CVE-2025-71177

LavaLite CMS versions up to and including 10.1.0 contain a stored cross-site scripting vulnerability in the package creation and search functionality. Authenticated users can supply crafted HTML or JavaScript in the package Name or Description fields that is stored and later rendered without prop...

LavaLite CMS affected by a stored cross-site scripting vulnerability

LavaLite CMS versions up to and including 10.1.0 contain a stored cross-site scripting vulnerability in the package creation and search functionality. Authenticated users can supply crafted HTML or JavaScript in the package Name or Description fields that is stored and later rendered without prop...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the package creation and search processes. An attacker can execute arbitrary scripts in the browsers of other users by injecting crafted HTML or JavaScript into the Name or Description fields, which are later...

CVE-2025-71177

LavaLite CMS versions up to and including 10.1.0 contain a stored cross-site scripting vulnerability in the package creation and search functionality. Authenticated users can supply crafted HTML or JavaScript in the package Name or Description fields that is stored and later rendered without prop...

CVE-2025-71177

LavaLite CMS versions up to and including 10.1.0 contain a stored cross-site scripting vulnerability in the package creation and search functionality. Authenticated users can supply crafted HTML or JavaScript in the package Name or Description fields that is stored and later rendered without prop...

CVE-2025-71177

LavaLite CMS ≤ 10.1.0 is reported to have a stored XSS vulnerability in package creation and package search. Authenticated users can inject HTML/JavaScript into the Package Name or Description fields, which is stored and later rendered without proper output encoding in search results, enabling po...

PT-2026-4499

Name of the Vulnerable Software and Affected Versions LavaLite CMS versions up to and including 10.1.0 Description LavaLite CMS is affected by a stored cross-site scripting issue in the package creation and search functionality. Authenticated users can inject crafted HTML or JavaScript into the...

Malicious code in keyla-poke80 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fead89eccdb880a74be8f3053b394cc603dcbb494fb0f25618a04adbdf861b9e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in mass_stingray_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 26b37bfa326080b72ea2e483f8e9b1cad064c6c6fc223c4e89716bffc5ee7c83 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in selfish_moose_replicate_automation (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 503c46fff451c3667a34e4a151cbc230ab757b324b6507312034fc28e1f0bffd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-78626 Malicious code in hadianto-bakso50-sukiwir (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 818075c7e9e1969c46e977fbc980910cff86501bb5a42b7c88266f4100b2c49b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

SUSE-SU-2023:2798-1 Security update for prometheus-sap_host_exporter

This update for prometheus-saphostexporter fixes the following issues: - rebuild the package with the go 1.20 security release bsc1208270. - fixed exporter package description bsc1211311...

SUSE-SU-2023:2757-1 Security update for prometheus-sap_host_exporter

This update for prometheus-saphostexporter fixes the following issues: - rebuild the package with the go 1.20 security release bsc1208270. - fixed exporter package description bsc1211311...

SUSE-SU-2023:2756-1 Security update for prometheus-sap_host_exporter

This update for prometheus-saphostexporter fixes the following issues: - rebuild the package with the go 1.20 security release bsc1208270. - fixed exporter package description bsc1211311...

Recommended update for flash-player (important)

This update for flash-player fixes the following security issues APSB16-29, boo998589: integer overflow vulnerability that could lead to code execution CVE-2016-4287. use-after-free vulnerabilities that could lead to code execution CVE-2016-4272, CVE-2016-4279, CVE-2016-6921, CVE-2016-6923,...

iDev Rentals 1.0 - Multiple Vulnerabilities

iDev Rentals 1.0 - Multiple Vulnerabilities Title: ====== iDev Rentals v1.0 - Multiple Web Vulnerabilities Date: ===== 2012-11-14 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=760 VL-ID: ===== 758 Common Vulnerability Scoring System: ==================================...