99 matches found
EUVD-2024-55005
Malicious code in bioql PyPI...
CVE-2025-55346 Unintended dynamic code execution leads to remote code execution by network attackers
User-controlled input flows to an unsafe implementation of a dynamic Function constructor, allowing network attackers to run arbitrary unsandboxed JS code in the context of the host, by sending a simple POST request...
CVE-2025-55346 Unintended dynamic code execution leads to remote code execution by network attackers
User-controlled input flows to an unsafe implementation of a dynamic Function constructor, allowing network attackers to run arbitrary unsandboxed JS code in the context of the host, by sending a simple POST request...
The vulnerability of the XWiki platform for creating collaborative web applications lies in its lack of protection for website structures. This allows attackers to execute arbitrary JavaScript code.
The vulnerability of the XWiki Platform lies in the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code remotely...
CVE-2023-38883
A reflected cross-site scripting XSS vulnerability in the Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'ajax' parameter in 'ParentLookup.php'...
CVE-2019-13392
A reflected Cross-Site Scripting XSS vulnerability in MindPalette NateMail 3.0.15 allows an attacker to execute remote JavaScript in a victim's browser via a specially crafted POST request. The application will reflect the recipient value if it is not in the NateMail recipient array. Note that th...
The vulnerability of the E-Staff automated recruitment process system, related to errors in data filtering during object updates, allows a perpetrator to execute arbitrary JavaScript code.
The vulnerability of the E-Staff recruitment process automation system is related to errors in data filtering during object updates. Exploiting this vulnerability could allow a malicious actor to execute arbitrary JavaScript code remotely...
CVE-2024-46226
A stored cross site scripting XSS vulnerability in HelpDeskZ v2.0.2 allows remote attackers to execute arbitrary JavaScript in the administration panel by including a malicious payload into the file name and upload file function when creating a new ticket...
CVE-2024-46226
A stored cross site scripting XSS vulnerability in HelpDeskZ v2.0.2 allows remote attackers to execute arbitrary JavaScript in the administration panel by including a malicious payload into the file name and upload file function when creating a new ticket...
CVE-2025-22917
A reflected cross-site scripting XSS vulnerability in Audemium ERP =0.9.0 allows remote attackers to execute an arbitrary JavaScript payload in the web browser of a user by including a malicious payload into the 'type' parameter of list.php...
PT-2024-9963 · Unknown · Express Web Client
Name of the Vulnerable Software and Affected Versions: eXpress web client affected versions not specified Description: The issue is caused by insufficient protection of the web page structure in the document viewer library of the eXpress web client. This allows a remote attacker to execute...
CVE-2024-55341
CVE-2024-55341 is a stored XSS vulnerability in Piranha CMS 11.1 where an attacker can inject JavaScript by creating a page via /manager/pages and adding Markdown content. The issue originates from the /manager/pages Markdown content handling and can lead to arbitrary script execution in a user’s...
The vulnerability of the Passwork password manager, related to the lack of protective measures for the website structure, allows attackers to execute arbitrary JavaScript code.
The vulnerability of the Passwork password manager is related to the lack of protective measures for the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code remotely...
The vulnerability of the component_id and object_id parameters of the Netcat landing CMS system allows a hacker to execute arbitrary JavaScript code.
The vulnerability of the componentid and objectid parameters in the Netcat landing CMS system exists due to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code in the user’s browser remotely...
The vulnerability of the alter_form.php function in the Netcat CMS system allows a hacker to execute arbitrary JavaScript code.
The vulnerability of the alterform.php function in the Netcat CMS system is related to the manipulation of cross-site requests. Exploiting this vulnerability allows a malicious actor to execute any JavaScript code in the user’s browser remotely...
The vulnerability of the logging module in CMS systems like Netcat allows attackers to execute arbitrary JavaScript code.
The vulnerability of the logging module in CMS systems like Netcat exists due to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code in the user’s browser remotely...
The vulnerability of the filemanager module in the CMS system Netcat, which allows a hacker to execute arbitrary JavaScript code
The vulnerability of the filemanager module in the CMS system Netcat exists due to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code in the user’s browser remotely...
The vulnerability of the stats module in the Netcat CMS system allows a hacker to execute arbitrary JavaScript code.
The vulnerability of the stats module in the Netcat CMS system exists due to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code in the user’s browser remotely...
The vulnerability of the CDwnBindInfo function in the mshtml.dll library of Internet Explorer allows a hacker to execute arbitrary code.
The vulnerability of the CDwnBindInfo function in the mshtml.dll library of the Internet Explorer browser is related to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to execute arbitrary JavaScript code by sending a specially created HTML file...
PT-2024-5679 · Unknown · Netcat Cms
Name of the Vulnerable Software and Affected Versions: Netcat CMS affected versions not specified Description: The issue exists due to a lack of protection measures for the web page structure in the stats module of the Netcat CMS system. This allows a remote attacker to execute arbitrary JavaScri...