395 matches found
Konica Bizhub Multifunction Printers Cross-site Scripting (CVE-2025-5884)
Cross-site scripting vulnerability CWE94, CWE-79 was found in the specific input fields of the Web Connection. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid504858; scriptversion"1.2"; scriptsetattributeattribute:"pluginmodificationdate", value:"2026/02/20";...
CVE-2022-50681
A reflected cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via administration input fields in the Rich text editor component. Attackers can exploit this vulnerability to execute arbitrary scripts in users' browsers...
PT-2025-52303
Name of the Vulnerable Software and Affected Versions Kentico Xperience affected versions not specified Description A reflected cross-site scripting issue exists in Kentico Xperience. This allows attackers to inject malicious scripts through administration input fields within the Rich text editor...
PT-2025-50747
Name of the Vulnerable Software and Affected Versions Akaunting version 3.1.8 Description Akaunting version 3.1.8 is affected by a server-side template injection issue. Authenticated administrators can inject template expressions into several form input fields, including those for items, taxes,...
CVE-2025-34265
Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/rule-engines endpoint. When an authenticated user creates or updates a rule for an agent, the rule fields min, max, and unit are stored and later rendered in rule listings o...
DRUPAL-CONTRIB-2025-121
This module enables you to use the Tagify library to enhance text input fields with tag-style UI elements. The module does not sufficiently sanitize the infoLabel value under certain configurations, which can result in a cross-site scripting XSS vulnerability. This vulnerability is mitigated by t...
CVE-2025-63533
A cross-site scripting XSS vulnerability exists in the Blood Bank Management System 1.0 within the updateprofile.php and rprofile.php components. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious JavaScript...
CVE-2025-63527
A cross-site scripting XSS vulnerability exists in the Blood Bank Management System 1.0 within the updateprofile.php and hprofile.php components. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious JavaScript...
Improper Neutralization
Overview Affected versions of this package are vulnerable to Improper Neutralization of user-supplied input in several fields, including repository descriptions, project names, git commit author names, commit messages, access token names, and webhook URLs. An attacker can inject malicious ANSI...
CVE-2025-62779 Frappe Learning users were able to add HTML through input fields in the Job Form
Frappe Learning is a learning system that helps users structure their content. In Frappe Learning 2.39.1 and earlier, users were able to add HTML through input fields in the Job Form...
CVE-2025-62414
Bagisto is an open source laravel eCommerce platform. In Bagisto v2.3.7, the “Create New Customer” feature in the admin panel is vulnerable to Cross-Site Scripting XSS. An attacker with access to the admin create-customer form can inject malicious JavaScript payloads into certain input fields...
CVE-2025-59986
An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the input fields in Model Devices that, when visited by another user, enables the attacker to execute commands with the...
CVE-2025-59986 Junos Space: Input fields in Model Devices are vulnerable to reflected cross-site script injection
An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the input fields in Model Devices that, when visited by another user, enables the attacker to execute commands with the...
CVE-2025-59986
CVE-2025-59986 affects Juniper Networks Junos Space versions prior to 24.1R4. It is an input handling (XSS) vulnerability in Model Devices that lets an attacker inject script tags, which can be executed in the context of other users, including administrators. The issue arises from improper input ...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Notifications widget when processing user-supplied input in text fields such as First Name, Middle Name, Last Name, Other Reason, or the name of flagged content. An attacker can execute arbitrary web...
EUVD-2020-23987
Malware in sbrugna...
EUVD-2018-18543
Malware in sbrugna...
EUVD-2019-14927
Malware in sbrugna...
EUVD-2018-4856
Malware in sbrugna...
EUVD-2005-3546
Malware in sbrugna...