66 matches found
EUVD-2016-6885
Malware in sbrugna...
EUVD-2017-10350
Malware in sbrugna...
EUVD-2017-10565
Malware in sbrugna...
EUVD-2017-10767
Malware in sbrugna...
EUVD-2025-8230
Malicious code in bioql PyPI...
EUVD-2024-43570
Malicious code in bioql PyPI...
EUVD-2025-8216
Malicious code in bioql PyPI...
EUVD-2023-39061
Malicious code in bioql PyPI...
CVE-2023-28529
IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:...
PT-2025-18319 · Xwiki · Xwiki Contrib'S Syntax Markdown
Name of the Vulnerable Software and Affected Versions: XWiki Contrib's Syntax Markdown versions 8.2 through 8.8 Description: The issue allows any user to embed Javascript code using Markdown syntax, which can be executed on the browser of other users visiting the document or comment containing it...
CVE-2025-2986 IBM Maximo Asset Management cross-site scripting
IBM Maximo Asset Management 7.6.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...
CVE-2022-43850 IBM Aspera Console cross-site scripting
IBM Aspera Console 3.4.0 through 3.4.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...
PT-2025-14520 · Ibm · Ibm Txseries For Multiplatforms
Name of the Vulnerable Software and Affected Versions: IBM TXSeries for Multiplatforms versions 9.1 through 11.1 Description: The issue allows an authenticated user to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials...
CVE-2025-27609
Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. A vulnerability in versions prior to 2.11.5 and 2.12.13 allows an attacker to craft a request that, once transmitted to a victim's Icinga Web, allows to embed arbitrary Javascript into it and to act on...
CVE-2025-27609
Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. A vulnerability in versions prior to 2.11.5 and 2.12.13 allows an attacker to craft a request that, once transmitted to a victim's Icinga Web, allows to embed arbitrary Javascript into it and to act on...
CVE-2025-27406
Icinga Reporting is the central component for reporting related functionality in the monitoring web frontend and framework Icinga Web 2. A vulnerability present in versions 0.10.0 through 1.0.2 allows to set up a template that allows to embed arbitrary Javascript. This enables the attacker to act...
CVE-2025-27609
Icinga Web 2 contains a reflected XSS vulnerability (CVE-2025-27609) in versions prior to 2.11.5 and 2.12.13, allowing an attacker to craft a request that injects JavaScript and acts on behalf of the user. OpenSUSE SUSE and other feeds document ongoing fixes; migration paths include upgrading to ...
CVE-2025-27406 Icinga Reporting Stored XSS leads to SSRF
Icinga Reporting is the central component for reporting related functionality in the monitoring web frontend and framework Icinga Web 2. A vulnerability present in versions 0.10.0 through 1.0.2 allows to set up a template that allows to embed arbitrary Javascript. This enables the attacker to act...
CVE-2025-27406 Icinga Reporting Stored XSS leads to SSRF
Icinga Reporting is the central component for reporting related functionality in the monitoring web frontend and framework Icinga Web 2. A vulnerability present in versions 0.10.0 through 1.0.2 allows to set up a template that allows to embed arbitrary Javascript. This enables the attacker to act...
CVE-2025-27404
Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. A vulnerability in versions prior to 2.11.5 and 2.12.13 allows an attacker to craft a URL that, once visited by any user, allows to embed arbitrary Javascript into Icinga Web and to act on behalf of tha...