CVE-2025-61319

CVE-2025-61319 affects ReNgine up to version 2.2.0. Affected component: Vulnerabilities module; root cause is unsanitized XSS payloads rendered in the web UI during scans, enabling arbitrary JavaScript execution in a victim’s browser. Impact can include session cookie theft, unauthorized actions,...

CVE-2025-60880

An authenticated stored XSS vulnerability exists in the Bagisto 2.3.6 admin panel's product creation path, allowing an attacker to upload a crafted SVG file containing malicious JavaScript code. This vulnerability can be exploited by an authenticated admin user to execute arbitrary JavaScript in...

EUVD-2025-33567

Newforma Info Exchange NIX provides a 'Send a File Transfer' feature that allows a remote, authenticated attacker to upload SVG files that contain JavaScript or other content that may be executed or rendered by a web browser using a mobile user agent...

CVE-2025-35060

Newforma Info Exchange NIX provides a 'Send a File Transfer' feature that allows a remote, authenticated attacker to upload SVG files that contain JavaScript or other content that may be executed or rendered by a web browser using a mobile user agent...

Cross-site Scripting (XSS)

Overview pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Cross-site Scripting XSS via unsanitized parameters in the cnlblueprint.py. An attacker can execute arbitrary JavaScript code in the context of a user's...

CVE-2025-60314

Configuroweb Sistema Web de Inventario 1.0 is vulnerable to a Stored Cross-Site Scripting XSS due to the lack of input sanitization on the product name parameter Nombre:Producto allowing an authenticated attacker to inject malicious payloads and execute arbitrary JavaScript...

CVE-2025-61788 Opencast Paella Player 7 vulnerable to Cross-Site-Scripting

Opencast is a free, open-source platform to support the management of educational audio and video content. Prior to Opencast 17.8 and 18.2, the paella would include and render some user inputs metadata like title, description, etc. unfiltered and unmodified. The vulnerability allows attackers to...

Cross-site Scripting (XSS)

Overview webreinvent/vaahcms is a laravel based open-source web application development platform shipped with headless content management system. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the upload function in the MediaController.php file. An attacker can...

ROS-20251008-01

The Thunderbird email client vulnerability, Thunderbird ESR is related to insufficient authentication of the data. Exploitation of the vulnerability could allow an attacker acting remotely to affect the data integrity Vulnerability of Address Book URI fields of Thunderbird, Thunderbird ESR mail...

PT-2025-41257

Name of the Vulnerable Software and Affected Versions Configuroweb Sistema Web de Inventario version 1.0 Description The software is susceptible to a Stored Cross-Site Scripting XSS issue because of insufficient input sanitization. Specifically, the Nombre:Producto parameter lacks proper...

CVE-2025-56243

A Cross-Site Scripting XSS vulnerability was found in the register.php page of PuneethReddyHC Event Management System 1.0, where the eventid GET parameter is improperly handled. An attacker can craft a malicious URL to execute arbitrary JavaScript in the victim s browser by injecting code into th...

EUVD-2018-5293

Malware in sbrugna...

EUVD-2021-11125

Malware in sbrugna...

EUVD-2017-7550

Malware in sbrugna...

EUVD-2017-16814

Malware in sbrugna...

EUVD-2017-16809

Malware in sbrugna...

EUVD-2018-9624

Malware in sbrugna...

EUVD-2021-15297

Malware in sbrugna...

EUVD-1999-0731

Malware in sbrugna...

EUVD-2020-6230

Malware in sbrugna...