CVE-2025-61788

Opencast is a free, open-source platform to support the management of educational audio and video content. Prior to Opencast 17.8 and 18.2, the paella would include and render some user inputs metadata like title, description, etc. unfiltered and unmodified. The vulnerability allows attackers to...

CVE-2025-61319

ReNgine thru 2.2.0 is vulnerable to a Stored Cross-Site Scripting XSS vulnerability in the Vulnerabilities module. When scanning a target with an XSS payload, the unsanitized payload is rendered in the ReNgine web UI, resulting in arbitrary JavaScript execution in the victim's browser. This can b...

CVE-2025-61319

CVE-2025-61319 affects ReNgine up to version 2.2.0. Affected component: Vulnerabilities module; root cause is unsanitized XSS payloads rendered in the web UI during scans, enabling arbitrary JavaScript execution in a victim’s browser. Impact can include session cookie theft, unauthorized actions,...

PT-2025-41564

Name of the Vulnerable Software and Affected Versions ReNgine versions through 2.2.0 Description ReNgine through version 2.2.0 contains a Stored Cross-Site Scripting XSS issue within the Vulnerabilities module. When a target is scanned using an XSS payload, the payload is rendered without proper...

Kiwire Captive Portal 安全漏洞

Kiwire Captive Portal is a login authentication page from Kiwire Malaysia. A security vulnerability exists in Kiwire Captive Portal, which stems from the presence of reflective cross-site scripting in the login-url parameter, which could lead to the execution of Javascript code...

CVE-2025-60880

An authenticated stored XSS vulnerability exists in the Bagisto 2.3.6 admin panel's product creation path, allowing an attacker to upload a crafted SVG file containing malicious JavaScript code. This vulnerability can be exploited by an authenticated admin user to execute arbitrary JavaScript in...

CVE-2025-60880

Bagisto 2.3.6 admin panel product creation path is affected by an authenticated stored XSS via a crafted SVG file containing JavaScript. Exploitation requires an authenticated admin and can lead to in-browser arbitrary JS execution, with potential session hijacking or data theft. Affected compone...

EUVD-2025-33567

Newforma Info Exchange NIX provides a 'Send a File Transfer' feature that allows a remote, authenticated attacker to upload SVG files that contain JavaScript or other content that may be executed or rendered by a web browser using a mobile user agent...

CVE-2025-35060

Newforma Info Exchange NIX provides a 'Send a File Transfer' feature that allows a remote, authenticated attacker to upload SVG files that contain JavaScript or other content that may be executed or rendered by a web browser using a mobile user agent...

Cross-site Scripting (XSS)

Overview pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Cross-site Scripting XSS via unsanitized parameters in the cnlblueprint.py. An attacker can execute arbitrary JavaScript code in the context of a user's...

CVE-2025-60314

Configuroweb Sistema Web de Inventario 1.0 is vulnerable to a Stored Cross-Site Scripting XSS due to the lack of input sanitization on the product name parameter Nombre:Producto allowing an authenticated attacker to inject malicious payloads and execute arbitrary JavaScript...

CVE-2025-61788 Opencast Paella Player 7 vulnerable to Cross-Site-Scripting

Opencast is a free, open-source platform to support the management of educational audio and video content. Prior to Opencast 17.8 and 18.2, the paella would include and render some user inputs metadata like title, description, etc. unfiltered and unmodified. The vulnerability allows attackers to...

Cross-site Scripting (XSS)

Overview webreinvent/vaahcms is a laravel based open-source web application development platform shipped with headless content management system. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the upload function in the MediaController.php file. An attacker can...

PT-2025-41257

Name of the Vulnerable Software and Affected Versions Configuroweb Sistema Web de Inventario version 1.0 Description The software is susceptible to a Stored Cross-Site Scripting XSS issue because of insufficient input sanitization. Specifically, the Nombre:Producto parameter lacks proper...

ROS-20251008-01

The Thunderbird email client vulnerability, Thunderbird ESR is related to insufficient authentication of the data. Exploitation of the vulnerability could allow an attacker acting remotely to affect the data integrity Vulnerability of Address Book URI fields of Thunderbird, Thunderbird ESR mail...

CVE-2025-56243

A Cross-Site Scripting XSS vulnerability was found in the register.php page of PuneethReddyHC Event Management System 1.0, where the eventid GET parameter is improperly handled. An attacker can craft a malicious URL to execute arbitrary JavaScript in the victim s browser by injecting code into th...

EUVD-2019-1768

Malware in sbrugna...

EUVD-2004-0704

Malware in sbrugna...

EUVD-2020-21411

Malware in sbrugna...

EUVD-2020-26389

Malware in sbrugna...