EUVD-2026-1112

Malicious code in okta-loginpage-render npm...

Malicious code in okta-loginpage-render (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 48116f31c0b827072f94f6157837d2fcb3be3c6a9985584328216403280bd6bb The package okta-loginpage-render was found to contain malicious code. Source: ghsa-malware...

Malicious Package

Overview okta-loginpage-render is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

MAL-2025-6809 Malicious code in posa-loginpage-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 84c3125fd931daa33ae630ab312e984e99008ff68f7f1e118b3f54142026f4a5 The OpenSSF Package Analysis project identified 'posa-loginpage-plugin' @ 1.0.0 npm as malicious. It is considered malicious because: - The...

Malicious code in posa-loginpage-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 84c3125fd931daa33ae630ab312e984e99008ff68f7f1e118b3f54142026f4a5 The OpenSSF Package Analysis project identified 'posa-loginpage-plugin' @ 1.0.0 npm as malicious. It is considered malicious because: - The...

CVE-2025-43924

Cross Site Scripting vulnerability was discovered in Unicom Focal Point 7.6.1. The val parameter in SettingController for /fp/admin/settings/loginpage and the rootserviceurl parameter in FriendsController for /fp/admin/settings/friends, entered by an admin, allow stored XSS...

CVE-2024-26318

Serenity before 6.8.0 allows XSS via an email link because LoginPage.tsx permits return URLs that do not begin with a / character...

CVE-2024-26318

Serenity before 6.8.0 allows XSS via an email link because LoginPage.tsx permits return URLs that do not begin with a / character...

CVE-2024-26318

Serenity CVE-2024-26318: In Serenity up to version 6.7.x, LoginPage.tsx allows return URLs not starting with a slash, which enables Cross‑Site Scripting via phishing/email links. The issue is described across multiple sources (Serenity release notes and Red Hat/Veracode advisories) as a client-si...

onlinebackupadmin.com XSS vulnerability

Open Bug Bounty ID: OBB-655747 Description| Value ---|--- Affected Website:| onlinebackupadmin.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

artbank.go.kr XSS vulnerability

Vulnerable URL: https://www.artbank.go.kr/home/login/loginPage.do?loc=/%27%22--!%3E%20%3Cimg%20src=x%20onerror=alert%22openbugbounty%22%3Eh81 Details: Description| Value ---|--- Patched:| No Latest check for patch:| 21.11.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Ale...

nobleauthors.com XSS vulnerability

Vulnerable URL: https://www.nobleauthors.com/loginpage.php?MSG=!%22%3E%3Cmarquee%20onstart=confirm%27OPENBUGBOUNTY%27%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 02.10.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 5955048 VIP...