CVE-2021-25987

Hexo versions 0.0.1 to 5.4.0 are vulnerable against stored XSS. The post “body” and “tags” don’t sanitize malicious javascript during web page generation. Local unprivileged attacker can inject arbitrary code...

CVE-2018-16514

A cross-site scripting XSS vulnerability in the View Filters page viewfilterspage.php and Edit Filter page managefiltereditpage.php in MantisBT 2.1.0 through 2.17.0 allows remote attackers to inject arbitrary code if CSP settings permit it through a crafted PATHINFO. NOTE: this vulnerability exis...

CVE-2018-17782

A cross-site scripting XSS vulnerability in the Manage Filters page managefilterpage.php in MantisBT 2.1.0 through 2.17.1 allows remote attackers if access rights permit it to inject arbitrary code if CSP settings permit it through a crafted project name...

CVE-2018-17904

Reliance 4 SCADA/HMI, Version 4.7.3 Update 3 and prior. This vulnerability could allow an unauthorized attacker to inject arbitrary code...

Bundler: Insecure installation

Background Bundler provides a consistent environment for Ruby projects by tracking and installing the exact gems and versions that are needed. Description Bundler, allows the installation of gems from different sources with the same names, when multiple top-level gem sources are used. Impact Remo...

CVE-2003-1227

PHP remote file include vulnerability in index.php for Gallery 1.4 and 1.4-pl1, when running on Windows or in Configuration mode on Unix, allows remote attackers to inject arbitrary PHP code via a URL in the GALLERYBASEDIR parameter, a different vulnerability than CVE-2002-1412. NOTE: this issue...