GHSA-8QM3-746X-R74R devalue `uneval`ed code can create objects with polluted prototypes when `eval`ed

Under certain circumstances, unevaling untrusted data can produce output code that will create objects with polluted prototypes when later evaled, meaning the output data can be a different shape from the input data...

CVE-2025-64049

A stored cross-site scripting XSS vulnerability in the module management component in REDAXO CMS 5.20.0 allows remote users to inject arbitrary web script or HTML via the Output code field in modules. The payload is executed when a user views or edits an article by adding slice that uses the...

GHSA-VQC7-7FJ4-3FM3 REDAXO CMS is vulnerable to XSS through its module management component

A stored cross-site scripting XSS vulnerability in the module management component in REDAXO CMS 5.20.0 allows remote users to inject arbitrary web script or HTML via the Output code field in modules. The payload is executed when a user views or edits an article by adding slice that uses the...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Output code field in the module management component. An attacker can execute arbitrary web scripts or HTML in the context of another user by injecting malicious payloads that are triggered when a user...

REDAXO CMS is vulnerable to XSS through its module management component

A stored cross-site scripting XSS vulnerability in the module management component in REDAXO CMS 5.20.0 allows remote users to inject arbitrary web script or HTML via the Output code field in modules. The payload is executed when a user views or edits an article by adding slice that uses the...

EUVD-2025-199600

A stored cross-site scripting XSS vulnerability in the module management component in REDAXO CMS 5.20.0 allows remote users to inject arbitrary web script or HTML via the Output code field in modules. The payload is executed when a user views or edits an article by adding slice that uses the...

CVE-2025-64049

A stored cross-site scripting XSS vulnerability in the module management component in REDAXO CMS 5.20.0 allows remote users to inject arbitrary web script or HTML via the Output code field in modules. The payload is executed when a user views or edits an article by adding slice that uses the...

CVE-2025-64049

A stored cross-site scripting XSS vulnerability in the module management component in REDAXO CMS 5.20.0 allows remote users to inject arbitrary web script or HTML via the Output code field in modules. The payload is executed when a user views or edits an article by adding slice that uses the...

CVE-2025-64049

A stored cross-site scripting XSS vulnerability in the module management component in REDAXO CMS 5.20.0 allows remote users to inject arbitrary web script or HTML via the Output code field in modules. The payload is executed when a user views or edits an article by adding slice that uses the...

CVE-2025-64049

A stored cross-site scripting XSS vulnerability in the module management component in REDAXO CMS 5.20.0 allows remote users to inject arbitrary web script or HTML via the Output code field in modules. The payload is executed when a user views or edits an article by adding slice that uses the...

PT-2025-48037

Name of the Vulnerable Software and Affected Versions REDAXO CMS version 5.20.0 Description A stored cross-site scripting XSS issue exists in the module management component of REDAXO CMS. A remote user can inject arbitrary web script or HTML through the Output code field within modules. This...

CVE-2025-64049

CVE-2025-64049 describes a stored XSS in REDAXO CMS 5.20.0, specifically in the module management component. The vulnerability allows remote attackers to inject arbitrary web script or HTML via the Output code field in modules; the payload executes when a user views or edits an article that inclu...

REDAXO 安全漏洞

REDAXO is a content management system from REDAXO open source. A security vulnerability exists in REDAXO version 5.20.0, which stems from improper handling of the Output code field in the module management component and could lead to a stored cross-site scripting attack...

Exploit for CVE-2025-64049

CVE-Disclosures Welcome to the CVE disclosures section of thi...

PT-2022-12149 · Fis +3 · Fis Gt.M +3

Name of the Vulnerable Software and Affected Versions: FIS GT.M versions prior to V7.0-000 Description: An issue was discovered related to the YottaDB code base. Using crafted input, an attacker can control the size of a memset that occurs in calls to util format in sr unix/util output.c...

Denial of Service Vulnerability in Micropoint Intelligent Defense Software Personal Free Edition mp110005.sys Driver

Micropoint Intelligent Defense Software Personal Free Edition is a set of third-generation anti-virus software of Micropoint Baihui Beijing Information Security Technology Co., Ltd. and adopts AI Intelligent Defense Technology to independently analyze and judge viruses. A denial of service...

Jiangmin Antivirus Denial of Service Vulnerability (CNVD-2018-03300)

Jiangmin Antivirus is a set of online antivirus software from the Chinese Jiangmin Jiangmin New Technology Company. A security vulnerability exists in the KSysCall.sys driver file in Jiangmin Antivirus version 16.0.0.100, which is caused by the program failing to validate an input value of IOCtl...