EUVD-2017-7865

Malware in sbrugna...

EUVD-2017-7869

Malware in sbrugna...

EUVD-2022-29709

Malicious code in bioql PyPI...

PT-2025-20804 · Sap Se · Sap Data Services Management Console

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: The issue concerns insufficient encoding of user-controlled inputs, allowing an attacker to inject malicious script. When a targeted victim, who is already logged in, clicks on a compromised...

CVE-2024-45280 Cross-Site Scripting (XSS) Vulnerability in SAP NetWeaver AS Java (Logon Application)

Due to insufficient encoding of user-controlled inputs, SAP NetWeaver AS Java allows malicious scripts to be executed in the login application. This has a limited impact on confidentiality and integrity of the application. There is no impact on availability...

CVE-2024-23890

A vulnerability has been reported in Cups Easy Purchase & Inventory, version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting XSS vulnerability via /cupseasylive/itempopup.php, in the description parameter. Exploitation of this vulnerability...

Cross site scripting

A vulnerability has been reported in Cups Easy Purchase & Inventory, version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting XSS vulnerability via /cupseasylive/grnprint.php, in the grnno parameter. Exploitation of this vulnerability could all...

CVE-2024-23865 Cross-Site Scripting (XSS) vulnerability in Cups Easy

A vulnerability has been reported in Cups Easy Purchase & Inventory, version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting XSS vulnerability via /cupseasylive/taxstructurelist.php, in the description parameter. Exploitation of this...

YouPHPTube<= 7.8 - Multiple Vulnerabilities

Exploit Title: YouPHPTube getLanguage; if !empty$GET'lang' $GET'lang' = striptags$GET'lang'; $SESSION'language' = $GET'lang'; @includeonce "$global'systemRootPath'locale/$SESSION'language'.php"; The parameter "lang" can be modified and load a ph...

CVE-2023-0021

Due to insufficient encoding of user input, SAP NetWeaver - versions 700, 701, 702, 731, 740, 750, allows an unauthenticated attacker to inject code that may expose sensitive data like user ID and password, which could lead to reflected Cross-Site scripting. These endpoints are normally exposed...

Cross site scripting

Due to insufficient encoding of user input, SAP NetWeaver - versions 700, 701, 702, 731, 740, 750, allows an unauthenticated attacker to inject code that may expose sensitive data like user ID and password, which could lead to reflected Cross-Site scripting. These endpoints are normally exposed...

PT-2023-20650 · Sap · Sap Content Server

Name of the Vulnerable Software and Affected Versions: SAP Content Server version 7.53 Description: The issue results from insufficient encoding of user-controlled inputs, leading to a Cross-Site Scripting XSS vulnerability. After successful exploitation, an attacker can read and modify some...

PT-2022-22696 · Sap · Sap Enable Now

Name of the Vulnerable Software and Affected Versions: SAP Enable Now affected versions not specified Description: The issue arises from insufficient encoding of user-controlled inputs over the network, which are then placed in the output served to other users. This leads to a Stored Cross-Site...

CVE-2022-35224

SAP Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. This attack can be used to non-permanently deface or modify portal content. The execution of script content by a...

CVE-2022-22534

Due to insufficient encoding of user input, SAP NetWeaver allows an unauthenticated attacker to inject code that may expose sensitive data like user ID and password. These endpoints are normally exposed over the network and successful exploitation can partially impact confidentiality of the...

CentOS 6 : spice-gtk (RHSA-2020:0471)

The remote CentOS Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:0471 advisory. - Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A malicious server could cause the...

spice-gtk security and bug fix update

libgovirt 0.3.4-2 - Parse XML nodes automatically Related: rhbz1427467 - Set detailed error message for async call Related: rhbz1427467 spice-gtk 0.35-4 - Fix bad channel-reset on usbredir Resolves: rhbz1625550 0.35-3 - Fix insufficient encoding checks for LZ Resolves: rhbz1598652 spice-vdagent...

Denial Of Service (DoS)

spice-client is vulnerable to denial of service DoS. The vulnerability exists as there is insufficient encoding checks for LZ can cause different integer/buffer overflows...

CVE-2018-6076

CVE-2018-6076 affects Google Chrome (Blink) where URL fragment identifiers were not encoded correctly, enabling a remote attacker to trigger a DOM-based XSS via a crafted HTML page. Concrete details in connected records place the vulnerable component in Blink/Chrome prior to version 65.0.3325.146...

Cross site scripting

Cross-Site scripting XSS in SAP Business Warehouse Universal Data Integration, from 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, due to insufficient encoding of user controlled inputs...