225 matches found
EUVD-2023-58665
Malicious code in bioql PyPI...
EUVD-2023-53528
Malicious code in bioql PyPI...
EUVD-2024-32419
Malicious code in bioql PyPI...
EUVD-2024-22947
Malicious code in bioql PyPI...
EUVD-2023-58672
Malicious code in bioql PyPI...
EUVD-2023-58666
Malicious code in bioql PyPI...
EUVD-2024-53565
Malicious code in bioql PyPI...
EUVD-2022-15824
Malicious code in bioql PyPI...
EUVD-2023-58662
Malicious code in bioql PyPI...
EUVD-2023-58664
Malicious code in bioql PyPI...
EUVD-2023-58670
Malicious code in bioql PyPI...
CVE-2025-56154
htmly v3.0.8 is vulnerable to Cross Site Scripting XSS in the /author/:name endpoint of the affected application. The name parameter is not properly sanitized before being reflected in the HTML response, allowing attackers to inject arbitrary JavaScript payloads...
CVE-2025-56154
htmly v3.0.8 is vulnerable to Cross Site Scripting XSS in the /author/:name endpoint of the affected application. The name parameter is not properly sanitized before being reflected in the HTML response, allowing attackers to inject arbitrary JavaScript payloads...
CVE-2025-52203
A stored cross-site scripting XSS vulnerability exists in DevaslanPHP project-management v1.2.4. The vulnerability resides in the Ticket Name field, which fails to properly sanitize user-supplied input. An authenticated attacker can inject malicious JavaScript payloads into this field, which are...
CVE-2025-52203
Summary: CVE-2025-52203 affects DevaslanPHP project-management v1.2.4 with a stored XSS in the Ticket Name field. An authenticated attacker can inject JavaScript, which is stored in the database and executes in a user’s browser context when they log in and are redirected to the Dashboard. The iss...
CVE-2025-53487
The CVE describes a stored XSS in the MediaWiki ApprovedRevs extension. Affected versions are 1.39.x before 1.39.13, 1.42.x before 1.42.7, and 1.43.x before 1.43.2. The vulnerability arises from inserting system messages into raw HTML without proper escaping, enabling JavaScript payloads via the ...
CVE-2025-53487 ApprovedRevs: Stored Cross-Site Scripting (XSS) via unsanitized system messages
The ApprovedRevs extension for MediaWiki is vulnerable to stored XSS in multiple locations where system messages are inserted into raw HTML without proper escaping. Attackers can exploit this by injecting JavaScript payloads via the uselang=x-xss language override, which causes crafted message ke...
PT-2025-28178 · Unknown +1 · Approvedrevs Extension +1
Name of the Vulnerable Software and Affected Versions: ApprovedRevs extension for MediaWiki versions 1.39.X through 1.39.12 ApprovedRevs extension for MediaWiki versions 1.42.X through 1.42.6 ApprovedRevs extension for MediaWiki versions 1.43.X through 1.43.1 Description: The issue is related to...
MainWP: Reflected XSS in "Client Notes" Field
A reflected Cross-Site Scripting XSS vulnerability was discovered in the "Notes" functionality under the Edit Client section. User input in the notes input field was not properly sanitized or encoded, allowing malicious JavaScript payloads to be reflected back in the application's HTML response...
MainWP: Stored Cross-Site Scripting (XSS) in "Add Contact" Name Field – MainWP Plugin
A stored cross-site scripting XSS vulnerability was discovered in the MainWP WordPress plugin. The vulnerability was found in the "Add Contact" Contact Name field, where user input was not properly sanitized before rendering it back into the DOM. As a result, an attacker could inject malicious...