EUVD-2022-29136

Malicious code in bioql PyPI...

CVE-2025-53923

Emlog is an open source website building system. A cross-site scripting XSS vulnerability in emlog up to and including pro-2.5.17 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter. Due to lack of sanitization it is possible to inject HTML/JS code into keywor...

[SECURITY] Fedora 42 Update: qt6-qtwebchannel-6.9.1-1.fc42

The Qt WebChannel module provides a library for seamless integration of C++ and QML applications with HTML/JavaScript clients. Any QObject can be published to remote clients, where its public API becomes available...

CVE-2021-42044

An issue was discovered in the Mentor dashboard in the GrowthExperiments extension in MediaWiki through 1.36.2. The Growthexperiments-mentor-dashboard-mentee-overview-add-filter-total-edits-headline, growthexperiments-mentor-dashboard-mentee-overview-add-filter-starred-headline,...

CVE-2019-6990

A stored-self XSS exists in web/skins/classic/views/zones.php of ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in a vulnerable field via a crafted Zone NAME to the index.php?view=zones=zoneImage∣=1 URI...

CVE-2025-25625

A stored cross-site scripting vulnerability exists in FS model S3150-8T2F switches running firmware s3150-8t2f-switch-fsos-220d118101 and web firmware v2.2.2, which allows an authenticated web interface user to bypass input filtering on user names, and stores un-sanitized HTML and Javascript on t...

CVE-2024-49211

Reflected XSS was discovered in a Dashboard Listing Archer Platform UX page in Archer Platform 6.x before version 2024.08. A remote unauthenticated attacker could potentially exploit this by tricking a victim application user into supplying malicious HTML or JavaScript code to the vulnerable web...

Sulu 跨站脚本漏洞

Sulu is a Symfony framework on an extensible, PHP-based open source content management system from Sulu, Austria. A cross-site scripting vulnerability exists in Sulu. An attacker can exploit this vulnerability to inject arbitrary HTML/JavaScript code...

CVE-2024-4424 Stored XSS in CemiPark

The access control in CemiPark software does not properly validate user-entered data, which allows the stored cross-site scripting XSS attack. The parameters used to enter data into the system do not have appropriate validation, which makes possible to smuggle in HTML/JavaScript code. This code...

CVE-2024-4424 Stored XSS in CemiPark

The access control in CemiPark software does not properly validate user-entered data, which allows the stored cross-site scripting XSS attack. The parameters used to enter data into the system do not have appropriate validation, which makes possible to smuggle in HTML/JavaScript code. This code...

Cross Site Scripting (XSS)

labelstudio is vulnerable to Cross Site Scripting XSS. The vulnerability is due to not sanitizing/validating the HTML/JavaScript file that was downloaded from the import data feature from a remote web resource. An attacker can exploit this to download a HTML file that executes malicious JavaScrip...

Design/Logic Flaw

The WP Go Maps formerly WP Google Maps WordPress plugin before 9.0.28 does not properly protect most of its REST API routes, which attackers can abuse to store malicious HTML/Javascript on the site...

WordPress Plugin WP Go Maps Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2023-44390

HtmlSanitizer is a .NET library for cleaning HTML fragments and documents from constructs that can lead to XSS attacks. The vulnerability occurs in configurations where foreign content is allowed, i.e. either svg or math are in the list of allowed elements. In the case an application sanitizes us...

CVE-2023-4090

Cross-site Scripting XSS reflected vulnerability on WideStand until 5.3.5 version, which generates one of the meta tags directly using the content of the queried URL, which would allow an attacker to inject HTML/Javascript code into the response...

CVE-2023-4090 Cross-Site Scripting (XSS) vulnerability on WideStand CMS of Acilia

Cross-site Scripting XSS reflected vulnerability on WideStand until 5.3.5 version, which generates one of the meta tags directly using the content of the queried URL, which would allow an attacker to inject HTML/Javascript code into the response...

Hardcoded credentials

Plane version 0.7.1-dev allows an attacker to change the avatar of his profile, which allows uploading files with HTML extension that interprets both HTML and JavaScript...

Cross site scripting

Sage X3 version 12.14.0.50-0 is vulnerable to Cross Site Scripting XSS. Some parts of the Web application are dynamically built using user's inputs. Yet, those inputs are not verified nor filtered by the application, so they mathed the expected format. Therefore, when HTML/JavaScript code is...

PT-2023-19322 · Broadcom · Symantec Siteminder Webagent

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: A user can supply malicious HTML and JavaScript code that will be executed in the client browser. Recommendations: At the moment, there is no information about a newer version that...

Veritas NetBackUp OpsCenter 跨站脚本漏洞

Veritas Technologies Veritas NetBackup is a powerful enterprise-class data backup management software from Veritas Technologies, USA. A security vulnerability exists in Veritas NetBackUp OpsCenter version 9.1.0.1, which stems from not adequately cleaning up special characters. An attacker could...