UBUNTU-CVE-2025-71240

SPIP before 4.2.15 allows Cross-Site Scripting XSS via crafted content in HTML code tags. The application does not properly verify JavaScript within code tags, allowing an attacker to inject malicious scripts that execute in a victim's browser...

EUVD-2003-0279

Malware in sbrugna...

EUVD-2017-17591

Malware in sbrugna...

EUVD-2009-2316

Malware in sbrugna...

EUVD-2024-2920

Malicious code in bioql PyPI...

CVE-2021-34994

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Commvault CommCell 11.22.22. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the DataProvider...

CVE-2020-26308

CVE-2020-26308 affects Validate.js (versions ≤ 0.13.1). The vulnerability stems from one or more regular expressions that can cause Regular Expression Denial of Service (ReDoS). The connected documents consistently describe ReDoS and note that, as of publication, no patches are available. No expl...

validate.js 安全漏洞

validate.js is a declarative validation library written in javascript by the individual developer Nicklas Ansman. A security vulnerability exists in validate.js that stems from the presence of a regular expression denial of service vulnerability...

Sylius has potential Cross Site Scripting vulnerability via the "Province" field in the Checkout and Address Book

Impact There is a possibility to save XSS code in province field in the Checkout and Address Book and then execute it on these pages. The problem occurs when you open the address step page in the checkout or edit the address in the address book. This only affects the base UI Shop provided by...

Answer Cross-Site Scripting Vulnerability (CNVD-2023-31162)

Answer is an open source knowledge-based community software. You can quickly use it to build Q&A communities for your products, customers, teams and more. Answer has a cross-site scripting vulnerability in versions prior to 1.0.6. The vulnerability stems from the fact that when answering added ne...

SUSE CVE-2010-1213

The importScripts Web Worker method in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not verify that content is valid JavaScript code, which allows remote attackers to bypass the Same Origin Polic...

CVE-2022-35923 Inefficient Regular Expression Complexity in v8n

v8n is a javascript validation library. Versions of v8n prior to 1.5.1 were found to have an inefficient regular expression complexity in the lowercase and uppercase regex which could lead to a denial of service attack. In testing of the lowercase function a payload of 'a' + 'a'.repeati + 'A' wit...

v8n 安全漏洞

v8n is a JavaScript validation library by the individual developer Bruno C. Couto. A security vulnerability exists in versions of v8n prior to 1.5.1, which stems from the fact that the low complexity of its lowercase and uppercase regular expressions may lead to denial-of-service attacks...

Cross-site Scripting (XSS) - Stored in erudika/scoold

Description The Schold is a Q&A/knowledge base platform written in Java. When writing a Q&A, you can use the markdown editor. So I tried to exploit the syntax to try an XSS attack. It seemed to validate javascript: on the backend. So I couldn't use it. However, according to RFC3986, the scheme ca...

Inflection: Malicious callback url can be set while creating application in identity

Researcher found that while creating any application in identity, you are required to provide callback url. If you provide a malicious callback url then javascript will stop you from submitting form. But their is no server side validation and we can use an application proxy to bypass the javascri...

Clientside Validation - Critical - Arbitary PHP Execution - DRUPAL-SA-CONTRIB-2017-072

The Clientside Validation module enables you to have clientside Javascript validation on your forms. The module does not sufficiently validate parameters of a POST request made when validating a CAPTCHA. For the 1.x version of this module, this vulnerability is mitigated by the fact that the...

Microsoft Edge elevation of privilege vulnerability (CNVD-2017-23796)

Microsoft Windows 10 is a set of next-generation cross-platform operating systems released by Microsoft Corporation in the U.S. It is available for PCs and laptops, tablets, and cell phones, among other devices.Microsoft Edge is one of the default browsers that comes with the system. An elevation...

CVE-2017-8642

Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to elevate privileges due to the way that Microsoft Edge validates JavaScript under specific conditions, aka "Microsoft Edge Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8503...

CVE-2017-8642

Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to elevate privileges due to the way that Microsoft Edge validates JavaScript under specific conditions, aka "Microsoft Edge Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8503...

Mattermost 3.5.0 / 3.5.1 Cross Site Scripting

RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Mattermost Vendor URL: www.mattermost.org Type: Cross-site Scripting CWE-79 Date found: 02/12/2016 Date published: 16/01/2017 CVSSv3 Score: 4.7 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N...