2325 matches found
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the hotlinking process. An attacker can execute arbitrary JavaScript code in the context of users viewing the hotlinked SVG by uploading a crafted SVG file containing malicious scripts and creating a hotlink...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the hotlinking process. An attacker can execute arbitrary JavaScript code in the context of users viewing the hotlinked SVG by uploading a crafted SVG file containing malicious scripts and creating a hotlink...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via improper HTML encoding of page names in search results. An attacker can execute arbitrary JavaScript in the context of users viewing the affected search results by injecting malicious scripts through the pag...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the attachment upload process. An attacker can execute arbitrary JavaScript in the context of another user's browser session by uploading a crafted HTML or SVG file containing malicious scripts. This can lead...
Cross-site Scripting (XSS)
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Cross-site Scripting XSS via the innerHTML process. An attacker can execute arbitrary JavaScript in the context of the exported session HTML viewer by including crafted HTML or unescaped...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the device image upload. An attacker can execute arbitrary JavaScript in the context of other users' browsers by uploading a crafted SVG file containing malicious scripts. Details Cross-site scripting or XSS...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Value argument in the Backend Interface component. An attacker can inject malicious script code by supplying crafted input to the affected parameter. Details Cross-site scripting or XSS is a code...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS due to the improper escaping of user input in website and author fields before being inserted into an HTML attribute. An attacker can execute arbitrary JavaScript in the context of users viewing affected comment...
Malicious code in telebot-infoe (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 4dadd8bb17144a1726c97ec0472de592532f72b8c57fdd87ce1364e43241832d The package, distinguished as a speed testing or typosquatted Telegram library, contains a Telegram bot to perform remote control of the computer --- Category:...
Malicious code in telebot-infoo (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 4a00053312897920b40040788f68a209b63c061000ec349ab3e705675bada499 The package, distinguished as a speed testing or typosquatted Telegram library, contains a Telegram bot to perform remote control of the computer --- Category:...
MAL-2026-931 Malicious code in telebot-infe (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 590d96b39de125e4d96c7b88fdc57ef5257eddbf8277011e51c84e1500302aaf The package, distinguished as a speed testing or typosquatted Telegram library, contains a Telegram bot to perform remote control of the computer --- Category:...
Malicious code in telebot-info (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 61aec9d37a402659928293fb6a151f72f9de1194a73a519f7e1595e5ed5b719b The package, distinguished as a speed testing or typosquatted Telegram library, contains a Telegram bot to perform remote control of the computer --- Category:...
CVE-2019-25378
CVE-2019-25378 affects Smoothwall Express 3.1-SP4-polar-x86_64-update9, via the proxy.cgi endpoint. The vulnerability allows cross-site scripting by injecting payloads through parameters such as CACHE_SIZE, MAX_SIZE, MIN_SIZE, MAX_OUTGOING_SIZE, and MAX_INCOMING_SIZE. Attackers can submit POST re...
CVE-2025-13064
A server-side injection was possible for a malicious admin to manipulate the application to include a malicious script which is executed by the server. This attack is only possible if the admin uses a client that have been tampered with...
CVE-2025-66606
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product does not properly encode URLs. An attacker could tamper with web pages or execute malicious scripts. The affected products and versions are as follows: FAST/TOOLS Packages: RVSVRN, UNSVRN, HMIWEB,...
EUVD-2019-19399
Millhouse-Project 1.414 contains a persistent cross-site scripting vulnerability in the comment submission functionality that allows attackers to inject malicious scripts. Attackers can post comments with embedded JavaScript through the 'content' parameter in addcommentsql.php to execute arbitrar...
Cross-site Scripting (XSS)
Overview craftcms/commerce is a Craft Commerce Affected versions of this package are vulnerable to Cross-site Scripting XSS via improper sanitization of the Address Line 1 field in inventory locations. An attacker can execute arbitrary JavaScript in an administrator's browser by submitting crafte...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the Observations field in the History view. An attacker can execute arbitrary JavaScript code in the context of an administrator's browser session by injecting malicious scripts into the Observations field,...
Simple CMS 跨站脚本漏洞
Simple CMS is an open-source content management system developed using Simple PHPScripts. Version 2.1 of Simple CMS has a cross-site scripting vulnerability. This vulnerability stems from persistent cross-site scripting vulnerabilities in user input parameters, which could allow remote attackers ...
CVE-2026-1513
billboard.js before 3.18.0 allows an attacker to execute malicious JavaScript due to improper sanitization during chart option binding...