CVE-2025-41084

Stored Cross-Site Scripting XSS vulnerability in Sesame web application, due to the fact that uploaded SVG images are not properly sanitized. This allows attackers to embed malicious scripts in SVG files by sending a POST request using the 'logo' parameter in '/api/v3/companies//logo', which are...

CVE-2025-41084 Stored Cross-Site Scripting (XSS) in Sesame web application

Stored Cross-Site Scripting XSS vulnerability in Sesame web application, due to the fact that uploaded SVG images are not properly sanitized. This allows attackers to embed malicious scripts in SVG files by sending a POST request using the 'logo' parameter in '/api/v3/companies//logo', which are...

Cross-site Scripting (XSS)

Vaadin Framework is vulnerable to a Cross-Site Scripting XSS. The vulnerability is due to action captions accepting unsanitized HTML content by default, which allows an attacker to inject and execute malicious scripts when user-controlled input is rendered in UI components...

PT-2026-2422

Name of the Vulnerable Software and Affected Versions Jetpack version 11.4 Description The software contains a cross-site scripting issue within the contact form module. An attacker can inject malicious scripts through the post id parameter. By crafting malicious URLs with script payloads, an...

CVE-2023-4821

The Drag and Drop Multiple File Upload for WooCommerce WordPress plugin before 1.1.1 does not filter all potentially dangerous file extensions. Therefore, an attacker can upload unsafe .shtml or .svg files containing malicious scripts...

CVE-2024-39307

Kavita is a cross platform reading server. Opening an ebook with malicious scripts inside leads to code execution inside the browsing context. Kavita doesn't sanitize or sandbox the contents of epubs, allowing scripts inside ebooks to execute. This vulnerability was patched in version 0.8.1...

CVE-2023-40024

ScanCode.io is a server to script and automate software composition analysis pipelines. In the /license/ endpoint, the detailed view key is not properly validated and sanitized, which can result in a potential cross-site scripting XSS vulnerability when attempting to access a detailed license vie...

CVE-2022-38758

Cross-site Scripting XSS vulnerability in NetIQ iManager prior to version 3.2.6 allows attacker to execute malicious scripts on the user's browser. This issue affects: Micro Focus NetIQ iManager NetIQ iManager versions prior to 3.2.6 on ALL...

PT-2026-1963

Name of the Vulnerable Software and Affected Versions AMP for WP plugin for WordPress versions prior to 1.1.11 Description The AMP for WP plugin for WordPress is susceptible to Stored Cross-Site Scripting through SVG file uploads. Insufficient sanitization of SVG file content allows for the...

Cross-site Scripting (XSS)

Overview nicegui is a Create web-based user interfaces with Python. The nice way. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the pushstate event listener, which allows manipulation of the URL fragment identifier. An attacker can execute arbitrary JavaScript i...

CVE-2025-1705

The tagDiv Composer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.3. This is due to missing or incorrect nonce validation within the tdajaxgetviews AJAX action. This makes it possible for unauthenticated attackers to inject malicious web...

PT-2026-20853

Name of the Vulnerable Software and Affected Versions SPIP versions prior to 4.4.8 Description The application does not properly handle iframe content in the private area, allowing an attacker to inject and execute malicious scripts through iframe tags. The issue occurs because the application do...

Malicious code in pyrogrem (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 42a10da9545ede038913b53b3619d36a94708a854536263f6a97c5d4d30a9b65 The package, distinguished as a speed testing or typosquatted Telegram library, contains a Telegram bot to perform remote control of the computer --- Category:...

PoC-Analyzer

PoC Analyzer Proof-of-Concept Malicious Intent Detector !P...

Strengthening supply chain security: Preparing for the next malware campaign

The open source ecosystem continues to face organized, adaptive supply chain threats that spread through compromised credentials and malicious package lifecycle scripts. The most recent example is the multi-wave Shai-Hulud campaign. While individual incidents differ in their mechanics and speed,...

CVE-2025-67855

A flaw was found in mooodle. A remote attacker could exploit a reflected Cross-Site Scripting XSS vulnerability in the policy tool return URL. This vulnerability arises from insufficient sanitization of URL parameters, allowing attackers to inject malicious scripts through specially crafted links...

EUVD-2025-204351

RockMongo 1.1.7 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts through multiple unencoded input parameters. Attackers can exploit the vulnerability by submitting crafted payloads in database, collection, and login parameters to execute...

EUVD-2025-204379

A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via error messages containing specially crafted object names. This allows malicious scripts to execute in users' browsers when administrators view error messages in the administration...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Forum Name parameter. An attacker can execute arbitrary web scripts or HTML by injecting crafted payloads. Details Cross-site scripting or XSS is a code vulnerability that occurs when an attacker “inject...

CVE-2024-58321

A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via form validation rule configuration. Attackers can exploit this vulnerability to execute malicious scripts that will run in users' browsers...