Cross-User Data Leakage

jsPDF is vulnerable to Cross-User Data Leakage. The vulnerability is due to use of a shared module-scoped variable in the addJS method, where JavaScript content is stored globally in the Node.js build, allowing concurrent PDF generation requests to overwrite each other’s data and cause one user’s...

CVE-2025-35060

Newforma Info Exchange NIX provides a 'Send a File Transfer' feature that allows a remote, authenticated attacker to upload SVG files that contain JavaScript or other content that may be executed or rendered by a web browser using a mobile user agent...

CVE-2025-61999

OPEXUS FOIAXpress before 11.13.3.0 allows an administrative user to upload JavaScript or other content embedded in an SVG image used as a logo. Injected content is executed in the context of other users when they view affected pages. Successful exploitation allows the administrative user to perfo...

EUVD-2023-42164

Malicious code in bioql PyPI...

EUVD-2023-52497

Malicious code in bioql PyPI...

EUVD-2023-52669

Malicious code in bioql PyPI...

EUVD-2023-52502

Malicious code in bioql PyPI...

EUVD-2024-23409

Malicious code in bioql PyPI...

EUVD-2023-52587

Malicious code in bioql PyPI...

EUVD-2024-52256

Malicious code in bioql PyPI...

EUVD-2022-7259

Malicious code in bioql PyPI...

EUVD-2023-52545

Malicious code in bioql PyPI...

CVE-2025-46857

Adobe Experience Manager versions 6.5.22 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. If a low privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the...

CVE-2022-43984

Browsershot version 3.57.3 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate that the JS content imported from an external source passed to the Browsershot::html method does not contain URLs that use the file:// protoc...

CVE-2022-25344

An XSS issue was discovered on Olivetti d-COLOR MF3555 2XDS000.002.271 devices. The Web Application doesn't properly check parameters, sent in a /dvcset/sysset/set.cgi POST request via the arg01.Hostname field, before saving them on the server. In addition, the JavaScript malicious content is the...

FreeBSD : Mozilla -- javescript content execution (9c37a02e-2e85-11f0-a989-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 9c37a02e-2e85-11f0-a989-b42e991fc52e advisory. [email protected] reports: A process isolation vulnerability in Thunderbird stemmed from improper...

CVE-2025-46654

CodiMD through 2.2.0 has a CSP-based protection mechanism against XSS through uploaded JavaScript content, but it can be bypassed by uploading a .html file that references an uploaded .js file...

CVE-2024-54047

Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. If an unauthenticated attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the...

CVE-2024-41848 Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79)

Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browse...

CVE-2023-48536

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting DOM-based XSS vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the...