195 matches found
CVE-2024-45510
An issue was discovered in Zimbra Collaboration ZCS through 10.0. Zimbra Webmail Modern UI is vulnerable to a stored Cross-Site Scripting XSS attack due to improper sanitization of user input. This allows an attacker to inject malicious code into specific fields of an e-mail message. When the...
CVE-2024-37392
A stored Cross-Site Scripting XSS vulnerability has been identified in SMSEagle software version 6.0. The vulnerability arises because the application did not properly sanitize user input in the SMS messages in the inbox. This could allow an attacker to inject malicious JavaScript code into an SM...
CVE-2024-20540
A vulnerability in the web-based management interface of Cisco Unified Contact Center Management Portal Unified CCMP could allow an authenticated, remote attacker with low privileges to conduct a stored cross-site scripting XSS attack against a user of the interface. This vulnerability exists...
CVE-2023-25719
ConnectWise Control before 22.9.10032 formerly known as ScreenConnect fails to validate user-supplied parameters such as the Bin/ConnectWiseControl.Client.exe h parameter. This results in reflected data and injection of malicious code into a downloaded executable. The executable can be used to...
CVE-2023-23372
A cross-site scripting XSS vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to inject malicious code via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2425 build 20230609 a...
CVE-2022-21830
A blind self XSS vulnerability exists in RocketChat LiveChat...
CVE-2021-39496
Eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker to inject malicious code into filename param to trigger Reflected XSS...
CVE-2019-17560
The "Apache NetBeans" autoupdate system does not validate SSL certificates and hostnames for https based downloads. This allows an attacker to intercept downloads of autoupdates and modify the download, potentially injecting malicious code. “Apache NetBeans" versions up to and including 11.2 are...
Cisco Identity Services Stored Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the...
CVE-2025-45885
PHPGURUKUL Vehicle Parking Management System v1.13 is vulnerable to SQL injection in the /vpms/users/login.php file. Attackers can inject malicious code from the parameter 'emailcont' and use it directly in SQL queries...
PT-2025-17115 · WordPress · Wp-Hijri
Name of the Vulnerable Software and Affected Versions: WP-Hijri versions 1.5.3 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS. This enables potential attackers to inject...
GestioIP 3.5.7 - Stored Cross-Site Scripting (Stored XSS)
Exploit Title: GestioIP 3.5.7 - GestioIP Vulnerability: Auth. Stored Cross-Site Scripting Exploit Author: m4xth0r Maximiliano Belino Author website: https://maxibelino.github.io/ Author email: max.cybersecurity at belino.com GitHub disclosure link:...
CVE-2025-20120
A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager EPNM and Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface on an affected device. This...
CVE-2025-20120
CVE-2025-20120 describes a stored cross-site scripting (XSS) vulnerability in the web-based management interfaces of Cisco’s EPNM and Prime Infrastructure. The root cause is insufficient validation of user-supplied input in the interface, allowing an unauthenticated, remote attacker to inject mal...
CVE-2025-2864 Reflected Cross-Site Scripting (XSS) vulnerability in saTECH BCU
SaTECH BCU in its firmware version 2.1.3 allows an attacker to inject malicious code into the legitimate website owning the affected device, once the cookie is set. This attack only impacts the victim's browser reflected XSS...
CVE-2025-2864 Reflected Cross-Site Scripting (XSS) vulnerability in saTECH BCU
SaTECH BCU in its firmware version 2.1.3 allows an attacker to inject malicious code into the legitimate website owning the affected device, once the cookie is set. This attack only impacts the victim's browser reflected XSS...
New 'Rules File Backdoor' Attack Lets Hackers Inject Malicious Code via AI Code Editors
Cybersecurity researchers have disclosed details of a new supply chain attack vector dubbed Rules File Backdoor that affects artificial intelligence AI-powered code editors like GitHub Copilot and Cursor, causing them to inject malicious code. "This technique enables hackers to silently compromis...
CVE-2024-8402
An issue was discovered in GitLab EE affecting all versions starting from 17.2 before 17.7.7, all versions starting from 17.8 before 17.8.5, all versions starting from 17.9 before 17.9.2. An input validation issue in the Google Cloud IAM integration feature could have enabled a Maintainer to...
CVE-2024-56336
A vulnerability has been identified in SINAMICS S200 All versions with serial number beginning with SZVS8, SZVS9, SZVS0 or SZVSN and the FS number is 02. The affected device contains an unlocked bootloader. This security oversight enables attackers to inject malicious code, or install untrusted...
CVE-2024-56336
A vulnerability has been identified in SINAMICS S200 All versions with serial number beginning with SZVS8, SZVS9, SZVS0 or SZVSN and the FS number is 02. The affected device contains an unlocked bootloader. This security oversight enables attackers to inject malicious code, or install untrusted...