436 matches found
EUVD-2022-39171
Malicious code in bioql PyPI...
EUVD-2023-37716
Malicious code in bioql PyPI...
EUVD-2025-12437
Malicious code in bioql PyPI...
EUVD-2023-50246
Malicious code in bioql PyPI...
EUVD-2022-4020
Malicious code in bioql PyPI...
EUVD-2025-25138
Malicious code in bioql PyPI...
EUVD-2022-44710
Malicious code in bioql PyPI...
EUVD-2023-41090
Malicious code in bioql PyPI...
EUVD-2022-39731
Malicious code in bioql PyPI...
EUVD-2022-39191
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2017-7886
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Dolibarr ERP/CRM 4.0.4 has SQL Injection in doli/theme/eldy/style.css.php via the lang parameter. CVE-2017-7886 Note that Nessus relies on the presence of the...
PT-2025-33543 · WordPress · Gtranslate +1
Name of the Vulnerable Software and Affected Versions: gTranslate versions prior to 1.0 Description: The Translate This gTranslate Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the base lang parameter due to insufficient input sanitization and output escaping. Th...
Linux Distros Unpatched Vulnerability : CVE-2024-29374
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Cross-Site Scripting XSS vulnerability exists in the way MOODLE 3.10.9 handles user input within the GET /?lang= URL parameter. CVE-2024-29374 Note that Nessu...
Cross-site Scripting (XSS)
Overview shopxo/shopxo is an e-commerce system. Affected versions of this package are vulnerable to Cross-site Scripting XSS via multiple pages when handling the lang or systemtype arguments. An attacker can inject and execute arbitrary scripts in the context of a user's browser by supplying...
ShopXO 代码注入漏洞
ShopXO is an open source enterprise-level open source e-commerce system from ShopXO. Code injection vulnerability exists in ShopXO 6.5.0 and previous versions, the vulnerability stems from improper operation of the parameter lang/systemtype in the file header.html, which may lead to cross-site...
CVE-2024-3519
The Media Library Assistant plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the lang parameter in all versions up to, and including, 3.15 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...
CVE-2023-39617
TOTOLINK X5000RV9.1.0cu.2089B20211224 and X5000RV9.1.0cu.2350B20230313 were discovered to contain a remote code execution RCE vulnerability via the lang parameter in the setLanguageCfg function...
CVE-2023-33559
A local file inclusion vulnerability via the lang parameter in OcoMon before v4.0.1 allows attackers to execute arbitrary code by supplying a crafted PHP file...
CVE-2022-41517
TOTOLINK NR1800X V9.1.0u.6279B20210910 was discovered to contain a stack overflow in the lang parameter in the setLanguageCfg function...
CVE-2022-36482
TOTOLINK N350RT V9.3.5u.6139B20201216 was discovered to contain a command injection vulnerability via the lang parameter in the function setLanguageCfg...