📄 mrrb.bg Cross Site Scripting

The site at mrrb.bg suffers from a cross site scripting issue. The researcher has waited over a year after reporting this to make public, so hopefully this will encourage them to fix it. Titles: mrrb.bg-APP - XSS-Reflected Author: nu11secur1ty Date: 01/06/2026 Vendor: mrrb.bg Software: mrrb.bg...

📄 WIX.com Cross Site Scripting

WIX.com appears to suffer from a cross site scripting vulnerability. The researcher contacted them months ago and they have ignored his report, so we are posting this to encourage them to address it and to let their users know that they could be affected by this vulnerability. Titles: WIX.com /...

Cross-site Scripting (XSS)

prosemirrortohtml is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper escaping of HTML attribute values, which allows an attacker to inject and execute arbitrary JavaScript code through crafted input...

Duplicate Advisory: ProsemirrorToHtml has a Cross-Site Scripting (XSS) vulnerability through unescaped HTML attribute values

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-52c5-vh7f-26fx. This link is maintained to preserve external references. Original Description Impact The prosemirrortohtml gem is vulnerable to Cross-Site Scripting XSS attacks through malicious HTML attribute...

📄 moew.government.bg Cross Site Scripting

moew.government.bg suffers from a cross site scripting vulnerability. It is unclear what vulnerable code base is being used or if it's custom, however, the researcher has not heard a response from the administrators for a year and they have not addressed the issue, putting their users at risk, so...

GHSA-52C5-VH7F-26FX Cross-Site Scripting (XSS) vulnerability through unescaped HTML attribute values

Impact The prosemirrortohtml gem is vulnerable to Cross-Site Scripting XSS attacks through malicious HTML attribute values. While tag content is properly escaped, attribute values are not, allowing attackers to inject arbitrary JavaScript code. Who is impacted: - Any application using...

Cross-Site Scripting (XSS) vulnerability through unescaped HTML attribute values

Impact The prosemirrortohtml gem is vulnerable to Cross-Site Scripting XSS attacks through malicious HTML attribute values. While tag content is properly escaped, attribute values are not, allowing attackers to inject arbitrary JavaScript code. Who is impacted: - Any application using...

EUVD-2020-24102

Malware in sbrugna...

EUVD-2006-6959

Malware in sbrugna...

EUVD-2021-26366

Malware in sbrugna...

EUVD-2017-0319

Malware in sbrugna...

EUVD-2021-11197

Malware in sbrugna...

EUVD-2025-32491

The Responsive Lightbox & Gallery WordPress plugin before 2.5.3 does not properly handle HTML tag attributes modifications, potentially allowing unauthenticated attackers to abuse the functionality to include event handlers and conduct Stored XSS attacks...

CVE-2025-9710

The Responsive Lightbox & Gallery WordPress plugin before 2.5.3 does not properly handle HTML tag attributes modifications, potentially allowing unauthenticated attackers to abuse the functionality to include event handlers and conduct Stored XSS attacks...

CVE-2025-9710 Responsive Lightbox & Gallery < 2.5.3 - Unauthenticated Stored-XSS via Comments

The Responsive Lightbox & Gallery WordPress plugin before 2.5.3 does not properly handle HTML tag attributes modifications, potentially allowing unauthenticated attackers to abuse the functionality to include event handlers and conduct Stored XSS attacks...

EUVD-2022-24394

Malicious code in bioql PyPI...

EUVD-2025-15795

Malicious code in bioql PyPI...

EUVD-2022-34452

Malicious code in bioql PyPI...

EUVD-2024-0365

Malicious code in bioql PyPI...

CVE-2025-9512

The Schema & Structured Data for WP & AMP WordPress plugin before 1.50 does not properly handles HTML tag attribute modifications, making it possible for unauthenticated attackers to conduct Stored XSS attacks via post comments...