CVE-2026-34416

OSCAL-GUI contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser by injecting malicious input through the project request parameter. Attackers can craft a malicious URL containing unsanitized input that...

EUVD-2026-36041

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, wrapline app/modules/common/common.py:181-186 and highlightword app/modules/common/common.py:188-192 build raw HTML by string concatenation with no escaping. The frontend...

CVE-2026-34416 OSCAL-GUI Reflected XSS via project parameter in oscal.php

OSCAL-GUI contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser by injecting malicious input through the project request parameter. Attackers can craft a malicious URL containing unsanitized input that...

PT-2026-48267

OSCAL-GUI contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser by injecting malicious input through the project request parameter. Attackers can craft a malicious URL containing unsanitized input that...

CVE-2020-37233

WordPress Plugin Buddypress 6.2.0 contains a persistent cross-site scripting vulnerability that allows authenticated attackers with moderator privileges to inject malicious script code through the figure parameter in wp:html blocks. Attackers can inject iframe elements with event handlers like...

CVE-2021-47931 Exponent CMS 2.6 Multiple Vulnerabilities Stored XSS Authentication

Exponent CMS 2.6 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the Title and Text Block parameters in the text editing endpoint. Attackers can inject iframe payloads with embedded SVG onload events to execute arbitrary...

Exponent CMS 跨站脚本漏洞

Exponent CMS is a website content management system provided by the Exponent company, offering capabilities for page management and modular content editing. Version 2.6 of Exponent CMS contains a cross-site scripting vulnerability. This vulnerability stems from storage-based cross-site scripting...

PT-2026-39507

Exponent CMS 2.6 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the Title and Text Block parameters in the text editing endpoint. Attackers can inject iframe payloads with embedded SVG onload events to execute arbitrary...

Payload-XSS

Payload-XSS Daftar Isi 1. Payload Dasar 1-20payload-...

Mozilla Thunderbird < 78.3

The version of Thunderbird installed on the remote Windows host is prior to 78.3. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-44 advisory. - When recursing through graphical layers while scrolling, an iterator may have become invalid, resulting in a...

Mozilla Thunderbird < 78.3

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 78.3. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-44 advisory. - When recursing through graphical layers while scrolling, an iterator may have become invalid, resulting i...

EUVD-2025-36367

Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level advertisement and internet tracker blocking application. Pi-hole Admin Interface versions 6.2.1 and earlier are vulnerable to reflected cross-site scripting XSS via a malformed URL path. The 404 error page includes t...

EUVD-2009-0081

Malware in sbrugna...

EUVD-2013-1137

Malware in sbrugna...

EUVD-2010-0002

Malware in sbrugna...

EUVD-2012-2559

Malware in sbrugna...

EUVD-2022-4734

Malicious code in bioql PyPI...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the data-iframeconfig attribute. An attacker can execute arbitrary JavaScript in the context of the affected site by injecting malicious attributes such as onload or onmouseenter through wikitext. Details...

Linux Distros Unpatched Vulnerability : CVE-2018-6561

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - dijit.Editor in Dojo Toolkit 1.13 allows XSS via the onload attribute of an SVG element. CVE-2018-6561 Note that Nessus relies on the presence of the package as...

Linux Distros Unpatched Vulnerability : CVE-2020-15676

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting...