EUVD-2019-8033

Malware in sbrugna...

EUVD-2021-10096

Malware in sbrugna...

EUVD-2023-28997

Malicious code in bioql PyPI...

EUVD-2023-28829

Malicious code in bioql PyPI...

EUVD-2022-42936

Malicious code in bioql PyPI...

EUVD-2025-15218

Malicious code in bioql PyPI...

EUVD-2021-29066

Malicious code in bioql PyPI...

EUVD-2025-5383

Malicious code in bioql PyPI...

CVE-2022-29876

A vulnerability has been identified in SICAM T All versions V3.0. Affected devices do not properly handle the input of a GET request parameter. The provided argument is directly reflected in the web server response. This could allow an unauthenticated attacker to perform reflected XSS attacks...

CVE-2024-49707

CVE-2024-49707: Reflected XSS vulnerability in Internet Starter, a module of SoftCOM iKSORIS. An attacker could lure a user into submitting a password-reset form containing malicious script, which would execute in the user’s browser context. Affects Internet Starter component of the iKSORIS syste...

CVE-2024-49707 XSS in iKSORIS

Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Reflected XSS Cross-site Scripting attacks. An attacker might trick a user into filling a form designed for resetting user's password with a malicious script, what causes the script to run in user's context. This...

PT-2025-16225 · Softcom · Softcom Iksoris Internet Starter

Name of the Vulnerable Software and Affected Versions: SoftCOM iKSORIS Internet Starter versions prior to 79.0 Description: The issue is related to Reflected XSS Cross-site Scripting attacks. An attacker can craft a link with a malicious script that gets embedded in references to other resources,...

PT-2025-16232 · Softcom · Softcom Iksoris Internet Starter

Name of the Vulnerable Software and Affected Versions: SoftCOM iKSORIS Internet Starter versions prior to 79.0 Description: The issue concerns a Reflected XSS Cross-site Scripting attack. An attacker could trick a user into filling a form designed for resetting the user's password with a maliciou...

CVE-2025-21627

GLPI is a free asset and IT management software package. In versions prior to 10.0.18, a malicious link can be crafted to perform a reflected XSS attack on the search page. If the anonymous ticket creation is enabled, this attack can be performed by an unauthenticated user. Version 10.0.18 contai...

CVE-2024-12907 XSS in Kentico 7

Kentico CMS in version 7 is vulnerable to a Reflected XSS attacks through manipulation of a specific GET request parameter sent to /CMSMessages/AccessDenied.aspx endpoint. Notably, support for this version of Kentico ended in 2016. Version 8 was tested as well and does not contain this...

CVE-2024-20460

CVE-2024-20460 affects Cisco ATA 190 Series Analog Telephone Adapter firmware. It’s a reflected XSS in the web-based management interface caused by insufficient input validation; an unauthenticated remote attacker can lure a user to click a crafted link to execute script in the interface or acces...

RHEL 8 : resteasy (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - RESTEasy: creation of insecure temp files CVE-2023-0482 Note that Nessus has not tested for this issue but has...

CVE-2023-24839

HGiga MailSherlock’s specific function has insufficient filtering for user input. An unauthenticated remote attacker can exploit this vulnerability to inject JavaScript, conducting a reflected XSS attack...

Cross site scripting

HGiga MailSherlock’s specific function has insufficient filtering for user input. An unauthenticated remote attacker can exploit this vulnerability to inject JavaScript, conducting a reflected XSS attack...

CVE-2023-24839 HGiga MailSherlock - Reflected XSS

HGiga MailSherlock’s specific function has insufficient filtering for user input. An unauthenticated remote attacker can exploit this vulnerability to inject JavaScript, conducting a reflected XSS attack...