5 matches found
CVE-2026-25940
A flaw was found in jsPDF. The properties and methods of the Acroform module accept user input without sanitization, allowing an attacker to inject arbitrary PDF objects, such as JavaScript actions. Specifically, if an attacker can supply a specially crafted input to the...
EUVD-2025-24819
Malicious code in bioql PyPI...
Jeecg-Boot Cross-Site Scripting Vulnerability
Jeecg-Boot is a low-code platform based on the code generator from the JeecgBoot community. Jeecg-Boot 3.0 has a security vulnerability that stems from a cross-site script in /jeecg-boot/jmreport/view that causes a mouse hover event. No details of the vulnerability are currently available...
CVE-2020-28409
The server in Dundas BI through 8.0.0.1001 allows XSS via addition of a Component e.g., a button when events such as click, hover, etc. occur...
CVE-2020-28409
The CVE-2020-28409 entry describes a reflected/in-page XSS in Dundas BI up to version 8.0.0.1001, triggered by adding a UI Component (for example, a button) and subsequent events such as click or hover. The vulnerability affects Dundas BI’s server-side handling when these events occur, enabling s...