2326 matches found
MAL-2025-54970 Malicious code in surya-gulai62-sukiwir (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a535cdcd65022720c61fec3ddb680ab4501e5ddf78cc6a392454d8422824cccb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in gita-kue45-sluey (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5825bb604bb18a58360a8556a9c3171511f523dfac9114a5320910c347eb013a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in lutfi-botok70-riris (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 26572f2c8a6dcfe08bb01f2d1e78f7e38b580de72ffac854e59b9a70479a29c0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in mahesa-mieaceh2-ruro (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fdeee319b0f6303923c786b39d405d18c5a16b5ed05b87d83a411127f4e87430 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in nurul-serabi64-miaww (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e2f652a17ac17ab35d6cdd191d63e98f3ce4aeb645d9d3537ede04fde6b41755 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in kresna-sambalado68-miaww (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 84fb0dbccf28252bed830d45f999585864355669f45a9f9dfe67f83ef25eb997 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-52111 Malicious code in joni-tahutek61-miaww (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cf1c2ff171cba6345c2964a6f985d4074a389ae541cc733e611a4a795b118ea2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-52108 Malicious code in joni-sate30-miaww (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a094140a3f85c4505512d4d41d27043446ea7993afd69585b15f32ec46998a38 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-52770 Malicious code in gita-nasi96-sukiwir (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 24805fd05ad503f4e9d95ee9b5a19b4fa3d6ad9509f6296c194c4a2279c6ca01 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-51643 Malicious code in eka-pecel51-sluey (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f31c8a479f29172a1c8714c5bd66f311ac869baa1976df07e4af8f6fae3f8828 The package eka-pecel51-sluey was found to contain malicious code. This package appears to be part of the tea.xyz token reward campaign that flooded...
MAL-2025-50800 Malicious code in andi-ketoprak25-sukiwir (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c9a0870148a21ac77a8741af89587d7d451b074135ea114b01eb3e98f2b8a89a The package andi-ketoprak25-sukiwir was found to contain malicious code. This package appears to be part of the tea.xyz token reward campaign that...
CVE-2025-63714
Cross-Site Scripting XSS vulnerability in SourceCodester User Account Generator 1.0 allows remote attackers to execute arbitrary JavaScript code in the context of the user's browser session via crafted input in the Username Prefix field. The vulnerability exists due to improper sanitization of...
Cross-site Scripting (XSS)
s-cart/core and gp247/core are vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper sanitization of the User-Agent header in the Admin Log Viewer, which allows an attacker to inject malicious scripts that execute in an administrator’s browser when viewing the security log...
PT-2025-44359
Name of the Vulnerable Software and Affected Versions Drupal Umami Analytics versions prior to 1.0.1 Description A flaw exists in Drupal Umami Analytics that allows for Cross-Site Scripting XSS. This issue arises from improper neutralization of input during web page generation. The vulnerability...
CVE-2025-41384
Cross-Site Scripting XSS vulnerability reflected in SuiteCRM v7.14.1. This vulnerability allows an attacker to execute JavaScript code by modifying the HTTP Referer header to include an arbitrary domain with malicious JavaScript code at the end. The server will attempt to block the arbitrary doma...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the mediamanager component when a specially crafted SVG file containing JavaScript code is uploaded and subsequently previewed by an administrator. Details Cross-site scripting or XSS is a code vulnerability...
Adobe Connect 跨站脚本漏洞
Adobe Connect is a software for creating meeting environments from the American company Audobee Adobe. Adobe Connect suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute malicious script in a victim's browser...
PT-2025-41391
Name of the Vulnerable Software and Affected Versions code-projects Client Details System version 1.0 Description The code-projects Client Details System version 1.0 is susceptible to a Cross Site Scripting XSS issue. When adding customer information, the system allows malicious JavaScript code t...
EUVD-2025-33277
Web Developer for Chrome v0.4.9 contained malicious code that generated a domain via a DGA and fetched a remote script. The fetched script conditionally loaded follow-on modules that performed extensive ad substitution and malvertising, displayed fake “repair” alerts that redirected users to...
Hackers Exploit WordPress Sites to Power Next-Gen ClickFix Phishing Attacks
Cybersecurity researchers are calling attention to a nefarious campaign targeting WordPress sites to make malicious JavaScript injections that are designed to redirect users to sketchy sites. "Site visitors get injected content that was drive-by malware like fake Cloudflare verification," Sucuri...