Cross-site Scripting (XSS)

Overview nicegui is a Create web-based user interfaces with Python. The nice way. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the ui.subpages function. An attacker can execute JavaScript in the context of the user's browser by tricking a user into clicking a...

MAL-2026-162 Malicious code in btcli-security (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a4b868f818b1a81f5fccee1967f70c3ff9d75c218d14ec09882c576a9c2c213e Package clones a legitimate bittensor-cli library and adds a hidden code that downloads a malicious script. The script then downloads an archive with malicious...

CVE-2019-25284

CVE-2019-25284 concerns the V-SOL GPON/EPON OLT Platform. Connected sources confirm multiple reflected cross-site scripting vulnerabilities caused by improper input sanitization in various script parameters. The issues affect V-SOL GPON/EPON OLT Platform version 2.03 (and related entries citing 2...

CVE-2019-12578

A vulnerability in the London Trust Media Private Internet Access PIA VPN Client v82 for Linux could allow an authenticated, local attacker to run arbitrary code with elevated privileges. The openvpnlauncher.64 binary is setuid root. This binary executes /opt/pia/openvpn-64/openvpn, passing the...

Malicious code in qdatainstaller (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e4ee574ced05e27b63477cb84af816e02ae259c67246f4f31ff63819e7e1048e Package is designed to download and execute a remote script, which then downloads and runs a malicious executable --- Category: MALICIOUS - The campaign has...

MAL-2026-27 Malicious code in qdatainstaller (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e4ee574ced05e27b63477cb84af816e02ae259c67246f4f31ff63819e7e1048e Package is designed to download and execute a remote script, which then downloads and runs a malicious executable --- Category: MALICIOUS - The campaign has...

Kentico Xperience Cross-Site Scripting Vulnerability

Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from a cross-site scripting vulnerability that can be exploited by an attacker to inject malicious script via a form redirect URL configuration...

CVE-2025-68387

A flaw was found in Kibana. An unauthenticated user can embed a malicious script in web page content through improper input neutralization during web page generation. This cross-site scripting XSS vulnerability, specifically in a function handler within the Vega AST evaluator, allows for the...

Kentico Xperience 跨站脚本漏洞

Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from a cross-site scripting vulnerability that can be exploited by an attacker to inject malicious script via the rich text editor component of the page and form builder...

CVE-2023-53904 Xenforo 2.2.13 Authenticated Stored Cross-Site Scripting via Smilie Categories

Xenforo 2.2.13 contains a stored cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through the smilie category title parameter. Attackers can create a smilie category with a malicious script that will execute when the admin panel is loaded,...

CVE-2025-68147 opensourcepos has a Cross-site Scripting vulnerability

Open Source Point of Sale opensourcepos is a web based point of sale application written in PHP using CodeIgniter framework. Starting in version 3.4.0 and prior to version 3.4.2, a Stored Cross-Site Scripting XSS vulnerability exists in the "Return Policy" configuration field. The application doe...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2026-0012948)

Adobe Experience Manager is an enterprise-class content management solution from Adobe. Adobe Experience Manager suffers from a cross-site scripting vulnerability that originates from a low-privilege attacker who can inject malicious script into form fields, no details of the vulnerability are...

CVE-2025-36748

ShineLan-X contains a stored cross site scripting XSS vulnerability in the local configuration web server. The JavaScript code snippet can be inserted in the communication module’s settings center. This may allow attackers to force a legitimate user’s browser’s JavaScript engine to run malicious...

Cross-site Scripting (XSS)

com.liferay.portal, release.portal.bom is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to the absence of the sandbox attribute in elements within the Blogs widget, which allows attackers to inject malicious scripts via crafted content and gain access to the parent page through...

Google ads funnel Mac users to poisoned AI chats that spread the AMOS infostealer

Researchers have found evidence that AI conversations were inserted in Google search results to mislead macOS users into installing the Atomic macOS Stealer AMOS. Both Grok and ChatGPT were found to have been abused in these attacks. Forensic investigation of an AMOS alert showed the infection...

CVE-2025-64873

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

CVE-2025-64545

Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability that could be exploited by a low privileged attacker to execute malicious scripts in the context of the victim's browser. Exploitation of this issue requires user interaction,...

CVE-2024-58279

appRain CMF 4.0.5 contains an authenticated remote code execution vulnerability that allows administrative users to upload malicious PHP files through the filemanager upload endpoint. Attackers can leverage authenticated access to generate a web shell with command execution capabilities by...

EUVD-2025-202565

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

CVE-2025-64613

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...