CVE-2026-30919

facileManager is a modular suite of web apps built with the sysadmin in mind. Prior to 6.0.4 , stored XSS also known as persistent or second-order XSS occurs when an application receives data from an untrusted source and includes that data in its subsequent HTTP responses in an unsafe manner. Thi...

CVE-2026-30918

facileManager is a modular suite of web apps built with the sysadmin in mind. Prior to 6.0.4 , a reflected XSS occurs when an application receives data from an untrusted source and uses it in its HTTP responses in a way that could lead to vulnerabilities. It is possible to inject malicious...

CVE-2026-30919

facileManager is a modular suite of web apps built with the sysadmin in mind. Prior to 6.0.4 , stored XSS also known as persistent or second-order XSS occurs when an application receives data from an untrusted source and includes that data in its subsequent HTTP responses in an unsafe manner. Thi...

facileManager 跨站脚本漏洞

facileManager is a modular web application developed by the facileManager company. Versions of facileManager prior to 6.0.4 contained a cross-site scripting vulnerability. This vulnerability stemmed from improper handling of the logsearchquery parameter in the fmDNS module, which could lead to...

facileManager 跨站脚本漏洞

facileManager is a modular web application developed by the facileManager company. Versions of facileManager prior to 6.0.4 contained a cross-site scripting vulnerability. This vulnerability stemmed from improper handling of data in the fmDNS module, which could lead to storage-based cross-site...

CVE-2026-30919

facileManager is a modular suite of web apps built with the sysadmin in mind. Prior to 6.0.4 , stored XSS also known as persistent or second-order XSS occurs when an application receives data from an untrusted source and includes that data in its subsequent HTTP responses in an unsafe manner. Thi...

CVE-2026-30919 facileManager Affected by Stored Cross-Site Scripting (XSS)

facileManager is a modular suite of web apps built with the sysadmin in mind. Prior to 6.0.4 , stored XSS also known as persistent or second-order XSS occurs when an application receives data from an untrusted source and includes that data in its subsequent HTTP responses in an unsafe manner. Thi...

CVE-2026-30919 facileManager Affected by Stored Cross-Site Scripting (XSS)

facileManager is a modular suite of web apps built with the sysadmin in mind. Prior to 6.0.4 , stored XSS also known as persistent or second-order XSS occurs when an application receives data from an untrusted source and includes that data in its subsequent HTTP responses in an unsafe manner. Thi...

CVE-2026-30919 facileManager Affected by Stored Cross-Site Scripting (XSS)

facileManager is a modular suite of web apps built with the sysadmin in mind. Prior to 6.0.4 , stored XSS also known as persistent or second-order XSS occurs when an application receives data from an untrusted source and includes that data in its subsequent HTTP responses in an unsafe manner. Thi...

CVE-2026-30919

CVE-2026-30919 affects facileManager, specifically the fmDNS module. Before version 6.0.4, a stored XSS vulnerability exists where data from untrusted sources is reflected in HTTP responses in an unsafe manner. The CVSS v3.1 base score is 7.6 (High), with Network attack vector, Low attack complex...

CVE-2026-30918

facileManager (fmDNS module) before version 6.0.4 is affected by a reflected XSS. The vulnerability occurs when data from an untrusted source is injected via the log_search_query parameter and reflected in HTTP responses, potentially allowing malicious JavaScript execution. The issue is fixed in ...

CVE-2026-30918 facileManager Affected by Reflected Cross-Site Scripting (XSS)

facileManager is a modular suite of web apps built with the sysadmin in mind. Prior to 6.0.4 , a reflected XSS occurs when an application receives data from an untrusted source and uses it in its HTTP responses in a way that could lead to vulnerabilities. It is possible to inject malicious...

EUVD-2026-10428

facileManager is a modular suite of web apps built with the sysadmin in mind. Prior to 6.0.4 , a reflected XSS occurs when an application receives data from an untrusted source and uses it in its HTTP responses in a way that could lead to vulnerabilities. It is possible to inject malicious...

EUVD-2026-10429

facileManager is a modular suite of web apps built with the sysadmin in mind. Prior to 6.0.4 , a reflected XSS occurs when an application receives data from an untrusted source and uses it in its HTTP responses in a way that could lead to vulnerabilities. It is possible to inject malicious...

CVE-2026-30918 facileManager Affected by Reflected Cross-Site Scripting (XSS)

facileManager is a modular suite of web apps built with the sysadmin in mind. Prior to 6.0.4 , a reflected XSS occurs when an application receives data from an untrusted source and uses it in its HTTP responses in a way that could lead to vulnerabilities. It is possible to inject malicious...

EUVD-2024-21978

Malicious code in bioql PyPI...

EUVD-2024-21977

Malicious code in bioql PyPI...

CVE-2024-24571

facileManager is a modular suite of web apps built with the sysadmin in mind. For the facileManager web application versions 4.5.0 and earlier, we have found that XSS was present in almost all of the input fields as there is insufficient input validation...

CVE-2024-24572

facileManager is a modular suite of web apps built with the sysadmin in mind. In versions 4.5.0 and earlier, the $REQUEST global array was unsafely called inside an extract function in admin-logs.php. The PHP file fm-init.php prevents arbitrary manipulation of $SESSION via the GET/POST parameters...

CVE-2024-24573

facileManager is a modular suite of web apps built with the sysadmin in mind. In versions 4.5.0 and earlier, when a user updates their profile, a POST request containing user information is sent to the endpoint server/fm-modules/facileManager/ajax/processPost.php. It was found that non-admins can...