2167 matches found
PT-2025-49130
WEBIGniter 28.7.23 contains a cross-site scripting vulnerability in the user creation process that allows unauthenticated attackers to execute malicious JavaScript code, enabling potential XSS attacks...
IDI Eikon Governalia 跨站脚本漏洞
IDI Eikon Governalia is an e-government and smart city software platform from the Spanish company IDI Eikon. A cross-site scripting vulnerability exists in IDI Eikon Governalia, which stems from reflective cross-site scripting and could lead to the execution of malicious JavaScript code...
Calibre-Web 安全漏洞
Calibre-Web is a web application for browsing, reading and downloading eBooks from the Calibre database by Jan B Individual Developer. A security vulnerability exists in Calibre-Web version v0.6.25, which stems from malicious JavaScript not being filtered in the username field during user creatio...
xCally Omnichannel 跨站脚本漏洞
xCally Omnichannel is an integrated communication platform from the Italian company xCally. A cross-site scripting vulnerability exists in xCally Omnichannel version v3.30.1, which stems from reflective cross-site scripting and could lead to an attacker executing malicious JavaScript code...
MAL-2025-176459 Malicious code in nokire-nakaoci5 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 426157b02f97f1d5957632904c226e5fe63f26142f598d4ed5a9774b439b429f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in affffffri-zidan-tea (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a9d14193e8a77540c4c9d680e3738718b18a4c5f1de8ff0a3fb2c4c1f74e0c95 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-169499 Malicious code in uaragifa-afaoti-urufuayo (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e2eb94caa02d906f44003c219f716a9a826bcdd4d59e71b4da5f5a540622f744 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-166101 Malicious code in slamet-poke8 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6b7497b7b4731adf26ab8d4297fdf4727fa5e9b73808ea3319fb904d609f9069 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in angin-poke16 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5e803dae050f6543c61d95578329eb90f5cac60d91eef7f266cda58cd5d75e4f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in yuda-22 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e26aabb3e3087ae5a34ef6ffd05e4026dc57877acb000abc94f3f966cc077da This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in manusia-taval-maoi (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3e3bfd160d979715643f628611af86c89d98544be09f726cb59e9cdf33a6b1c0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-163446 Malicious code in nokire-sekiya56 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b6636885b62af8607b7af8cbcaab82f74fa16ad66da52b4abffc764143d6e70a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-150477 Malicious code in @miptaa02/adahfe (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 874e315be2cb8bb04dcb743e2890cc3c8a10df79795ab5a1e2907dc8afaea4af This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-154186 Malicious code in dajouka-sdfaa-sd3a (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f0a552e53938ad63a678351df56846b27fc4e8795edf89a7c9d2d968c93c3440 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-119988
The a+HRD and a+HCM developed by aEnrich has a Stored Cross-Site Scripting vulnerability, allowing authenticated remote attackers to upload files containing malicious JavaScript code, which will execute on the client side when a user is tricked into visiting a specific URL...
CVE-2025-12872 aEnrich|eHRD - Stored Cross-Site Scripting
The a+HRD and a+HCM developed by aEnrich has a Stored Cross-Site Scripting vulnerability, allowing authenticated remote attackers to upload files containing malicious JavaScript code, which will execute on the client side when a user is tricked into visiting a specific URL...
CVE-2025-12872 aEnrich|eHRD - Stored Cross-Site Scripting
The a+HRD and a+HCM developed by aEnrich has a Stored Cross-Site Scripting vulnerability, allowing authenticated remote attackers to upload files containing malicious JavaScript code, which will execute on the client side when a user is tricked into visiting a specific URL...
CVE-2025-12872
The CVE-2025-12872 entry describes aStored Cross‑Site Scripting vulnerability in aEnrich’s a+HRD and a+HCM (Red Hat/other linked advisories confirm these products). The vulnerability arises from stored XSS where an authenticated remote attacker can upload files containing malicious JavaScript cod...
Malicious code in vuetify-postcss-loader-mongodb-less (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c1901883a12e5906a3aa40a43f8816c93e38fefb894c40b8271a376d5bb6d12d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-143876 Malicious code in javascript-await-upgrade-venus (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 14592802e63f3973ef3ffea2ec15e4d1dd4b08a23406db7faf7b24ee39c3e473 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...