CVE-2025-66523

CVE-2025-66523 reflects a Cross-Site Scripting (XSS) issue in na1.foxitesign.foxit.com prior to 2026-01-16, caused by URL parameters being embedded directly into JavaScript code or HTML attributes without proper encoding or sanitization. An authenticated user can trigger script injection by visit...

EUVD-2016-4741

Malware in sbrugna...

EUVD-2006-3608

Malware in sbrugna...

EUVD-2009-3546

Malware in sbrugna...

EUVD-2008-6097

Malware in sbrugna...

EUVD-2010-4248

Malware in sbrugna...

EUVD-2007-5108

Malware in sbrugna...

CVE-2025-8818 Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 setLan setDFSSetting os command injection

A vulnerability has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected by this issue is the function setDFSSetting of the file /goform/setLan. The manipulation of the argument lanNetmask/lanIp leads to os command injection. The attack may be launched...

CVE-2024-51108

Multiple stored cross-site scripting XSS vulnerabilities in the component /admin/card-bwdates-report.php of PHPGURUKUL Medical Card Generation System using PHP and MySQL v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the fromdate and todate...

CVE-2012-1470

Multiple cross-site scripting XSS vulnerabilities in codeeditor.php in ocPortal before 7.1.6 allow remote attackers to inject arbitrary web script or HTML via the 1 path or 2 line parameters...

CVE-2010-3427

Multiple cross-site scripting XSS vulnerabilities in Open Classifieds 1.7.0.2 allow remote attackers to inject arbitrary web script or HTML via the 1 desc, 2 price, 3 title, and 4 place parameters to index.php and the 5 subject parameter to contact.htm, related to content/contact.php...

CVE-2024-5553

The Premium Addons for Elementor plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via several parameters in all versions up to, and including, 4.10.33 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2017-0372

Parameters injection in the SyntaxHighlight extension of Mediawiki before 1.23.16, 1.27.3 and 1.28.2 might result in multiple vulnerabilities...

CVE-2017-0372

Parameters injection in the SyntaxHighlight extension of Mediawiki before 1.23.16, 1.27.3 and 1.28.2 might result in multiple vulnerabilities...

CVE-2017-0372

Parameters injection in the SyntaxHighlight extension of Mediawiki before 1.23.16, 1.27.3 and 1.28.2 might result in multiple vulnerabilities...

Design/Logic Flaw

Parameters injection in the SyntaxHighlight extension of Mediawiki before 1.23.16, 1.27.3 and 1.28.2 might result in multiple vulnerabilities...

CVE-2017-0372

CVE-2017-0372 concerns MediaWiki’s SyntaxHighlight extension. The initial description notes parameter injection in the SyntaxHighlight extension could lead to multiple vulnerabilities in affected releases prior to 1.23.16, 1.27.3, and 1.28.2. Connected documents corroborate concrete details: a re...

CVE-2017-0372 Parameters injection in SyntaxHighlight results in multiple vulnerabilities

Parameters injection in the SyntaxHighlight extension of Mediawiki before 1.23.16, 1.27.3 and 1.28.2 might result in multiple vulnerabilities...

CVE-2017-1000032

Cross-Site scripting XSS vulnerabilities in Cacti 0.8.8b allow remote attackers to inject arbitrary web script or HTML via the parentid parameter to tree.php and drpaction parameter to datasources.php...

Fedora 25 : mediawiki (2017-3fb95ed01f)

T109140 T122209 Special:UserLogin and Special:Search allow redirect to interwiki links. CVE-2017-0363, CVE-2017-0364 - T144845 XSS in SearchHighlighter::highlightText when $wgAdvancedSearchHighlighting is true. CVE-2017-0365 - T125177 API parameters may now be marked as 'sensitive' to keep their...