EUVD-2025-28882

Malicious code in bioql PyPI...

VulnCheck KEV: CVE-2023-27008

A Cross-site scripting XSS vulnerability in the function encryptpassword in login.tmpl.php in ATutor 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the token parameter...

CVE-2025-9728

A security vulnerability has been detected in givanz Vvveb 1.0.7.2. This affects an unknown part of the file app/template/user/login.tpl. Such manipulation of the argument Email/Password leads to cross site scripting. The attack can be executed remotely. The name of the patch is...

CVE-2025-9728

A security vulnerability has been detected in givanz Vvveb 1.0.7.2. This affects an unknown part of the file app/template/user/login.tpl. Such manipulation of the argument Email/Password leads to cross site scripting. The attack can be executed remotely. The name of the patch is...

CVE-2025-9728 givanz Vvveb login.tpl cross site scripting

A security vulnerability has been detected in givanz Vvveb 1.0.7.2. This affects an unknown part of the file app/template/user/login.tpl. Such manipulation of the argument Email/Password leads to cross site scripting. The attack can be executed remotely. The name of the patch is...

CVE-2025-9728

CVE-2025-9728 affects givanz Vvveb 1.0.7.2, with a reflected XSS in the login.tpl form (app/template/user/login.tpl) through manipulation of Email/Password fields. The vulnerability can be exploited remotely; PoCs and an exploit exist (GitHub), and a patch is available: bbd4c42c66ab81814224034817...

PT-2025-35409

Name of the Vulnerable Software and Affected Versions: givanz Vvveb version 1.0.7.2 Description: A security vulnerability exists in givanz Vvveb 1.0.7.2, affecting an unknown part of the app/template/user/login.tpl file. Manipulation of the Email/Password argument can lead to cross-site scripting...

Vvveb 安全漏洞

Vvveb is a powerful and easy-to-use CMS from Givan Individual Developers for building websites, blogs or e-commerce stores. A security vulnerability exists in Vvveb version 1.0.7.2, which stems from cross-site scripting due to incorrect manipulation of the parameters Email/Password in the file...

Cross-site Scripting (XSS)

Overview panel is a The powerful data exploration & web app framework for Python. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to missing HTML escaping in authentication templates. The errormessage variable in the basiclogin.html template and the error/errormsg...

PT-2024-5297 · Openiam · Openam

Name of the Vulnerable Software and Affected Versions: OpenAM versions 15.0.3 and prior Description: The issue is related to the getCustomLoginUrlTemplate method in RealmOAuth2ProviderSettings.java, which is vulnerable to template injection due to its usage of user input. This vulnerability allow...

PT-2023-20892 · Atutor · Atutor

Name of the Vulnerable Software and Affected Versions: ATutor version 2.2.1 Description: A Cross-site scripting XSS issue exists in the encrypt password function in login.tmpl.php, allowing remote attackers to inject arbitrary web script or HTML via the token parameter. Recommendations: For ATuto...

FrameworkUserBundle 安全漏洞

FrameworkUserBundle is a framework bundle of Sumo Coders open source . Used to manage dynamic shared libraries and their related resources. A security vulnerability exists in FrameworkUserBundle versions prior to 1.4.0, which stems from some unknown functionality in the file...

Design/Logic Flaw

Foris before 101.1.1, as used in Turris OS, lacks certain HTML escaping in the login template...

CVE-2021-3346

Foris before 101.1.1, as used in Turris OS, lacks certain HTML escaping in the login template...

CVE-2021-3346

CVE-2021-3346 affects Foris before 101.1.1 as used in Turris OS, where the login template lacks certain HTML escaping. The consequence is a potential vulnerability due to insufficient input escaping in the login flow. The provided documents do not include explicit exploitation details, affected v...

Foris Security Vulnerabilities

Turris Foris is a netconf and nuci based device routing application from the Czech organization Turris that can be managed via a web interface. A security vulnerability exists in Foris before 101.1.1 due to the lack of certain HTML escapes in the login template...

DEBIAN-CVE-2013-4453

Cross-site scripting XSS vulnerability in templates/login.php in LDAP Account Manager LAM 4.3 and 4.2.1 allows remote attackers to inject arbitrary web script or HTML via the language parameter...

CVE-2009-4885

Cross-site scripting XSS vulnerability in templates/1/login.php in phpCommunity 2 2.1.8 allows remote attackers to inject arbitrary web script or HTML via the msg parameter...

CVE-2003-0402

The default login template /vgn/login in Vignette StoryServer 5 and Vignette V/5 generates different responses whether a user exists or not, which allows remote attackers to identify valid usernames via brute force attacks...

CVE-2003-0402

The default login template /vgn/login in Vignette StoryServer 5 and Vignette V/5 generates different responses whether a user exists or not, which allows remote attackers to identify valid usernames via brute force attacks...