CVE-2025-23031 Cross-Site Scripting (XSS) Stored endpoint 'adicionar_alergia.php' parameter 'nome' in WeGIA

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting XSS vulnerability was identified in the adicionaralergia.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in...

CVE-2025-23035 Cross-Site Scripting (XSS) Stored endpoint 'adicionar_tipo_quadro_horario.php' parameter 'tipo' in WeGIA

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting XSS vulnerability was identified in the adicionartipoquadrohorario.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious...

CVE-2025-23037 Cross-Site Scripting (XSS) Stored endpoint 'control.php' parameter 'cargo' in WeGIA

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting XSS vulnerability was identified in the control.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the...

CVE-2025-22618

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting XSS vulnerability was identified in the adicionarcargo.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into...

CVE-2025-22613 WeGIA Cross-Site Scripting (XSS) Stored endpoint 'informacao_adicional.php' parameter 'descricao'

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting XSS vulnerability was identified in the informacaoadicional.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts...

CVE-2025-22614

WeGIA is affected by a Stored Cross‑Site Scripting (XSS) in the dependente_editarInfoPessoal.php endpoint, specifically via the nome and SobrenomeForm parameters. The vulnerability arises from inadequate input validation/sanitization, allowing attackers to store malicious scripts on the server th...

CVE-2025-22616 WeGIA Cross-Site Scripting (XSS) Stored endpoint 'dependente_parentesco_adicionar.php' parameter 'descricao'

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting XSS vulnerability was identified in the dependenteparentescoadicionar.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicio...

Stored Cross-site Scripting (XSS)

redaxo/source is vulnerable to Stored cross-site scripting XSS. The vulnerability is due to improper input validation in the /media/test.html component, allowing attackers to inject malicious scripts into the password parameter...

Cross-Site Scripting (XSS)

phpoffice/phpspreadsheet is vulnerable to cross-site scripting XSS. The vulnerability is due to the lack of sanitization of the hyperlink base in the HTML page header within the file Html.php, allows an attacker to inject malicious scripts into the generated HTML pages...

Security Vulnerabilities fixed in Firefox for iOS 134 — Mozilla

Opening Javascript links in a new tab via long-press in the Firefox iOS client could result in a malicious script spoofing the URL of the new tab. Long hostnames in URLs could be leveraged to obscure the actual host of the website or spoof the website address...

Cross-site Scripting (XSS)

dcat/laravel-admin is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper input sanitization in the /admin/auth/menu and /admin/auth/extensions endpoints, allowing attackers to inject malicious scripts...

CVE-2024-56376

A stored cross-site scripting XSS vulnerability in the built-in messenger of REDCap 14.9.6 allows authenticated users to inject malicious scripts into the message field. When a user click on the received message, the crafted payload is executed, potentially enabling the execution of arbitrary web...

CVE-2024-56376

A stored cross-site scripting XSS vulnerability in the built-in messenger of REDCap 14.9.6 allows authenticated users to inject malicious scripts into the message field. When a user click on the received message, the crafted payload is executed, potentially enabling the execution of arbitrary web...

CVE-2024-56376

CVE-2024-56376 is a stored XSS in REDCap 14.9.6’s built-in messenger. Authenticated users can inject malicious scripts into the message field, and the payload executes when the recipient clicks the message, enabling potential arbitrary web-script execution. No fix details are provided in the init...

CVE-2024-56377

A stored cross-site scripting XSS vulnerability in survey titles of REDCap 14.9.6 allows authenticated users to inject malicious scripts into the Survey Title field or Survey Instructions. When a user receives a survey and clicks anywhere on the survey page to enter data, the crafted payload whic...

Cross-Site Scripting (XSS)

@marp-team/marp-core is vulnerable to Cross-site scripting XSS. The vulnerability is due to improper neutralization of HTML during sanitization, allowing malicious scripts to bypass defenses and execute...

Malicious code in walletcore-gen (npm)

The package contains several malicious PowerShell and VBS scripts used to harvest browser data, take screenshots, log keystrokes, and establish startup persistence. It also bundles a password stealer and exfiltrates stolen data via Slack and Discord webhooks. --- -= Per source details. Do not edi...

GHSA-J77F-79W9-RGHC The wp-enable-svg WordPress plugin does not sanitize SVG files when uploaded

The wp-enable-svg WordPress plugin through 0.2 does not sanitize SVG files when uploaded, allowing for authors and above to upload SVGs containing malicious scripts...

The wp-enable-svg WordPress plugin does not sanitize SVG files when uploaded

The wp-enable-svg WordPress plugin through 0.2 does not sanitize SVG files when uploaded, allowing for authors and above to upload SVGs containing malicious scripts...

CVE-2024-11184

The wp-enable-svg WordPress plugin through 0.7 does not sanitize SVG files when uploaded, allowing for authors and above to upload SVGs containing malicious scripts...