205 matches found
EUVD-2022-44021
Malicious code in bioql PyPI...
EUVD-2022-33145
Malicious code in bioql PyPI...
EUVD-2024-41547
Malicious code in bioql PyPI...
CVE-2025-50869
A stored Cross-Site Scripting XSS vulnerability exists in the qureydetails.php page of Institute-of-Current-Students 1.0, where the input fields for Query and Answer do not properly sanitize user input. Authenticated users can inject arbitrary JavaScript code...
CVE-2025-50869
CVE-2025-50869 is a stored XSS vulnerability in Institute-of-Current-Students 1.0, located in the qureydetails.php page. The input fields for Query and Answer are not properly sanitized, allowing authenticated users to inject arbitrary JavaScript code. Public documentation in connected sources co...
PT-2025-31193 · Unknown · Human Resource Management System
Name of the Vulnerable Software and Affected Versions: Human Resource Management System version 1.0 Description: Reflected Cross-Site Scripting XSS exists in Human Resource Management System version 1.0. This issue could allow an attacker to execute JavaScript code in the victim's browser by...
PT-2025-28470 · Ibm · Ibm Sterling File Gateway +1
Name of the Vulnerable Software and Affected Versions: IBM Sterling B2B Integrator versions 6.0.0.0 through 6.1.2.6 IBM Sterling B2B Integrator versions 6.2.0.0 through 6.2.0.4 IBM Sterling File Gateway versions 6.0.0.0 through 6.1.2.6 IBM Sterling File Gateway versions 6.2.0.0 through 6.2.0.4...
PT-2025-26168 · Ibm · Ibm Sterling File Gateway +1
Name of the Vulnerable Software and Affected Versions: IBM Sterling B2B Integrator and IBM Sterling File Gateway versions 6.0.0.0 through 6.1.2.6 IBM Sterling B2B Integrator and IBM Sterling File Gateway versions 6.2.0.0 through 6.2.0.4 Description: The issue allows an authenticated user to embed...
TencentOS Server 3: nodejs:18 (TSSA-2023:0256)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0256 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...
PT-2025-24501 · Unknown · Cloudclassroom-Php Project
Name of the Vulnerable Software and Affected Versions: CloudClassroom PHP Project affected versions not specified Description: A Cross-Site Scripting XSS issue exists in the CloudClassroom PHP Project, specifically in the askquery.php file, via the eid parameter. This allows remote attackers to...
CVE-2024-40114
A Cross Site Scripting XSS vulnerability in Sitecom WLX-2006 Wall Mount Range Extender N300 v1.5 and before allows an attacker to manipulate the language cookie to inject malicious JavaScript code...
CVE-2025-48875 FreeScout Vulnerable to Stored XSS
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.181, the system's incorrect validation of lastname and firstname during profile data updates allows for the injection of arbitrary JavaScript code, which will be executed in a flesh-message when the data is deleted...
CVE-2025-48875
CVE-2025-48875 affects FreeScout prior to version 1.8.181, where incorrect validation of last_name and first_name during profile data updates enables injection of arbitrary JavaScript. The attacker could trigger XSS when the affected data is deleted (described as a flesh-message in some sources)....
CVE-2024-47117
IBM Carbon Design System Carbon Charts 0.4.0 through 1.13.16 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a...
CVE-2024-32733
Due to missing input validation and output encoding of untrusted data, SAP NetWeaver Application Server ABAP and ABAP Platform allows an unauthenticated attacker to inject malicious JavaScript code into the dynamically crafted web page. On successful exploitation the attacker can access or modify...
CVE-2024-28797
IBM InfoSphere Information Server 11.7 is vulnerable stored to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:...
CVE-2024-28796
IBM ClearQuest CQ 9.1 through 9.1.0.6 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:...
CVE-2024-24812
Frappe is a full-stack web application framework that uses Python and MariaDB on the server side and a tightly integrated client side library. Prior to versions 14.59.0 and 15.5.0, portal pages are susceptible to Cross-Site Scripting XSS which can be used to inject malicious JS code if user click...
CVE-2023-22868
IBM Aspera Faspex 4.4.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 244117...
CVE-2023-33255
An issue was discovered in Papaya Viewer 1.0.1449. User-supplied input in form of DICOM or NIFTI images can be loaded into the Papaya web application without any kind of sanitization. This allows injection of arbitrary JavaScript code into image metadata, which is executed when that metadata is...