4 matches found
EUVD-2025-18207
Malicious code in bioql PyPI...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the addPortlet.polyfill.js process. An attacker can execute arbitrary HTML or JavaScript code in the context of a user's browser by editing preference menu heading messages that are rendered without proper...
starcitizentools/citizen-skin allows stored XSS in preference menu heading messages
Summary Various preferences messages are inserted into raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. Details The innerHtml of the label div is set to the textContent of the label, essentially unsanitizing the system messages:...
GHSA-JWR7-992G-68MH starcitizentools/citizen-skin allows stored XSS in preference menu heading messages
Summary Various preferences messages are inserted into raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. Details The innerHtml of the label div is set to the textContent of the label, essentially unsanitizing the system messages:...