CVE-2025-54075

MDC is a tool to take regular Markdown and write documents interacting deeply with a Vue component. Prior to version 0.17.2, a remote script-inclusion / stored cross-site scripting vulnerability in @nuxtjs/mdc lets a Markdown author inject a element. The tag rewrites how all subsequent relative...

CVE-2025-54075 mdc vulnerable to XSS in markdown rendering bypassing HTML filter. (N°4)

MDC is a tool to take regular Markdown and write documents interacting deeply with a Vue component. Prior to version 0.17.2, a remote script-inclusion / stored cross-site scripting vulnerability in @nuxtjs/mdc lets a Markdown author inject a element. The tag rewrites how all subsequent relative...

CVE-2025-54075 mdc vulnerable to XSS in markdown rendering bypassing HTML filter. (N°4)

MDC is a tool to take regular Markdown and write documents interacting deeply with a Vue component. Prior to version 0.17.2, a remote script-inclusion / stored cross-site scripting vulnerability in @nuxtjs/mdc lets a Markdown author inject a element. The tag rewrites how all subsequent relative...

CVE-2025-54075

Summary: CVE-2025-54075 affects @nuxtjs/mdc (Nuxt MDC) before version 0.17.2, where Markdown rendering allows a remote script-inclusion / stored XSS via injecting a tag. The vulnerability rewrites how subsequent relative URLs are resolved, enabling loading of scripts, styles, or images from atta...

CVE-2025-54075 mdc vulnerable to XSS in markdown rendering bypassing HTML filter. (N°4)

MDC is a tool to take regular Markdown and write documents interacting deeply with a Vue component. Prior to version 0.17.2, a remote script-inclusion / stored cross-site scripting vulnerability in @nuxtjs/mdc lets a Markdown author inject a element. The tag rewrites how all subsequent relative...

CVE-2025-50056

A reflected XSS vulnerability in RSMail! component 1.19.20 - 1.22.26 28 Joomla was discovered. The issue allows remote attackers to inject arbitrary web script or HTML via the crafted parameter...

CVE-2025-50126

CVE-2025-50126 describes a stored XSS vulnerability in RSBlog! for Joomla, affecting versions 1.11.6–1.14.5. The issue arises from improper handling of the jform[tags_text] parameter, allowing remote authenticated users to inject arbitrary web script or HTML. Multiple connected sources corroborat...

CVE-2025-50056 Extension - rsjoomla.com - Reflected XSS vulnerability RSMail! component 1.19.20-1.22.28 for Joomla

A reflected XSS vulnerability in RSMail! component 1.19.20 - 1.22.26 28 Joomla was discovered. The issue allows remote attackers to inject arbitrary web script or HTML via the crafted parameter...

PT-2025-30024 · Rsjoomla · Rsmail!

Name of the Vulnerable Software and Affected Versions: RSMail! versions 1.19.20 through 1.22.26 Description: A reflected cross-site scripting XSS issue exists in the RSMail! component for Joomla. The issue allows remote attackers to inject arbitrary web script or HTML via a manipulated parameter...

PT-2025-30053 · Unknown · @Nuxtjs/Mdc

Name of the Vulnerable Software and Affected Versions: @nuxtjs/mdc versions prior to 0.17.2 Description: A remote script-inclusion / stored cross-site scripting issue exists in @nuxtjs/mdc. A Markdown author can inject a element, which rewrites how relative URLs are resolved. This allows an...

CVE-2025-53926

Emlog is an open source website building system. A cross-site scripting XSS vulnerability in emlog up to and including pro-2.5.17 allows remote attackers to inject arbitrary web script or HTML via the comment and comname parameters. Reflected XSS requires the victim to send POST requests, therefo...

CVE-2025-53926 Emlog has Stored Cross-site Scripting vulnerability due to error

Emlog is an open source website building system. A cross-site scripting XSS vulnerability in emlog up to and including pro-2.5.17 allows remote attackers to inject arbitrary web script or HTML via the comment and comname parameters. Reflected XSS requires the victim to send POST requests, therefo...

emlog 安全漏洞

emlog is emlog open source a PHP and MySQL based CMS website builder. A security vulnerability exists in emlog pro-2.5.17 and earlier versions, which stems from insufficient keyword parameter cleanup, and could lead to a remote attacker injecting arbitrary Web scripts...

PT-2025-29838 · Emlog · Emlog

Name of the Vulnerable Software and Affected Versions: Emlog versions through 2.5.17 Description: Emlog is a website building system. A cross-site scripting XSS issue exists in versions up to and including 2.5.17, allowing remote attackers to inject arbitrary web script or HTML via the comment an...

Malicious code in crpt (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 27d11f666afed6152d1e6e4f510ee725397a411a11ca6338fb5583dd21b400cc Importing the module starts downloading or decrypting, and then executing an executable being a wide recognized malware/Infostealer Redline family --- Category...

CVE-2025-28245

Cross-site scripting XSS vulnerability in Alteryx Server 2023.1.1.460 allows remote attackers to inject arbitrary web script or HTML via the notification body...

The vulnerability of the General HTML Support function (GHS) and the HTML embed panel in the Block Toolbar of the CKEditor editor allows attackers to execute XSS attacks.

The vulnerability of the General HTML Support function and the HTML embed panel in the Block Toolbar WYSIWYG-editor CKEditor is related to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability may allow a malicious actor to carry out XSS attacks remotely...

MAL-2025-191748 Malicious code in hancsv (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 bb3fdca931bea8323cd7a8c2578f6d0c0594b3ea1b30df1819830168fe90983b Importing the module triggers downloading and executing Powershell script. The script collects information about the host including e.g. startup applications a...

CVE-2025-25905

Cross-Site Scripting XSS vulnerability in CADClick v1.13.0 and before allows remote attackers to inject arbitrary web script or HTML via the "tree" parameter...

Malicious code in chimera-sandbox-extensions (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 9b87170278a2bed3680592ca4efa2d402a56ee044fcfea4b95831e545431a794 When started, the code attempts to access multiple domains based on the generating algorithm. Once one valid is found, it downloads a script and executes it. T...