privileges and execution of...

Design/Logic Flaw

Unspecified vulnerability in IBM WebSphere Application Server 5.0.2 and earlier, and 5.1.1 and earlier, has unknown impact and attack vectors related to "Inserting certain script tags in urls that may allow unintended execution of scripts."...

CVE-2006-2435

Technical details for CVE-2006-2435 are not publicly disclosed in the provided documents; the records only reiterate an unspecified vulnerability in IBM WebSphere Server with potential script-injection in URLs. Monitor for updates in connected sources.

TRG News 3.0 Script - Remote File Inclusion

source: https://www.securityfocus.com/bid/12855/info A remote file include vulnerability affects TRG News. This issue is due to a failure of the application to properly sanitize user-supplied input prior to using it to carry out critical functionality. Remote attackers could potentially exploit...