Malicious code in frontend-js-state-web (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 770e7ef9c670e6c188650363a084728f7827f49ab63d6fb9aa57f6e4cfd07dbf The package frontend-js-state-web was found to contain malicious code. Source: ghsa-malware...

MAL-2026-680 Malicious code in frontend-js-state-web (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 770e7ef9c670e6c188650363a084728f7827f49ab63d6fb9aa57f6e4cfd07dbf The package frontend-js-state-web was found to contain malicious code. Source: ghsa-malware...

CVE-2025-70958

Multiple reflected cross-site scripting XSS vulnerabilities in the installation module of Subrion CMS v4.2.1 allows attackers to execute arbitrary Javascript in the context of the user's browser via injecting a crafted payload into the dbuser, dbpwd, and dbname parameters...

CVE-2025-67477

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Special.Apisandbox/ApiSandboxLayout.Js. This issue affects MediaWiki: from before...

CVE-2025-61651

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files modules/ext.CheckUser/checkuser/checkUserHelper/buildUserElement.Js. This issue affects CheckUser: from...

CVE-2025-67484 Action API xslt option allows JavaScript execution by administrators who are not interface administrators

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiFormatXml.Php. This issue affects MediaWiki: from before 1.39.16, 1.43.6, 1.44.3, 1.45.1...

CVE-2025-67484 Action API xslt option allows JavaScript execution by administrators who are not interface administrators

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiFormatXml.Php. This issue affects MediaWiki: from before 1.39.16, 1.43.6, 1.44.3, 1.45.1...

CVE-2025-67484

MediaWiki vulnerability CVE-2025-67484 affects MediaWiki versions before 1.39.16, 1.43.6, 1.44.3, and 1.45.1. The issue is tied to the Action API xslt option, enabling JavaScript execution by administrators who are not interface administrators; the xslt option is now disabled by default and can b...

CVE-2025-67477 Stored XSS through a system message in Special:ApiSandbox

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Special.Apisandbox/ApiSandboxLayout.Js. This issue affects MediaWiki: from before...

CVE-2025-11261

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Language/mediawiki.Language.Js. This issue affects MediaWiki: from before 1.39.15,...

CVE-2025-61657

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation Vector. This vulnerability is associated with program files resources/skins.Vector.Js/stickyHeader.Js. This issue affects Vector: from before 1.43.4, 1.44.1...

GHSA-9JJM-MC56-3QXV Subrion CMS vulnerable to cross-site scripting

Multiple reflected Cross-site Scripting XSS vulnerabilities in the installation module of Subrion CMS v4.2.1 allow attackers to execute arbitrary Javascript in the context of the user's browser via injecting a crafted payload into the dbuser, dbpwd, and dbname parameters...

Subrion CMS vulnerable to cross-site scripting

Multiple reflected Cross-site Scripting XSS vulnerabilities in the installation module of Subrion CMS v4.2.1 allow attackers to execute arbitrary Javascript in the context of the user's browser via injecting a crafted payload into the dbuser, dbpwd, and dbname parameters...

EUVD-2025-206639

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Language/mediawiki.Language.Js. This issue affects MediaWiki: from before 1.39.15,...

CVE-2025-61637

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Action/mediawiki.Action.Edit.Preview.Js, resources/src/mediawiki.Page.Preview.Js...

PT-2026-5837

Name of the Vulnerable Software and Affected Versions Easy Transfer Wifi Transfer versions 1.7 for iOS Description A persistent cross-site scripting issue exists in Easy Transfer Wifi Transfer version 1.7 for iOS. Remote attackers can inject malicious scripts by manipulating the oldPath, newPath,...

CVE-2025-65923

A Stored Cross-Site Scripting XSS vulnerability was discovered within the CSV import mechanism of ERPNext thru 15.88.1 when using the Update Existing Recordsoption. An attacker can embed malicious JavaScript code into a CSV field, which is then stored in the database and executed whenever the...

Open eClass 跨站脚本漏洞

Open eClass is an e-classroom system developed by the Greek Universities Network. Versions of Open eClass prior to 4.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from stored-xpected cross-site scripting, which could lead to the execution of malicious JavaScript...

PT-2026-5800

Snipe-IT 4.7.5 contains a persistent cross-site scripting vulnerability that allows authorized users to upload malicious SVG files with embedded JavaScript. Attackers can craft SVG files with script tags to execute arbitrary JavaScript when the accessory is viewed by other users...

Open eClass 跨站脚本漏洞

Open eClass is an open-source e-classroom system developed by the Greek Universities Network. Versions of Open eClass prior to 4.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from reflective cross-site scripts, which could allow remote attackers to execute arbitrary...