6 matches found
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Enduser Login page. An attacker can access sensitive user credentials by tricking a legitimate user into clicking a malicious link and logging in. Details Cross-site scripting or XSS is a code...
CVE-2025-40681
Cross-site Scripting XSS vulnerability reflected in xCally's Omnichannel v3.30.1. This vulnerability allowsan attacker to executed JavaScript code in the victim's browser by sending them a malicious URL using the 'failureMessage' parameter in '/login'. This vulnerability can be exploited to steal...
EUVD-2025-32121
Malicious code in bioql PyPI...
PT-2025-40372
Name of the Vulnerable Software and Affected Versions AndSoft e-TMS version 25.03 Description A cross-site scripting XSS issue exists that allows an attacker to execute JavaScript code in a victim's browser. This is achieved by sending a malicious URL. The vulnerability is reflected in the...
CVE-2024-52512
useroidc app is an OpenID Connect user backend for Nextcloud. A malicious user could send a malformed login link that would redirect the user to a provided URL after successfully authenticating. It is recommended that the Nextcloud User OIDC app is upgraded to 6.1.0...
Nextcloud 安全漏洞
Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud that originates from a malicious user being able to send an incorrectly formatted login link that redirects th...