PT-2025-51309

Name of the Vulnerable Software and Affected Versions Blackcat CMS version 1.4 Description Blackcat CMS version 1.4 has a stored cross-site scripting issue. Authenticated users can inject malicious scripts into page content. Attackers can insert JavaScript payloads in the page modification...

EUVD-2024-55328

SPA-CART CMS 1.9.0.3 contains a stored cross-site scripting vulnerability in the product description parameter that allows authenticated administrators to inject malicious scripts. Attackers can submit JavaScript payloads through the 'descr' parameter in the product edit form to execute arbitrary...

PT-2025-50745

Name of the Vulnerable Software and Affected Versions Flatboard version 3.2 Description An authenticated administrator can inject malicious scripts in forum information fields, leading to a stored cross-site scripting issue. Attackers can insert JavaScript payloads that execute when other users...

CVE-2025-63534

A cross-site scripting XSS vulnerability exists in the Blood Bank Management System 1.0 within the login.php component. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious JavaScript payloads into the msg and...

PT-2025-48456

A cross-site scripting XSS vulnerability exists in the Blood Bank Management System within the abs.php component. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious JavaScript payloads into the msg parameter,...

CVE-2025-66258

Stored Cross-Site Scripting via XML Injection in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Stored XSS via crafted filenames injected into patchlist.xml. User-controlled filenames a...

Cross-site Scripting

Liferay Portal is vulnerable to Cross-Site Scripting. The vulnerability is due to the Calendar events feature failing to escape or validate HTML in the First Name, Middle Name, and Last Name text fields, and attackers can exploit this by submitting crafted payloads into those fields to execute...

CVE-2025-42901

SAP Application Server for ABAP allows an authenticated attacker to store malicious JavaScript payloads which could be executed in victim user's browser when accessing the affected functionality of BAPI explorer. This has low impact on confidentiality and integrity with no impact on availability ...

CVE-2025-42901 Code Injection vulnerability in SAP Application Server for ABAP (BAPI Browser)

SAP Application Server for ABAP allows an authenticated attacker to store malicious JavaScript payloads which could be executed in victim user's browser when accessing the affected functionality of BAPI explorer. This has low impact on confidentiality and integrity with no impact on availability ...

XSS-Payloads-to-Bypass-WAFs

PoC exploit for XSS payloads to bypass WAFs, specifically target...

GHSA-CJJF-27CC-PVMV pyLoad CNL and captcha handlers allow Code Injection via unsanitized parameters

Summary pyLoad web interface contained insufficient input validation in both the Captcha script endpoint and the Click'N'Load CNL Blueprint. This flaw allowed untrusted user input to be processed unsafely, which could be exploited by an attacker to inject arbitrary content into the web UI or...

EUVD-2021-11333

Malware in sbrugna...

EUVD-2021-11357

Malware in sbrugna...

EUVD-2023-58664

Malicious code in bioql PyPI...

EUVD-2023-58667

Malicious code in bioql PyPI...

EUVD-2022-15824

Malicious code in bioql PyPI...

EUVD-2025-22998

Malicious code in bioql PyPI...

EUVD-2023-58659

Malicious code in bioql PyPI...

EUVD-2024-22947

Malicious code in bioql PyPI...

EUVD-2023-58665

Malicious code in bioql PyPI...