EUVD-2023-33809

Malicious code in bioql PyPI...

EUVD-2021-29710

Malicious code in bioql PyPI...

EUVD-2024-35964

Malicious code in bioql PyPI...

GE Reason S20 Ethernet Switch Improper Neutralization of Input During Web Page Generation (CVE-2020-16246)

The affected Reason S20 Ethernet Switch is vulnerable to cross-site scripting XSS, which may allow attackers to trick users into following a link or navigating to a page that posts a malicious JavaScript statement to the vulnerable site, causing the malicious JavaScript to be rendered by the site...

PT-2025-40256

Name of the Vulnerable Software and Affected Versions Fiora chat application versions 1.0.0 through 1.0.0 Description The Fiora chat application has a file upload issue related to the user avatar upload functionality. The application does not properly validate SVG file content. This allows...

CVE-2025-4760

An authenticated stored cross-site scripting XSS vulnerability exists in multiple WSO2 products due to improper validation of user-supplied input during API document upload in the Publisher portal. A user with publisher privileges can upload a crafted API document containing malicious JavaScript,...

CVE-2025-4760 Authenticated Stored Cross-Site Scripting (XSS) in Multiple WSO2 Products via API Document Upload in Publisher

An authenticated stored cross-site scripting XSS vulnerability exists in multiple WSO2 products due to improper validation of user-supplied input during API document upload in the Publisher portal. A user with publisher privileges can upload a crafted API document containing malicious JavaScript,...

CVE-2025-55887

Cross-Site Scripting XSS vulnerability was discovered in the meal reservation service ARD. The vulnerability exists in the transactionID GET parameter on the transaction confirmation page. Due to improper input validation and output encoding, an attacker can inject malicious JavaScript code that ...

CVE-2025-55888

Cross-Site Scripting XSS vulnerability was discovered in the Ajax transaction manager endpoint of ARD. An attacker can intercept the Ajax response and inject malicious JavaScript into the accountName field. This input is not properly sanitized or encoded when rendered, allowing script execution i...

PT-2025-37939

Name of the Vulnerable Software and Affected Versions: PPC 2K15X Router affected versions not specified Description: The router is susceptible to a reflected Cross-Site Scripting XSS attack due to improper input validation of Common Gateway Interface CGI parameters at its web management portal. A...

Cross-Site Scripting (XSS)

Bootstrap is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper handling of the data-loading-text attribute in the button plugin, which allows an attacker to inject and execute malicious JavaScript when the button’s loading state is triggered...

Cross-site Scripting (XSS)

Overview streamlit-shortcuts is a Streamlit keyboard shortcuts for your buttons. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the addshortcuts function which fails to properly escape special characters when injecting JavaScript code into the DOM. Details...

Cross-site Scripting (XSS)

Liferay Portal is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper input validation due to failure to sanitize user-supplied input in the googlegadget component, allowing remote attackers to inject malicious JavaScript...

CVE-2025-57425

A Stored Cross-Site Scripting XSS vulnerability in SourceCodester FAQ Management System 1.0 allows an authenticated attacker to inject malicious JavaScript into the 'question' and 'answer' fields via the update-faq.php endpoint...

PT-2025-35097

Name of the Vulnerable Software and Affected Versions: FormCms version 0.5.5 Description: FormCms version 0.5.5 contains a stored cross-site scripting XSS vulnerability in the avatar upload feature. Authenticated users can upload .html files containing malicious JavaScript, which are accessible v...

CVE-2025-6183

The StrongDM macOS client is affected by CVE-2025-6183 due to how it processes JSON-formatted messages, allowing an attacker to potentially modify macOS system configuration by crafting a malicious JSON payload. Documents confirm the affected product (StrongDM macOS client) and the underlying cau...

PT-2025-34128 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.22 and earlier Description: Adobe Experience Manager versions 6.5.22 and earlier are susceptible to a stored Cross-Site Scripting XSS issue. A low-privileged attacker can exploit this to inject malicious...

PT-2025-34120 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.22 and earlier Description: Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability. A low privileged attacker could exploit this issue to inje...

Liferay Portal和Liferay DXP 跨站脚本漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...

CVE-2025-27388

Loading arbitrary external URLs through WebView components introduces malicious JS code that can steal arbitrary user tokens...