EUVD-2012-2665

Malware in sbrugna...

EUVD-2023-54257

Malicious code in bioql PyPI...

CVE-2025-53835

XWiki Rendering is a generic rendering system that converts textual input in a given syntax wiki syntax, HTML, etc into another syntax XHTML, etc. Starting in version 5.4.5 and prior to version 14.10, the XHTML syntax depended on the xdom+xml/current syntax which allows the creation of raw blocks...

PT-2023-29043 · Unknown · Liquidfiles

Name of the Vulnerable Software and Affected Versions: LiquidFiles versions 3.7.13 and below Description: The issue allows an attacker to perform more advanced phishing attacks against an organization through HTML and SMTP injections on the registration page. Recommendations: For versions 3.7.13...

phpmyfaq -- multiple vulnerabilities

phpmyfaq developers report: a bypass to flood admin with FAQ proposals stored XSS in questions stored HTML injections weak passwords...

GHSA-33GV-RVGQ-GPXP Withdrawn Advisory: HTML injections in BTCPayServer

Withdrawn Advisory This advisory has been withdrawn because all of the files affected by this vulnerability lie in the BTCPayServer folder, which is not in the NuGet ecosystem. The BTCPayServer folder, corresponding to the BTCPayServer NuGet entry, does not contain any files that were changed to...

Withdrawn Advisory: HTML injections in BTCPayServer

Withdrawn Advisory This advisory has been withdrawn because all of the files affected by this vulnerability lie in the BTCPayServer folder, which is not in the NuGet ecosystem. The BTCPayServer folder, corresponding to the BTCPayServer NuGet entry, does not contain any files that were changed to...

Automattic: Site information's Display Name section vulnerable for XSS attacks and HTML Injections.

Summary: Hi, Greetings. I have found that site information's Display Name section on the try.pressable.com is vulnerable for potential XSS attacks and HTML Injections. Steps To Reproduce: 1. Visit https://try.pressable.com 2. Create a new site. 3. On the Display Name section, put the XSS / HTML...

Acronis: Reflected XSS via "Error" parameter on https://admin.acronis.com/admin/su/

Summary Hello, There is possible to inject arbitrary HTML constructions on the page /admin/su/. The problem is in the insufficient escaping of special characters like for the Error parameter. If this parameter contains a specially crafted vector, the application will return the page that will...

New Banking malware 'i2Ninja' being sold via underground Russian Cybercrime Market

Researchers at Trusteer spotted a new banking malware program on the underground Russian cybercrime market, that communicates with attackers over the I2P anonymity network is for sale on underground Russian cybercrime forums. Dubbed 'i2Ninja', malware has most of the features found in other...

[SECURITY] [DSA 2671-1] request-tracker4 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2671-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso May 22, 2013 http://www.debian.org/security/faq -...

Debian DSA-2445-1 : typo3-src - several vulnerabilities

Several remote vulnerabilities have been discovered in the TYPO3 web content management framework : - CVE-2012-1606 Failing to properly HTML-encode user input in several places, the TYPO3 backend is susceptible to Cross-Site Scripting. A valid backend user is required to exploit these...

DSA-2445-1 typo3-src - several

Bulletin has no description...

Fake Chat Screen Malware Hijacks Banking Customers

A new attack against online banking customers uses a malware platform to trick its victims into verifying bogus transactions. The attack, first described by Trusteer CTO Amit Klein, waits for an unsuspecting business banking customer to log online before telling them that “security checks” need t...

CGI Generic HTML Injections (quick test)

The remote web server hosts CGI scripts that fail to adequately sanitize request strings with malicious JavaScript. By leveraging this issue, an attacker may be able to cause arbitrary HTML to be executed in a user's browser within the security context of the affected site. The remote web server...

Invision Power Board D22-Shoutbox HTML Injections

HSC Invision Power Board D22-Shoutbox HTML Injections D22-Shoutbox suffers from improper validation of HTMl tags filtration. An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the...

phpnukesearch-xss.txt

PHP-Nuke ALL versions Search Module multiple XSS and HTML injection ------------------------------------------------------------------- The well-known PHP-Nuke CMS is vulnerable to multiple XSS attacks and HTML injections through the Search Module. The request is made using POST, but the whole...

Paypal Subscription Manager Multiple HTML Injections

Paypal Subscription Manager allows webmaster easily create subscription web site, visitors can access to digital product instantly after paying through Paypal, PSM provides ability to effortlessly process subscription and protect membership areas. PSM uses PHP and MySQL for fast, efficient,...

Archangel Weblog 0.90.02 and prior Multiple HTML injections

HeLiOsZ - Dark End Team - Internet Security Team Archangel Weblog 0.90.02 and prior Multiple HTML injections IRC: darkend.sytes.net darkend , http://darkend.sytes.net & http://www.darkend.org Rish : Medium Type : web applet Creator: http://www.archangelmgt.com/ Exploit: - To exploit this issue yo...