CVE-2024-58291 Flatboard 3.2 Authenticated Stored Cross-Site Scripting via Forum Information Field

Flatboard 3.2 contains a stored cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts in forum information fields. Attackers can insert JavaScript payloads that execute when other users view the forum, potentially stealing session cookies and...

CVE-2024-58291

Flatboard 3.2 is affected by an authenticated stored XSS via the forum information field. The vulnerability allows an authenticated administrator to inject malicious scripts that execute when other users view the forum, potentially stealing session cookies and running client-side scripts. A publi...

Flatboard 跨站脚本漏洞

Flatboard is an open source file forum system by Flatboard. A cross-site scripting vulnerability exists in Flatboard version 3.2, which stems from the presence of stored cross-site scripting in the forum information field that could lead to the execution of client-side scripts...

EUVD-2002-0278

Malware in sbrugna...

EUVD-2021-25043

Malware in sbrugna...

EUVD-2023-34527

Malicious code in bioql PyPI...

EUVD-2025-25310

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2021-38603

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PluXML 5.8.7 allows core/admin/profil.php stored XSS via the Information field. CVE-2021-38603 Note that Nessus relies on the presence of the package as reporte...

CVE-2025-51990

XWiki through version 17.3.0 is affected by multiple stored Cross-Site Scripting XSS vulnerabilities in the Administration interface, specifically under the Presentation section of the Global Preferences panel. An authenticated administrator can inject arbitrary JavaScript payloads into the HTTP...

Linux Distros Unpatched Vulnerability : CVE-2020-10755

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An insecure-credentials flaw was found in all openstack-cinder versions before openstack-cinder 14.1.0, all openstack-cinder 15.x.x versions before...

CVE-2021-38603

PluXML 5.8.7 allows core/admin/profil.php stored XSS via the Information field...

CVE-2020-9264

ESET Archive Support Module before 1296 allows virus-detection bypass via a crafted Compression Information Field in a ZIP archive. This affects versions before 1294 of Smart Security Premium, Internet Security, NOD32 Antivirus, Cyber Security Pro macOS, Cyber Security macOS, Mobile Security for...

Cross site scripting

A stored cross-site scripting XSS vulnerability in TotalJS messenger commit b6cf1c9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the user information field...

TotalJS messenger 跨站脚本漏洞

TotalJS messenger is a Node.js open source Slack alternative to the Total.js Platform open source. A cross-site scripting vulnerability exists in TotalJS Messenger version b6cf1c9, which can be exploited by an attacker to execute arbitrary web script or HTML via a crafted payload injected into a...

SUSE CVE-2010-3089

Multiple cross-site scripting XSS vulnerabilities in GNU Mailman before 2.1.14rc1 allow remote authenticated users to inject arbitrary web script or HTML via vectors involving 1 the list information field or 2 the list description field...

CVE-2021-38603

PluXML 5.8.7 allows core/admin/profil.php stored XSS via the Information field...

CVE-2021-38603

PluXML 5.8.7 allows core/admin/profil.php stored XSS via the Information field...

Cross site scripting

PluXML 5.8.7 allows core/admin/profil.php stored XSS via the Information field...

CVE-2021-38603

PluXML 5.8.7 allows core/admin/profil.php stored XSS via the Information field...

CVE-2021-38603

CVE-2021-38603 affects PluXML 5.8.7. The stored XSS vulnerability is in core/admin/profil.php via the Information field (parameter ID: id_content per public exploit). Underlying issue: stored cross-site scripting that could allow an attacker to inject arbitrary script when data is stored in Infor...