9 matches found
CVE-2025-64048
YCCMS 3.4 contains a stored cross-site scripting XSS vulnerability in the article management functionality. The vulnerability exists in the add and getPost functions within the ArticleAction.class.php file due to improper neutralization of user input in the article title field...
EUVD-2025-198986
YCCMS 3.4 contains a stored cross-site scripting XSS vulnerability in the article management functionality. The vulnerability exists in the add and getPost functions within the ArticleAction.class.php file due to improper neutralization of user input in the article title field...
CVE-2025-64048
YCCMS 3.4 contains a stored cross-site scripting XSS vulnerability in the article management functionality. The vulnerability exists in the add and getPost functions within the ArticleAction.class.php file due to improper neutralization of user input in the article title field...
CVE-2025-64048
YCCMS 3.4 contains a stored cross-site scripting XSS vulnerability in the article management functionality. The vulnerability exists in the add and getPost functions within the ArticleAction.class.php file due to improper neutralization of user input in the article title field...
CVE-2025-64048
YCCMS 3.4 contains a stored cross-site scripting XSS vulnerability in the article management functionality. The vulnerability exists in the add and getPost functions within the ArticleAction.class.php file due to improper neutralization of user input in the article title field...
CVE-2025-64048
Affected software/component: YCCMS 3.4, specifically the article management functionality in ArticleAction.class.php. Vulnerability: Stored cross-site scripting (XSS) in the article title input. The root cause is improper neutralization/validation of user-supplied data in the add() and getPost() ...
MAL-2023-3626 Malicious code in getpost (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx c0105e4faacdd7dff8920d32d323cc4081ca3a18cf9797ec7d363a6c6bff0f47 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...
Cross-site Scripting (XSS)
dolibarr/dolibarr is vulnerable to cross-site scripting XSS. The GETPOST functions in htdocs/product/stats/card.php for example for id parameter are not properly validated, allowing an attacker to inject an arbitrary script which will send a specifically crafted link to the user to steal users'...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Spyce - Python Server Pages PSP 2.1.3 allow remote attackers to inject arbitrary web script or HTML via 1 the url or type parameter to docs/examples/redirect.spy; 2 the x parameter to docs/examples/handlervalidate.spy; 3 the name parameter to...