EUVD-2020-26908

Malware in sbrugna...

EUVD-2022-34192

Malicious code in bioql PyPI...

CVE-2020-35126

Typesetter CMS 5.x through 5.1 allows admins to conduct Site Title persistent XSS attacks via an Admin/Configuration URI. NOTE: the significance of this report is disputed because "admins are considered trustworthy...

CVE-2022-36277 SQL injection vulnerability in TCMAN GIM

The 'sReferencia', 'sDescripcion', 'txtCodigo' and 'txtDescripcion' parameters, in the frmGestionStock.aspx and frmEditServicio.aspx files in TCMAN GIM v8.0.1, could allow an attacker to perform persistent XSS attacks...

CVE-2021-4046

The mtxtNom y mtxtCognoms parameters in TCMAN GIM v8.01 allow an attacker to perform persistent XSS attacks. This vulnerability could be used to carry out a number of browser-based attacks including browser hijacking or theft of sensitive data...

CVE-2020-5748

Insufficient output sanitization in TCExam 14.2.2 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting XSS attacks via the self-registration feature...

CVE-2019-3958

Insufficient output sanitization in WallacePOS 1.4.3 allows a remote, authenticated attacker to conduct persistent cross-site scripting XSS attacks via a crafted sales transaction...

Cross site scripting

Insufficient output sanitization in the Automic Web Interface AWI, in CA Automic Workload Automation 12.0 to 12.2, allow attackers to potentially conduct persistent cross site scripting XSS attacks via a crafted object...

CVE-2008-6758

Cross-site request forgery CSRF vulnerability in cartsave.php in ViArt Shop aka Shopping Cart 3.5 allows remote attackers to hijack the authentication of arbitrary users for requests that conduct persistent cross-site scripting XSS attacks via the cartname parameter in a save action...