14 matches found
EUVD-2024-32592
Malicious code in bioql PyPI...
EUVD-2025-1990
Malicious code in bioql PyPI...
CVE-2024-4026
Cross-Site Scripting XSS vulnerability in the Holded application. This vulnerability could allow an attacker to store a JavaScript payload within all editable parameters within the 'General' and 'Team ID' functionalities, which could result in a session takeover...
CVE-2025-1076
A Stored Cross-Site Scripting Stored XSS vulnerability has been found in the Holded application. This vulnerability could allow an attacker to store a JavaScript payload within the editable ‘name’ and ‘icon’ parameters of the Activities functionality...
CVE-2025-1076
A Stored Cross-Site Scripting Stored XSS vulnerability has been found in the Holded application. This vulnerability could allow an attacker to store a JavaScript payload within the editable ‘name’ and ‘icon’ parameters of the Activities functionality...
CVE-2025-1076
CVE-2025-1076 describes a Stored XSS vulnerability in Holded’s application, affecting the editable name and icon fields within the Activities feature. The root cause is storing a JavaScript payload in those parameters, enabling an attacker to inject script via standard input fields. The issue is ...
CVE-2025-1076 Stored Cross-Site Scripting vulnerability in Holded
A Stored Cross-Site Scripting Stored XSS vulnerability has been found in the Holded application. This vulnerability could allow an attacker to store a JavaScript payload within the editable ‘name’ and ‘icon’ parameters of the Activities functionality...
CVE-2025-1076 Stored Cross-Site Scripting vulnerability in Holded
A Stored Cross-Site Scripting Stored XSS vulnerability has been found in the Holded application. This vulnerability could allow an attacker to store a JavaScript payload within the editable ‘name’ and ‘icon’ parameters of the Activities functionality...
CVE-2024-4026
Cross-Site Scripting XSS vulnerability in the Holded application. This vulnerability could allow an attacker to store a JavaScript payload within all editable parameters within the 'General' and 'Team ID' functionalities, which could result in a session takeover...
CVE-2024-4026 Cross-Site Scripting in the Holded application
Cross-Site Scripting XSS vulnerability in the Holded application. This vulnerability could allow an attacker to store a JavaScript payload within all editable parameters within the 'General' and 'Team ID' functionalities, which could result in a session takeover...
CVE-2024-4026 Cross-Site Scripting in the Holded application
Cross-Site Scripting XSS vulnerability in the Holded application. This vulnerability could allow an attacker to store a JavaScript payload within all editable parameters within the 'General' and 'Team ID' functionalities, which could result in a session takeover...
CVE-2024-4026
CVE-2024-4026 is an XSS vulnerability in Holded. The cited sources indicate that an attacker could store a JavaScript payload in all editable parameters within the General and Team ID functions, enabling session takeover. The issue affects Holded versions prior to 4.20.0 (per CNNVD). Root cause d...
Holded 跨站脚本漏洞
Holded is a business management software from Holded. A cross-site scripting vulnerability exists in Holded versions prior to 4.20.0 that stems from allowing an attacker to store a JavaScript payload in all editable parameters in the Genera, Team ID functions, which could lead to a session takeov...
WordPress Import Holded for WooCommerce or Easy Digital Downloads plugin <= 1.4 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Import Holded for WooCommerce or Easy Digital Downloads plugin versions = 1.4. Solution Update the WordPress Import Holded for WooCommerce or Easy Digital Downloads plugin to the latest available versi...