EUVD-2025-24193

Malicious code in bioql PyPI...

CVE-2025-10246

The CVE-2025-10246 entry concerns lokibhardwaj PHP-Code-For-Unlimited-File-Upload. Affected component: the file /f.php, where manipulation of the parameter h enables cross-site scripting. Impact: remote exploitation is possible; exploits have been publicly disclosed. The issue references versions...

CVE-2025-10246 lokibhardwaj PHP-Code-For-Unlimited-File-Upload f.php cross site scripting

A weakness has been identified in lokibhardwaj PHP-Code-For-Unlimited-File-Upload up to 124fe96324915490c81eaf7db3234b0b4e4bab3c. This affects an unknown part of the file /f.php. This manipulation of the argument h causes cross site scripting. Remote exploitation of the attack is possible. The...

CVE-2025-8568

The GMap Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘h’ parameter in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...

CVE-2025-8568 GMap - Venturit <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'h' Parameter

The GMap Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘h’ parameter in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...

CVE-2025-8568 GMap - Venturit <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'h' Parameter

The GMap Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘h’ parameter in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...

PT-2024-34350 · Axigen · Axigen Mail Server

Name of the Vulnerable Software and Affected Versions: Axigen Mail Server versions prior to 10.5.29 Description: The issue concerns persistent and reflected XSS vulnerabilities in the themeMode cookie and h URL parameter. This could allow attackers to execute arbitrary Javascript, potentially...

CVE-2023-25719

ConnectWise Control before 22.9.10032 formerly known as ScreenConnect fails to validate user-supplied parameters such as the Bin/ConnectWiseControl.Client.exe h parameter. This results in reflected data and injection of malicious code into a downloaded executable. The executable can be used to...

CVE-2019-17115

Multiple cross-site scripting XSS vulnerabilities in WiKID 2FA Enterprise Server through 4.2.0-b2047 allow remote attackers to inject arbitrary web script or HTML that is triggered when Logs.jsp is visited. The renderedmessage column is retrieved and displayed, unsanitized, on Logs.jsp. A remote...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in WiKID 2FA Enterprise Server through 4.2.0-b2047 allow remote attackers to inject arbitrary web script or HTML that is triggered when Logs.jsp is visited. The renderedmessage column is retrieved and displayed, unsanitized, on Logs.jsp. A remote...

CVE-2006-3036

Multiple cross-site scripting XSS vulnerabilities in 35mmslidegallery 6.0 allow remote attackers to inject arbitrary web script or HTML via the 1 imgdir parameter in a index.php, and the 2 w, 3 h, and 4 t parameters in b popup.php...