27 matches found
CVE-2025-10503
The authentication endpoint accepts user-supplied input without enforcing expected validation constraints, leading to a lack of proper output encoding. This allows for the injection of malicious JavaScript payloads, enabling reflected cross-site scripting. An attacker can leverage this...
CVE-2024-10242 Reflected Cross-Site Scripting via Authentication Endpoint in WSO2 API Manager Allows UI Modification and Redirection
The authentication endpoint fails to adequately validate user-supplied input before reflecting it back in the response. This allows an attacker to inject malicious script payloads into the input parameters, which are then executed by the victim's browser. Successful exploitation can enable an...
EUVD-2023-32633
Malicious code in bioql PyPI...
EUVD-2023-32627
Malicious code in bioql PyPI...
EUVD-2023-32630
Malicious code in bioql PyPI...
EUVD-2023-32631
Malicious code in bioql PyPI...
Tesla Model S 安全漏洞
Tesla Model S is an automobile from the American company Tesla Tesla. A security vulnerability exists in Tesla Model S. The vulnerability stems from a process allowing modification of the interface, which could lead to a network sandbox bypass...
CVE-2025-31476
tarteaucitron.js is a compliant and accessible cookie banner. A vulnerability was identified in tarteaucitron.js, allowing a user with high privileges access to the site's source code or a CMS plugin to enter a URL containing an insecure scheme such as javascript:alert. Before the fix, URL...
tarteaucitron.js allows url scheme injection via unfiltered inputs
A vulnerability was identified in tarteaucitron.js, allowing a user with high privileges access to the site's source code or a CMS plugin to enter a URL containing an insecure scheme such as javascript:alert. Before the fix, URL validation was insufficient, which could allow arbitrary JavaScript...
GHSA-P5G4-V748-6FH8 tarteaucitron.js allows url scheme injection via unfiltered inputs
A vulnerability was identified in tarteaucitron.js, allowing a user with high privileges access to the site's source code or a CMS plugin to enter a URL containing an insecure scheme such as javascript:alert. Before the fix, URL validation was insufficient, which could allow arbitrary JavaScript...
CVE-2025-31476 tarteaucitron.js allows url scheme injection via unfiltered inputs
tarteaucitron.js is a compliant and accessible cookie banner. A vulnerability was identified in tarteaucitron.js, allowing a user with high privileges access to the site's source code or a CMS plugin to enter a URL containing an insecure scheme such as javascript:alert. Before the fix, URL...
CVE-2025-31476 tarteaucitron.js allows url scheme injection via unfiltered inputs
tarteaucitron.js is a compliant and accessible cookie banner. A vulnerability was identified in tarteaucitron.js, allowing a user with high privileges access to the site's source code or a CMS plugin to enter a URL containing an insecure scheme such as javascript:alert. Before the fix, URL...
CVE-2025-31476
Summary: CVE-2025-31476 affects tarteaucitron.js. A vulnerability caused by insufficient URL validation allowed a user with high privileges to insert URLs with insecure schemes (e.g., javascript:alert()) that could lead to arbitrary JavaScript execution when a link is clicked. The issue enables e...
Authentication flaw
Affected devices do not properly validate the authentication when performing certain modifications in the web interface allowing an authenticated attacker to influence the user interface configured by an administrator...
PT-2023-6994 · Siemens · Scalance M812-1 +15
Name of the Vulnerable Software and Affected Versions: RUGGEDCOM RM1224 LTE4G EU versions V7.2.2 RUGGEDCOM RM1224 LTE4G NAM versions V7.2.2 SCALANCE M804PB versions V7.2.2 SCALANCE M812-1 ADSL-Router versions V7.2.2 SCALANCE M816-1 ADSL-Router versions V7.2.2 SCALANCE M826-2 SHDSL-Router versions...
CVE-2023-29022
A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. Additionally, a malicious user could potentially cause...
Cross site scripting
A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. Additionally, a malicious user could potentially cause...
CVE-2023-29022 Rockwell Automation ArmorStart ST Vulnerable to Cross-Site Scripting Attack
A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. Additionally, a malicious user could potentially cause...
CVE-2023-29028 Rockwell Automation ArmorStart ST Vulnerable to Cross-Site Scripting Attack
A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. Additionally, a malicious user could potentially cause...
CVE-2023-29027 Rockwell Automation ArmorStart ST Vulnerable to Cross-Site Scripting Attack
A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. Additionally, a malicious user could potentially cause...