CVE-2022-23861

Multiple Stored Cross-Site Scripting vulnerabilities were discovered in Y Soft SAFEQ 6 Build 53. Multiple fields in the YSoft SafeQ web application can be used to inject malicious inputs that, due to a lack of output sanitization, result in the execution of arbitrary JS code. These fields can be...

EUVD-2021-0116

Malware in sbrugna...

EUVD-2020-28933

Malware in sbrugna...

EUVD-2020-13427

Malware in sbrugna...

EUVD-2023-48448

Malicious code in bioql PyPI...

EUVD-2022-55211

Malicious code in bioql PyPI...

CVE-2022-4979

A cross-site scripting XSS vulnerability exists in Sitecore Experience Platform XP 7.5 - 10.2 and CMS 7.2 - 7.2 Update-6 that may allow authenticated Sitecore Shell users to be tricked into executing custom JS code. Managed Cloud Standard customers who run the affected Sitecore Experience Platfor...

CVE-2024-29179

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. An attacker with admin privileges can upload an attachment containing JS code without extension and the application will render it as HTML which allows for XSS attacks...

CVE-2022-23861

Multiple Stored Cross-Site Scripting vulnerabilities were discovered in Y Soft SAFEQ 6 Build 53. Multiple fields in the YSoft SafeQ web application can be used to inject malicious inputs that, due to a lack of output sanitization, result in the execution of arbitrary JS code. These fields can be...

CVE-2022-23861

Multiple Stored Cross-Site Scripting vulnerabilities were discovered in Y Soft SAFEQ 6 Build 53. Multiple fields in the YSoft SafeQ web application can be used to inject malicious inputs that, due to a lack of output sanitization, result in the execution of arbitrary JS code. These fields can be...

CVE-2022-23861

CVE-2022-23861 affects YSoft SAFEQ 6 Build 53. The vulnerability is Multiple Stored Cross-Site Scripting (XSS) in the SafeQ web interface, caused by lack of output sanitization in multiple input fields, allowing arbitrary JavaScript execution for users accessing the web UI. Connected sources corr...

CVE-2022-23861

Multiple Stored Cross-Site Scripting vulnerabilities were discovered in Y Soft SAFEQ 6 Build 53. Multiple fields in the YSoft SafeQ web application can be used to inject malicious inputs that, due to a lack of output sanitization, result in the execution of arbitrary JS code. These fields can be...

SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits

SafeLine is a self-hosted WAFWeb Application Firewall to protect your web apps from attacks and exploits. A web application firewall helps protect web apps by filtering and monitoring HTTP traffic between a web application and the Internet. It typically protects web apps from attacks such as SQL...

Amazon Linux 2 : python-lxml (ALAS-2024-2620)

The version of python-lxml installed on the remote host is prior to 3.2.1-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2620 advisory. An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. When disabling the safeattrsonly and...

Medium: python-lxml

Issue Overview: An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. When disabling the safeattrsonly and forms arguments, the Cleaner class does not remove the formaction attribute allowing for JS to bypass the sanitizer. A remote attacker could exploit this...

Easy Table of Contents < 2.0.66 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed You should create new post with two more heading. Go to the settings of the plugin and...

Silverstripe IE requests not properly behaving with rewritehashlinks

Non IE browsers don’t appear to be affected, but I haven’t tested a wide range of browsers to be sure Requests that come through from IE do NOT appear to encode all entities in the URL string, meaning they are inserted into output content directly by SSViewer::process when rewriting hashlinks, as...

Cross-site Scripting (XSS)

phpMyFAQ is vulnerable to Cross-site Scripting XSS. The vulnerability is due to the handling of file attachments. An attacker with admin privileges can upload an attachment containing JS code without an extension, and the application will render it as HTML, leading to the execution of arbitrary...

CVE-2024-29179 phpMyFAQ Stored Cross-site Scripting at File Attachments

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. An attacker with admin privileges can upload an attachment containing JS code without extension and the application will render it as HTML which allows for XSS attacks...

CVE-2024-29179

CVE-2024-29179 concerns phpMyFAQ, an open source FAQ app. The vulnerability arises when an administrator uploads an attachment containing JavaScript code without an extension; the application then renders the attachment as HTML, enabling stored XSS. Attacks require admin privileges and leverage t...