CVE-2025-2536

Cross-site scripting XSS vulnerability on Liferay Portal 7.4.3.82 through 7.4.3.128, and Liferay DXP 2024.Q3.0, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 update 82 through update 92 in the Frontend JS module's...

PT-2025-11960

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.3.82 through 7.4.3.128 Liferay DXP versions 2024.Q3.0, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 update 82 through update 92...

gougucms 代码注入漏洞

gougucms gougucms CMS is China's gougu gougu open source based on ThinkPHP6 + Layui + MySql to create a lightweight general-purpose back-end management framework . gougucms 4.08.18 version of the code injection vulnerability, the vulnerability stems from cross-site scripting, may lead to a remote...

PHPGurukul Human Metapneumovirus Testing Management System 代码注入漏洞

PHPGurukul Human Metapneumovirus Testing Management System is a human subpneumovirus testing management system from PHPGurukul, Inc. A code injection vulnerability exists in version 1.0 of the PHPGurukul Human Metapneumovirus Testing Management System, which originates from cross-site scripting a...

Mercurial SCM 代码注入漏洞

Mercurial SCM is a free distributed source code control management tool from Mercurial SCM open source. A code injection vulnerability exists in Mercurial SCM version 4.5.3/71.19.145.211, which originates from cross-site scripting and could lead to a remote attacker executing arbitrary script in ...

CVE-2024-28803

Cross-site scripting XSS vulnerability in Italtel S.p.A. i-MCS NFV v.12.1.0-20211215 allows unauthenticated remote attackers to inject arbitrary web script or HTML into HTTP/POST parameter...

Malicious code in tonetext (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c46725ad6c88079cce4f7fa4a29175fec7f78ea83344da99d0f02ac4f020fcf3 When imported, the code embedded into the exception class downloads a remote file, and runs it by importing, and attempts to cover tracks by overwriting itself...

MAL-2025-191906 Malicious code in tonetext (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c46725ad6c88079cce4f7fa4a29175fec7f78ea83344da99d0f02ac4f020fcf3 When imported, the code embedded into the exception class downloads a remote file, and runs it by importing, and attempts to cover tracks by overwriting itself...

CVE-2024-50705

Unauthenticated reflected cross-site scripting XSS vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary scripts via the page parameter...

Linux Distros Unpatched Vulnerability : CVE-2024-3841

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient data validation in Browser Switcher in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to inject scripts or HTML into a privileged...

WordPress Yoast SEO Plugin < 5.8.0 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:yoast:yoastseo"; if description...

CVE-2024-34224

Cross Site Scripting vulnerability in /php-lms/classes/Users.php?f=save in Computer Laboratory Management System using PHP and MySQL 1.0 allow remote attackers to inject arbitrary web script or HTML via the firstname, middlename, lastname parameters...

Embedded Malicious Code

Overview uniapi is an A Universal API Framework. Affected versions of this package are vulnerable to Embedded Malicious Code which contains code that executes upon importing the module. This code downloads a script from a remote URL and executes it in a thread. The downloaded script collects syst...

PT-2025-5637 · Pypi · Uniapi

Name of the Vulnerable Software and Affected Versions: uniapi version 1.0.7 Description: The issue concerns code introduced in uniapi version 1.0.7 that executes upon import of the module. This code downloads a script from a remote URL and then runs the downloaded script in a thread, which harves...

uniapi version 1.0.7 contained an information harvesting script.

uniapi version 1.0.7 introduces code that would executeon import of the module and download a script from a remote URL,and would then execute the downloaded script in a thread.The downloaded script would harvest system informationand POST the information to another remote URL.This code was found ...

PT-2025-5672 · Uniapi · Uniapi

Name of the Vulnerable Software and Affected Versions: uniapi version 1.0.7 Description: The issue concerns code introduced in a specific version of the software that executes upon import of the module. This code downloads a script from a remote URL and then executes the downloaded script in a...

CVE-2025-23198

librenms is a community-based GPL-licensed network monitoring system. Affected versions are subject to a stored XSS on the parameters Replace $DEVICEID with your specific $DEVICEID value:/device/$DEVICEID/edit - param: display. Librenms versions up to 24.10.1 allow remote attackers to inject...

CVE-2024-56144 Stored XSS-LibreNMS-Display Name 2 in librenms

librenms is a community-based GPL-licensed network monitoring system. Affected versions are subject to a stored XSS on the parameters Replace $DEVICEID with your specific $DEVICEID value:/device/$DEVICEID/edit - param: display. Librenms versions up to 24.11.0 allow remote attackers to inject...

GHSA-C66P-64FJ-JMC2 LibreNMS Misc Section Stored Cross-site Scripting vulnerability

StoredXSS-LibreNMS-MiscSection Description: Stored XSS on the parameter: ajaxform.php - param: state Request: http POST /ajaxform.php HTTP/1.1 Host: X-Requested-With: XMLHttpRequest X-CSRF-TOKEN: Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Cookie:...

LibreNMS Misc Section Stored Cross-site Scripting vulnerability

StoredXSS-LibreNMS-MiscSection Description: Stored XSS on the parameter: ajaxform.php - param: state Request: http POST /ajaxform.php HTTP/1.1 Host: X-Requested-With: XMLHttpRequest X-CSRF-TOKEN: Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Cookie:...