77 matches found
CVE-2026-6956
ATutor is vulnerable to a Reflected XSS in the /install/install.php endpoint. An attacker can supply a crafted URL that, when opened, causes arbitrary JavaScript execution in the victim’s browser. The issue has been tested only on version 2.2.4; other versions were not tested but might also be vu...
Astra Linux - уязвимость в zabbix
A authenticated user can create a link containing reflected JavaScript code on it for the discovery page and send it to other users. The payload can only be executed with a known CSRF token value of the victim, which is changed periodically and is difficult to predict...
Astra Linux - уязвимость в zabbix
An authenticated user can create a link with reflected Javascript code inside it for services’ page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all...
Astra Linux - уязвимость в zabbix
An authenticated user can create a link with reflected Javascript code inside it for items’ page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all th...
EUVD-2022-29674
Malicious code in bioql PyPI...
EUVD-2022-43900
Malicious code in bioql PyPI...
EUVD-2022-38122
Malicious code in bioql PyPI...
EUVD-2022-29673
Malicious code in bioql PyPI...
EUVD-2022-38121
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2022-35230
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An authenticated user can create a link with reflected Javascript code inside it for the graphs page and send it to other users. The payload can be executed onl...
Linux Distros Unpatched Vulnerability : CVE-2022-35229
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An authenticated user can create a link with reflected Javascript code inside it for the discovery page and send it to other users. The payload can be executed...
Linux Distros Unpatched Vulnerability : CVE-2022-24919
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An authenticated user can create a link with reflected Javascript code inside it for graphs' page and send it to other users. The payload can be executed only...
CVE-2025-50690
A Cross-Site Scripting XSS vulnerability exists in SpatialReference.org OSGeo/spatialreference.org versions prior to 2025-05-17 commit 2120adfa17ddd535bd0f539e6c4988fa3a2cb491. The vulnerability is caused by improper handling of user input in the search query parameter. An attacker can craft a...
CVE-2025-50690
A Cross-Site Scripting XSS vulnerability exists in SpatialReference.org OSGeo/spatialreference.org versions prior to 2025-05-17 commit 2120adfa17ddd535bd0f539e6c4988fa3a2cb491. The vulnerability is caused by improper handling of user input in the search query parameter. An attacker can craft a...
CVE-2024-26115
Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browse...
SUSE CVE-2022-24917
An authenticated user can create a link with reflected Javascript code inside it for services' page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all...
SUSE CVE-2022-24918
An authenticated user can create a link with reflected Javascript code inside it for items' page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all th...
SUSE CVE-2022-24919
An authenticated user can create a link with reflected Javascript code inside it for graphs' page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all t...
[SECURITY] [DLA 3538-1] zabbix security update
Debian LTS Advisory DLA-3538-1 [email protected] https://www.debian.org/lts/security/ Tobias Frost August 22, 2023 https://wiki.debian.org/LTS Package : zabbix Version : 1:4.0.4+dfsg-1+deb10u2 CVE ID : CVE-2013-7484 CVE-2019-17382 CVE-2022-35229 CVE-2022-43515 CVE-2023-29450...
Debian: Security Advisory (DLA-3538-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...