40 matches found
MAL-2026-4575 Malicious code in happy-dlscord.js (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2d183bf51c0f2be0102a7a7aeeda661f895e3b075f183d76d5f0f77c09c70860 The package name 'happy-dlscord.js' is a one-character edit of the top-tier npm package 'discord.js' and ships a near-verbatim fork of the upstream...
CVE-2025-13902
CWE-79 Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists that could cause condition where authenticated attackers can have a victim’s browser run arbitrary JavaScript when the victim hovers over a maliciously crafted element on a web server...
EUVD-2025-208500
CWE-79 Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists that could cause condition where authenticated attackers can have a victim’s browser run arbitrary JavaScript when the victim hovers over a maliciously crafted element on a web server...
CVE-2025-13902
CVE-2025-13902 describes a Cross-site Scripting (CWE-79) vulnerability that can allow an authenticated attacker to cause a victim’s browser to execute arbitrary JavaScript when the victim visits a page containing a crafted element with the injected payload. The CVSS score is 5.1 (Medium) with NET...
CVE-2025-13902
CWE-79 Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists that could cause condition where authenticated attackers can have a victim’s browser run arbitrary JavaScript when the victim hovers over a maliciously crafted element on a web server...
CVE-2024-41453
A cross-site scripting XSS vulnerability in Process Maker pm4core-docker 4.1.21-RC7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter...
CVE-2022-27348
Social Codia SMS v1 was discovered to contain a stored cross-site scripting XSS vulnerability via addpost.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Post Title text field...
Malicious code in geomorphology-materialize-perturbation-accretion (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f950d80fddbff7c9f345af602935a4448041c71c6e3aa0a96f263a4b8a2207f1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-22731
Malicious code in bioql PyPI...
EUVD-2023-37903
Malicious code in bioql PyPI...
EUVD-2022-43352
Malicious code in bioql PyPI...
EUVD-2023-52909
Malicious code in bioql PyPI...
EUVD-2022-6650
Malicious code in bioql PyPI...
EUVD-2025-3068
Malicious code in bioql PyPI...
CVE-2023-33829
A stored cross-site scripting XSS vulnerability in Cloudogu GmbH SCM Manager v1.2 to v1.60 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description text field...
CVE-2022-44959
webtareas 2.4p5 was discovered to contain a cross-site scripting XSS vulnerability in the component /meetings/listmeetings.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field...
PT-2025-19900 · Wiesemann&Theis · Erp-Gateway 12X Digital Input +19
Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: A remote attacker with low privileges can execute arbitrary web scripts or HTML through a crafted payload injected into several fields of the configuration webpage, resulting in limited...
CVE-2024-46605
A cross-site scripting XSS vulnerability in the component /admin.php?page=album of Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description field...
CVE-2024-42831
A reflected cross-site scripting XSS vulnerability in Elaine's Realtime CRM Automation v6.18.17 allows attackers to execute arbitrary JavaScript code in the web browser of a user via injecting a crafted payload into the dialog parameter at wrapperdialog.php...
CVE-2024-36773
CVE-2024-36773 is a cross-site scripting (XSS) vulnerability in Monstra CMS v3.0.4 . The weakness allows an attacker to inject and execute arbitrary web scripts or HTML via a crafted payload in the Themes parameter at index.php . The NVD/CVE record notes a medium severity (CVSS v3.1: 4.8) with ne...