15 matches found
EUVD-2023-48448
Malicious code in bioql PyPI...
PT-2025-9042 · Syspass · Syspass
Name of the Vulnerable Software and Affected Versions: SysPass versions 3.2.x Description: A host header injection vulnerability in SysPass allows an attacker to load malicious JS files from an arbitrary domain, which would be executed in the victim's browser. Recommendations: For SysPass version...
CVE-2025-25477
A host header injection vulnerability in SysPass 3.2x allows an attacker to load malicious JS files from an arbitrary domain which would be executed in the victim's browser...
North Korean Hackers Moonstone Sleet Push Malicious JS Packages to npm Registry
The North Korea-linked threat actor known as Moonstone Sleet has continued to push malicious npm packages to the JavaScript package registry with the aim of infecting Windows systems, underscoring the persistent nature of their campaigns. The packages in question, harthat-api and harthat-hash, we...
iFrame < 4.9 - Contributor+ Stored XSS
Description The plugin does not sanitise and escape the srcdoc parameter, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks, however given that the malicious JS is limited to the scope of the iframe, there is no practical way to make users su...
Cross-site Scripting (XSS)
com.jfinal, jfinal is vulnerable to Cross Site Scripting. The vulnerability exists due to improper validation or sanitization of user inputs which allows attackers to inject malicious JS payloads into the system...
Viewing wget extractor output while logged in as an admin allows archived JS to execute in the admins context
Impact Any users who are using the wget or dom extractors and view the content they output. The impact is potentially severe if you are logged in to the ArchiveBox admin site in the same browser session and view an archived malicious page designed to target your ArchiveBox instance. Malicious JS...
U.S. Dept Of Defense: CVE-2023-24488 xss on https://██████/
Vulnerability description not provided...
TD Bank: Reflected XSS on marketsandresearch.td.com
Summary: Hi TD security team, there is a reflected XSS vulnerability at http://marketsandresearch.td.com. As you are most likely aware, XSS vulnerabilities can have significant security implications, including allowing an attacker to inject malicious JS code into the application, which is then...
parse-url cross-site scripting vulnerability
parse-url is an advanced url parser with git url support. A cross-site scripting vulnerability exists in parse-url versions prior to 7.0.0, which stems from the ability to run malicious JS code using ASCII characters starting with and all special escape characters starting with Unicode, which can...
parse-url cross-site scripting vulnerability
parse-url is an advanced url parser with git url support. A cross-site scripting vulnerability exists in parse-url versions prior to 7.0.0, which stems from a last fix can be bypassed and can be exploited by an attacker to place any malicious JS code on a web page...
Sensitive Cookie Without 'HttpOnly' Flag in namelessmc/nameless
Description Due to a culmination of factors in the design of the authentication and authorization system and a lack of proper cookie setting it is possible for a malicious user to exfiltrate session tokens from a NamelessMC instance and aggregate them in a remote service. A malicious administrati...
VOOKI - Web Application Vulnerability Scanner
Vooki is a free web application vulnerability scanner. Vooki is a user-friendly tool that you can easily scan any web application and find the vulnerabilities. Vooki includes Web Application Scanner, Rest API Scanner, and reporting section. Vooki – Web Application Scanner can help you to find the...
PhpBB2 Custom Mass PM 1.4.7 Cross Site Scripting
No description provided by source. ^ Exploit title: PhpBB2 Module "Custom Mass PM" Cross Site Scripting Vulnerability ^ Author : Silic0n sciencemedia017Atyahoo.com ^ MOD Title: Custom mass PM ^ MOD Description: Add mass PM functionnality to group members or all forums members for authorized users...
js script kill free tools to avoid killing experience and simple analysis-vulnerability warning-the black bar safety net
本文 所 做 的 实验 是以 ah.jsice Fox a variant,the attachment named"病毒 样本 .txt"as a virus sample,other js malicious code without tests. Since Kaspersky the js killing the intensity is relatively large, and furthermore, I the present machine it is installed Kaspersky, so its a small amount of additional...