102 matches found
CVE-2025-41384 Reflected Cross-Site Scripting (XSS) in SuiteCRM
Cross-Site Scripting XSS vulnerability reflected in SuiteCRM v7.14.1. This vulnerability allows an attacker to execute JavaScript code by modifying the HTTP Referer header to include an arbitrary domain with malicious JavaScript code at the end. The server will attempt to block the arbitrary doma...
EUVD-2020-26518
Malware in sbrugna...
EUVD-2018-10101
Malware in sbrugna...
EUVD-2025-14891
Malicious code in bioql PyPI...
EUVD-2025-22862
Malicious code in bioql PyPI...
EUVD-2022-39953
Malicious code in bioql PyPI...
EUVD-2024-27671
Malicious code in bioql PyPI...
EUVD-2025-6977
Malicious code in bioql PyPI...
EUVD-2021-29895
Malicious code in bioql PyPI...
CVE-2025-27388 Arbitrary URL Loading in WebView Leading to Token Leakage Risk
Loading arbitrary external URLs through WebView components introduces malicious JS code that can steal arbitrary user tokens...
CVE-2025-32430
CVE-2025-32430 – XWiki Platform Reflected XSS . Affected: XWiki Platform versions 4.2-milestone-3 through 16.4.7, 16.5.0-rc-1 through 16.10.5, and 17.0.0-rc-1 through 17.2.2. Issue: two templates contain reflected XSS allowing attacker-controlled URLs to execute JavaScript in the victim’s session...
CVE-2025-45892
OpenCart version 4.1.0.4 is vulnerable to a Stored Cross-Site Scripting XSS attack via the blog editor. The vulnerability arises because input in the blog's editor is not properly sanitized or escaped before being rendered. This allows attackers to inject malicious JavaScript code...
CVE-2025-45892
OpenCart version 4.1.0.4 is vulnerable to a Stored Cross-Site Scripting XSS attack via the blog editor. The vulnerability arises because input in the blog's editor is not properly sanitized or escaped before being rendered. This allows attackers to inject malicious JavaScript code...
CVE-2025-49185
The web application is susceptible to cross-site-scripting attacks. An attacker who can create new dashboard widgets can inject malicious JavaScript code into the Transform Function which will be executed when the widget receives data from its data source...
CVE-2025-32466
A SQL injection vulnerability in RSMediaGallery! component 1.7.4 - 2.1.7 for Joomla was discovered. The issue occurs within the dashboard component, where user-supplied input is not properly sanitized before being stored and rendered. An attacker can inject malicious JavaScript code into text...
CVE-2025-32466 Extension - rsjoomla.com - SQL injection vulnerability in RSMediaGallery! component 1.7.4 - 2.1.7 for Joomla
A SQL injection vulnerability in RSMediaGallery! component 1.7.4 - 2.1.7 for Joomla was discovered. The issue occurs within the dashboard component, where user-supplied input is not properly sanitized before being stored and rendered. An attacker can inject malicious JavaScript code into text...
CVE-2024-48120
X2CRM v8.5 is vulnerable to a stored Cross-Site Scripting XSS in the "Opportunities" module. An attacker can inject malicious JavaScript code into the "Name" field when creating a list...
CVE-2023-36390
A vulnerability has been identified in RUGGEDCOM ROX MX5000 All versions V2.16.0, RUGGEDCOM ROX MX5000RE All versions V2.16.0, RUGGEDCOM ROX RX1400 All versions V2.16.0, RUGGEDCOM ROX RX1500 All versions V2.16.0, RUGGEDCOM ROX RX1501 All versions V2.16.0, RUGGEDCOM ROX RX1510 All versions V2.16.0...
CVE-2023-45394
Stored Cross-Site Scripting XSS vulnerability in the Company field in the "Request a Quote" Section of Small CRM v3.0 allows an attacker to store and execute malicious javascript code in the Admin panel which leads to Admin account takeover...
CVE-2023-6568
A reflected Cross-Site Scripting XSS vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the Content-Type header in POST requests. An attacker can inject malicious JavaScript code into the Content-Type header, which is then improperly reflected back to the us...