CVE-2025-42620

The CVE-2025-42620 issue affects Vulnerability-Lookup prior to 2.18.0. The root cause is unsafe handling of user-controlled content in comments and bundles: the backend’s related_vulnerabilities field accepts unvalidated strings, while the frontend converts Markdown to HTML and injects it into th...

CVE-2025-63883

A DOM-based cross-site scripting vulnerability exists in electic-shop v1.0 Bhabishya-123/E-commerce. The site's client-side JavaScript reads attacker-controlled input for example, values derived from the URL or page fragment and inserts it into the DOM via unsafe sinks...

CVE-2025-63785

A DOM-based Cross-Site Scripting XSS vulnerability exists in the text editor feature of the Onlook web application 0.2.32. This vulnerability occurs because user-supplied input is not properly sanitized before being directly injected into the DOM via innerHTML when editing a text element. An...

EUVD-2025-38263

A DOM-based Cross-Site Scripting XSS vulnerability exists in the text editor feature of the Onlook web application 0.2.32. This vulnerability occurs because user-supplied input is not properly sanitized before being directly injected into the DOM via innerHTML when editing a text element. An...

CVE-2025-63785

CVE-2025-63785 affects the Onlook web application (version 0.2.32) in its text editor feature. The root cause is unsafe handling of user input: input is not sanitized before being injected into the DOM via innerHTML when editing a text element, enabling a DOM-based XSS attack. Exploitation would ...

PT-2025-45527

Name of the Vulnerable Software and Affected Versions Open WebUI versions 0.6.34 and below Description Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. A stored DOM XSS issue exists in the functionality that inserts custom prompts into the chat...

CVE-2025-63785

A DOM-based Cross-Site Scripting XSS vulnerability exists in the text editor feature of the Onlook web application 0.2.32. This vulnerability occurs because user-supplied input is not properly sanitized before being directly injected into the DOM via innerHTML when editing a text element. An...

GHSA-G955-VW6W-V6PP Citizen vulnerable to stored XSS in sticky header button messages

Summary The JS implementation for copying button labels to the sticky header in the Citizen skin unescapes HTML characters, allowing for stored XSS through system messages. Details In the copyButtonAttributes function in stickyHeader.js, when copying the button labels, the innerHTML of the new...

CVE-2025-62508 Citizen vulnerable to stored XSS in sticky header button messages

Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. Citizen from 3.3.0 to 3.9.0 are vulnerable to stored cross-site scripting in the sticky header button message handling. In stickyHeader.js the copyButtonAttributes function assigns innerHTML from a source element’s...

EUVD-2012-2570

Malware in sbrugna...

EUVD-2020-0615

Malware in sbrugna...

EUVD-2010-1256

Malware in sbrugna...

EUVD-2024-26188

Malicious code in bioql PyPI...

EUVD-2025-28574

Malicious code in bioql PyPI...

EUVD-2025-29217

Malicious code in bioql PyPI...

EUVD-2025-27502

Malicious code in bioql PyPI...

EUVD-2024-54618

Malicious code in bioql PyPI...

EUVD-2025-15174

Malicious code in bioql PyPI...

CVE-2025-60249

CVE-2025-60249 affects vulnerability-lookup 2.16.0 and enables XSS via Bundles, Comments, and Sightings components (bundle.py, comment.py, user.py). The root cause is unsafe handling of user-supplied input, with untrusted data rendered in templates/tables due to innerHTML usage and insufficient v...

PT-2025-39430

Name of the Vulnerable Software and Affected Versions vulnerability-lookup version 2.16.0 Description A cross-site scripting XSS issue exists in the handling of user-supplied input within the Bundles, Comments, and Sightings components of the software. Untrusted data was not properly sanitized...