417 matches found
Cross-site Scripting (XSS)
Overview Kentico.Xperience.AspNet.Mvc5.Libraries is an assemblies required to use the Kentico Xperience API in class libraries developed for ASP.NET MVC 5 applications. Does not include content items or other modifications intended for the MVC web application itself. Affected versions of this...
Cross-site Scripting (XSS)
Overview Kentico.Xperience.AspNetCore.WebApp is an assemblies and content items required to integrate Kentico Xperience into ASP.NET Core applications. Affected versions of this package are vulnerable to Cross-site Scripting XSS through the CheckBox.cshtml view rendering. An attacker can execute...
CVE-2025-37732
A flaw was found in Kibana. This vulnerability allows an authenticated user to render HTML tags within a user’s browser via the integration package upload functionality. Mitigation Restrict network access to the Kibana instance to only trusted users and networks. Implement firewall rules to limit...
CVE-2025-65540
Multiple Cross-Site Scripting XSS vulnerabilities exist in xmall v1.1 due to improper handling of user-supplied data. User input fields such as username and description are directly rendered into HTML without proper sanitization or encoding, allowing attackers to inject and execute malicious...
CVE-2025-13742
Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when name is used in an email template, it will be replaced with the buyer's name for the final email. If the name of the attendee contained HTML or Markdown formatting, this was rendered as HTML i...
GHSA-2MM6-624X-FQRR pretix has Email Content Injection Through Maliciously Formatted Names
Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when name is used in an email template, it will be replaced with the buyer's name for the final email. If the name of the attendee contained HTML or Markdown formatting, this was rendered as HTML i...
EUVD-2025-199816
Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when name is used in an email template, it will be replaced with the buyer's name for the final email. If the name of the attendee contained HTML or Markdown formatting, this was rendered as HTML i...
PYSEC-2025-154
Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when name is used in an email template, it will be replaced with the buyer's name for the final email. If the name of the attendee contained HTML or Markdown formatting, this was rendered as HTML i...
PT-2025-48262
Name of the Vulnerable Software and Affected Versions pretix affected versions not specified Description The software allows the use of placeholders in email templates that are populated with customer data, such as the attendee's name. If a customer's name contains HTML or Markdown formatting, th...
Cross-Site Scripting (XSS)
nicegui is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to the framework not sanitizing HTML or JavaScript when rendering unescaped user input through ui.html, which allows an attacker to execute arbitrary JavaScript in a user’s browser...
CVE-2025-53354
NiceGUI is a Python-based UI framework. Versions 2.24.2 and below are at risk for Cross-Site Scripting XSS when developers render unescaped user input into the DOM using ui.html. NiceGUI did not enforce HTML or JavaScript sanitization, so applications that directly combine components like ui.inpu...
EUVD-2020-7229
Malware in sbrugna...
EUVD-2020-0528
Malware in sbrugna...
EUVD-2022-6468
Malicious code in bioql PyPI...
EUVD-2022-6383
Malicious code in bioql PyPI...
EUVD-2025-5079
Malicious code in bioql PyPI...
EUVD-2022-4330
Malicious code in bioql PyPI...
EUVD-2022-1096
Malicious code in bioql PyPI...
EUVD-2023-1481
Malicious code in bioql PyPI...
EUVD-2023-52362
Malicious code in bioql PyPI...