HP Integrated Lights-Out Improper Neutralization of Input During Web Page Generation (CVE-2021-29211)

"A remote xss vulnerability was discovered in HPE Integrated Lights-Out 4 iLO 4 %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid504424; scriptversion"1.1"; scriptsetattributeattribute:"pluginmodificationdate", value:"2025/11/13"; scriptcveid"CVE-2021-29211";...

CVE-2025-12229

A security flaw has been discovered in projectworlds Expense Management System 1.0. This affects an unknown function of the file /public/admin/roles/create of the component Roles Page. The manipulation results in cross site scripting. The attack may be performed from remote. The exploit has been...

CVE-2025-12300

A weakness has been identified in code-projects Simple Food Ordering System 1.0. This issue affects some unknown processing of the file /addcategory.php. This manipulation of the argument cname causes cross site scripting. The attack can be initiated remotely. The exploit has been made available ...

CVE-2025-12289

A flaw has been found in Sui Shang Information Technology Suishang Enterprise-Level B2B2C Multi-User Mall System 1.0. Affected by this vulnerability is an unknown functionality of the file /Point/index/activitystate/1/categoryid/1001. Executing manipulation of the argument categoryid can lead to...

CVE-2025-12290

CVE-2025-12290 affects Sui Shang Information Technology Suishang Enterprise-Level B2B2C Multi-User Mall System 1.0. The vulnerability is a cross-site scripting in the file /i/359 created by manipulating the keywords argument. It is exploitable remotely, with exploitation details publicly disclose...

CVE-2025-12289

CVE-2025-12289 affects the Sui Shang Information Technology Suishang Enterprise-Level B2B2C Multi-User Mall System 1.0. The flaw is an cross-site scripting vulnerability arising from manipulating the argument category_id in the file /Point/index/activity_state/1/category_id/1001. The issue can be...

CVE-2025-12281

A vulnerability was determined in code-projects Client Details System 1.0. Impacted is an unknown function of the file /admin/clientview.php. Executing manipulation can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be...

EUVD-2025-36122

A security flaw has been discovered in chatwoot up to 4.7.0. This issue affects some unknown processing of the file app/javascript/shared/components/IframeLoader.vue of the component Admin Interface. The manipulation of the argument Link results in cross site scripting. The attack can be executed...

CVE-2025-12244 code-projects Simple E-Banking System register.php cross site scripting

A vulnerability was determined in code-projects Simple E-Banking System 1.0. This affects an unknown part of the file /eBank/register.php. Executing manipulation of the argument Username can lead to cross site scripting. The attack may be launched remotely. The exploit has been publicly disclosed...

CVE-2025-12228

A vulnerability was identified in projectworlds Expense Management System 1.0. The impacted element is an unknown function of the file /public/admin/users/create of the component Users Page. The manipulation leads to cross site scripting. The attack is possible to be carried out remotely. The...

PT-2025-41493

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.3.35 through 7.4.3.111 Liferay DXP versions 2023.Q4.0 through 2023.Q4.5 Liferay DXP versions 2023.Q3.1 through 2023.Q3.7 Liferay Portal versions 7.4 update 35 through update 92 Liferay Portal version 7.3 update 25...

CVE-2025-11485 SourceCodester Student Grades Management System Manage Users admin.php add_user cross site scripting

A vulnerability was determined in SourceCodester Student Grades Management System 1.0. Affected is the function adduser of the file /admin.php of the component Manage Users Page. This manipulation of the argument firstname/lastname causes cross site scripting. The attack can be initiated remotely...

CVE-2025-11433 itsourcecode Leave Management System Query Parameter controller.php redirect cross site scripting

A security flaw has been discovered in itsourcecode Leave Management System 1.0. This impacts the function redirect of the file /module/employee/controller.php?action=reset of the component Query Parameter Handler. Performing a manipulation of the argument ID results in cross site scripting. It i...

EUVD-2008-1622

Malware in sbrugna...

EUVD-2012-1327

Malware in sbrugna...

EUVD-2012-1908

Malware in sbrugna...

CVE-2025-11332

A vulnerability was determined in CmsEasy up to 7.7.7. This affects an unknown function in the library lib/inc/view.php of the component URL Handler. Executing a manipulation of the argument PHPSELF can lead to cross site scripting. The attack may be launched remotely. The exploit has been public...

PT-2025-40794

Name of the Vulnerable Software and Affected Versions Frappe LMS version 2.35.0 Description A flaw exists in Frappe LMS that allows for cross site scripting. This issue is related to the Course Handler component and involves manipulation of the Description argument. The attack can be carried out...

PT-2025-40807

Name of the Vulnerable Software and Affected Versions ixmaps website2017 versions prior to 0c71cffa0162186bc057a76766bc97e9f5a3a2d0 Description A security flaw exists that allows for cross site scripting. The issue is related to the manipulation of the trid argument within an HTTP GET request...

EUVD-2025-29001

Malicious code in bioql PyPI...