EUVD-2026-25077

Beghelli Sicuro24 SicuroWeb does not enforce a Content Security Policy, allowing unrestricted loading of external JavaScript resources from attacker-controlled origins. When chained with the template injection and sandbox escape vulnerabilities present in the same application, the absence of CSP...

Beghelli Sicuro24 SicuroWeb 安全漏洞

Beghelli Sicuro24 SicuroWeb is a remote security monitoring and alarm management platform developed by the Italian company Beghelli. There are security vulnerabilities in Beghelli Sicuro24 SicuroWeb. These vulnerabilities stem from the failure to enforce content security policies. The platform...

PT-2026-34541

Beghelli Sicuro24 SicuroWeb does not enforce a Content Security Policy, allowing unrestricted loading of external JavaScript resources from attacker-controlled origins. When chained with the template injection and sandbox escape vulnerabilities present in the same application, the absence of CSP...

CVE-2026-24037

Horilla is a free and open source Human Resource Management System HRMS. In version 1.4.0, the hasxss function attempts to block XSS by matching input against a set of regex patterns. However, the regexes are incomplete and context-agnostic, making them easy to bypass. Attackers are able to...

Linux Distros Unpatched Vulnerability : CVE-2024-32492

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Znuny 7.0.1 through 7.0.16 where the ticket detail view in the customer front allows the execution of external JavaScript...

DRUPAL-CONTRIB-2025-049

The COOKIES module protects users from executing JavaScript code provided by third parties, e.g., to display ads or track user data without consent. The cookies\asset\injector module a sub-module of the COOKiES module also allows inline JavaScript to be included in consent management. However, th...

CVE-2024-32492

An issue was discovered in Znuny 7.0.1 through 7.0.16 where the ticket detail view in the customer front allows the execution of external JavaScript...

PT-2024-24614 · Znuny · Znuny

Name of the Vulnerable Software and Affected Versions: Znuny versions 7.0.1 through 7.0.16 Description: An issue was discovered where the ticket detail view in the customer front allows the execution of external JavaScript. Recommendations: For versions 7.0.1 through 7.0.16, consider disabling th...

Znuny 安全漏洞

Znuny is a work order system from Znuny, Inc. A security vulnerability exists in Znuny versions 7.0.1 through 7.0.16, which stems from a vulnerability that allows an attacker to execute external JavaScript...

CVE-2024-32492

Znuny 7.0.1–7.0.16 contains a vulnerability in the ticket detail view for the customer front that allows execution of external JavaScript. The issue is supported by multiple sources (NVD/NASL entries and Red Hat/Ubuntu Debian advisories) without a documented vendor patch in the provided materials...

CVE-2024-32492

An issue was discovered in Znuny 7.0.1 through 7.0.16 where the ticket detail view in the customer front allows the execution of external JavaScript...

CVE-2024-1341

The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's advancediframe shortcode in all versions up to, and including, 2024.1 due to the plugin allowing users to include JS files from external sources through the additionaljs attribute. This makes it...

GHSA-3M3H-V9HV-9J4H Cross-site Scripting in django-wiki

In Django-wiki, versions 0.0.20 to 0.7.8 are vulnerable to Stored Cross-Site Scripting XSS in Notifications Section. An attacker who has access to edit pages can inject JavaScript payload in the title field. When a victim gets a notification regarding the changes made in the application, the...

GHSA-RWH9-8XX8-4WFM Cross-site Scripting in OpenCRX

In OpenCRX, versions v4.0.0 through v5.1.0 are vulnerable to reflected Cross-site Scripting XSS, due to unsanitized parameters in the password reset functionality. This allows execution of external javascript files on any user of the openCRX instance...

Cross-site Scripting in OpenCRX

In OpenCRX, versions v4.0.0 through v5.1.0 are vulnerable to reflected Cross-site Scripting XSS, due to unsanitized parameters in the password reset functionality. This allows execution of external javascript files on any user of the openCRX instance...

CVE-2021-25959 OpenCRX - Reflected Cross-Site Scripting in Password Reset Functionality

In OpenCRX, versions v4.0.0 through v5.1.0 are vulnerable to reflected Cross-site Scripting XSS, due to unsanitized parameters in the password reset functionality. This allows execution of external javascript files on any user of the openCRX instance...

Mautic 跨站脚本漏洞

Mautic is an open source marketing automation software. The software monitors and manages websites, sends emails and manages customer resources. A cross-site scripting vulnerability exists in versions prior to Mautic 3.2.4, which can be exploited by an attacker to load an external JavaScript file...

CVE-2020-13972

Enghouse Web Chat 6.2.284.34 allows XSS. When one enters their own domain name in the WebServiceLocation parameter, the response from the POST request is displayed, and any JavaScript returned from the external server is executed in the browser. This is related to CVE-2019-16951...

Automattic: [Simplenote for Windows] Client RCE via External JavaScript Inclusion leveraging Electron

Hi, A carefully crafted injection in the Markdown parser within Simplenote for Windows can be leveraged to achieve remote code execution via an external JavaScript file. The nature of Simplenote's content sharing system, which makes use of tags containing email addresses, means that an adversary...