XWiki Platform - Cross-Site Scripting

XWiki Platform versions = 4.2-milestone-3 and = 16.5.0-rc-1 and = 17.0.0-rc-1 and = 4.2-milestone-3 and = 16.5.0-rc-1 and = 17.0.0-rc-1 and 17.3.0-rc-1 are vulnerable to reflected XSS in two templates. The vulnerability allows an attacker to execute malicious JavaScript code in the context of the...

CVE-2026-39322

PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, POST /api/v1/auth/sign-in creates a valid session for banned accounts before verifying the supplied password. That session is then accepted across authenticated /api routes, enabling account data access and...

PT-2026-30983

PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, POST /api/v1/auth/sign-in creates a valid session for banned accounts before verifying the supplied password. That session is then accepted across authenticated /api routes, enabling account data access and...

CVE-2026-28485

OpenClaw versions 2026.1.5 prior to 2026.2.12 fail to enforce mandatory authentication on the /agent/act browser-control HTTP route, allowing unauthorized local callers to invoke privileged operations. Remote attackers on the local network or local processes can execute arbitrary browser-context...

EUVD-2026-9930

OpenClaw versions 2026.1.5 prior to 2026.2.12 fail to enforce mandatory authentication on the /agent/act browser-control HTTP route, allowing unauthorized local callers to invoke privileged operations. Remote attackers on the local network or local processes can execute arbitrary browser-context...

PT-2026-5662

An unauthenticated remote attacker is able to use an existing session id of a logged in user and gain full access to the device if configuration via ethernet is enabled...

MiracleLinux 3 : firefox-3.6.4-8.0.1.AXS3 (AXSA:2010-370:04)

The remote MiracleLinux 3 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2010-370:04 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. Security issues fixed with this releas...

EUVD-2025-203875

Cross-site request forgery vulnerability exists in GROWI v7.3.3 and earlier. If a user views a malicious page while logged in, the user may be tricked to do unintended operations...

phppgadmin contains an incorrect access control vulnerability

phpPgAdmin 7.13.0 and earlier contains an incorrect access control vulnerability in sql.php at lines 68-76. The application allows unauthorized manipulation of session variables by accepting user-controlled parameters 'subject', 'server', 'database', 'queryid' without proper validation or access...

PT-2025-45159

Name of the Vulnerable Software and Affected Versions SelfBest platform version 2023.3 Description A DOM-based Cross-Site Scripting XSS issue exists in the SelfBest platform. This allows attackers to execute arbitrary JavaScript within a logged-in user's session. The attack vector involves...

EUVD-2021-1354

Malware in sbrugna...

CVE-2025-56432

A cross-site scripting XSS vulnerability exists in Nagios XI 2024R2. The vulnerability allows remote attackers to execute arbitrary JavaScript in the context of a logged-in user's session via a specially crafted URL. The issue resides in a web component responsible for rendering performance-relat...

CVE-2025-56432

A cross-site scripting XSS vulnerability exists in Nagios XI 2024R2. The vulnerability allows remote attackers to execute arbitrary JavaScript in the context of a logged-in user's session via a specially crafted URL. The issue resides in a web component responsible for rendering performance-relat...

CVE-2025-56432

A cross-site scripting XSS vulnerability exists in Nagios XI 2024R2. The vulnerability allows remote attackers to execute arbitrary JavaScript in the context of a logged-in user's session via a specially crafted URL. The issue resides in a web component responsible for rendering performance-relat...

CVE-2025-56432

CVE-2025-56432 affects Nagios XI 2024R2. A cross-site scripting (XSS) vulnerability exists in a web component that renders performance-related data, allowing remote attackers to run arbitrary JavaScript in the context of a logged-in user via a specially crafted URL. The PT-2025-34786 entry confir...

CVE-2025-56432

A cross-site scripting XSS vulnerability exists in Nagios XI 2024R2. The vulnerability allows remote attackers to execute arbitrary JavaScript in the context of a logged-in user's session via a specially crafted URL. The issue resides in a web component responsible for rendering performance-relat...

CVE-2008-5915

An unspecified function in the JavaScript implementation in Google Chrome creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an "in-session phishing...

PT-2025-3159

Name of the Vulnerable Software and Affected Versions Xerox Workplace Suite affected versions not specified Description The issue concerns the storage of tokens in session storage, which may expose them to potential access if a user's session is compromised. A patch for this issue will be include...

RHEL 4 : seamonkey (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 4 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - mozilla: in-session phishing attack CVE-2008-5913 Note that Nessus has not tested for this issue but has instead...

PT-2024-40172 · Unknown · Simplesamlphp

Name of the Vulnerable Software and Affected Versions: SimpleSAMLphp versions 1.16.x up to 1.16.2 Description: The issue arises from the storage of credentials obtained for authentication in the state array, which can be persisted to the user's session and stored in permanent storage. This occurs...