CVE-2018-25292

Bome Restorator 1793 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Name field. Attackers can create a malicious payload exceeding 4000 bytes and paste it into the Name input field to trigger an...

CVE-2018-25260

MAGIX Music Editor 3.1 contains a buffer overflow vulnerability in the FreeDB Proxy Options dialog that allows local attackers to execute arbitrary code by exploiting structured exception handling. Attackers can craft a malicious payload, paste it into the Server field via the CD menu's FreeDB...

CVE-2026-31313

CVE-2026-31313 describes an authenticated stored cross-site scripting (XSS) vulnerability in Feehi CMS v2.1.1, specifically in the creation/editing module where payloads injected into the Content field can execute arbitrary scripts/HTML. The issue is tied to the Content field input handling durin...

CVE-2020-37207

SpotDialup 1.6.7 contains a denial of service vulnerability in the registration key input field that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the 'Key' field to trigger an application crash...

CVE-2025-65923

A Stored Cross-Site Scripting XSS vulnerability was discovered within the CSV import mechanism of ERPNext thru 15.88.1 when using the Update Existing Recordsoption. An attacker can embed malicious JavaScript code into a CSV field, which is then stored in the database and executed whenever the...

EUVD-2025-32136

Malicious code in bioql PyPI...

CVE-2025-56379

A stored cross-site scripting XSS vulnerability in the blog post feature of ERPNEXT v15.67.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the content field...

PT-2025-40352

Name of the Vulnerable Software and Affected Versions ERPNEXT version 15.67.0 Description A stored cross-site scripting XSS issue exists in the blog post feature. An attacker can inject a crafted payload into the content field, potentially leading to the execution of arbitrary web scripts or HTML...

Language Sloth Web Application 安全漏洞

Language Sloth Web Application is a web page application from Language Sloth, Inc. A security vulnerability exists in Language Sloth Web Application version 1.0, which originates from stored cross-site scripting and allows an attacker to execute arbitrary web script or HTML by injecting a special...

PT-2024-34522 · Snipe-It · Snipe-It

Name of the Vulnerable Software and Affected Versions: Snipe-IT version 7.0.13 build 15514 Description: The issue allows a low-privileged attacker to modify their profile name and inject a malicious payload into the Name field. When an administrator later accesses the People Management page,...

Stimulsoft GmbH Stimulsoft Dashboard.JS security vulnerability

Stimulsoft GmbH Stimulsoft Dashboard.JS is a powerful dashboard development tool from Stimulsoft. A security vulnerability exists in Stimulsoft GmbH Stimulsoft Dashboard.JS versions prior to v.2024.1.2. A remote attacker can exploit this vulnerability to execute arbitrary code via a specially...

CVE-2023-43331

A cross-site scripting XSS vulnerability in the Add User function of Small CRM v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field...

CVE-2023-36940

Cross Site Scripting XSS vulnerability in PHPGurukul Online Fire Reporting System Using PHP and MySQL v.1.2 allows attackers to execute arbitrary code via a crafted payload injected into the search field...

CVE-2023-36940

Cross Site Scripting XSS vulnerability in PHPGurukul Online Fire Reporting System Using PHP and MySQL v.1.2 allows attackers to execute arbitrary code via a crafted payload injected into the search field...

CVE-2023-33793

A stored cross-site scripting XSS vulnerability in the Create Power Panels /dcim/power-panels/ function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field...

CVE-2023-33789

A stored cross-site scripting XSS vulnerability in the Create Contact Groups /tenancy/contact-groups/ function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field...

CVE-2023-33785

A stored cross-site scripting XSS vulnerability in the Create Rack Roles /dcim/rack-roles/ function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field...

CVE-2022-34297

Yii Yii2 Gii through 2.2.4 allows stored XSS by injecting a payload into any field...

CVE-2022-44946

Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting XSS vulnerability in the Add Page function at /index.php?module=helppages/pages&entitiesid=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title fiel...

CVE-2022-44955

webtareas 2.4p5 was discovered to contain a cross-site scripting XSS vulnerability in the Chat function. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Messages field...