CVE-2024-54451

A cross-site scripting XSS vulnerability in the graphicCustomization.do page in Kurmi Provisioning Suite before 7.9.0.38, 7.10.x through 7.10.0.18, and 7.11.x through 7.11.0.15 allows remote attackers authenticated as system administrators to inject arbitrary web script or HTML via the...

CVE-2024-54451

Kurmi Provisioning Suite is affected by an XSS flaw in the graphicCustomization.do page. The vulnerability allows an authenticated system administrator to inject arbitrary web script or HTML through the COMPONENT_fields(htmlTitle) field, which can be rendered on other pages for all users if graph...

CVE-2024-11993

CVE-2024-11993 is a reflected cross-site scripting (XSS) vulnerability affecting Liferay Portal 7.4.0–7.4.3.38 and Liferay DXP 7.4 GA through update 38, exploitable via the Dispatch name field. The connected documents consistently describe an XSS flaw resulting from improper handling of user inpu...

CVE-2024-11993

Reflected cross-site scripting XSS vulnerability in Liferay Portal 7.4.0 through 7.4.3.38, and Liferay DXP 7.4 GA through update 38 allows remote attackers to execute arbitrary web script or HTML via Dispatch name field...

CVE-2024-37776

A cross-site scripting XSS vulnerability in Sunbird DCIM dcTrack v9.1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in some admin screens...

Malicious code in rwoka (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 601385385b682f6bdaa31c763e64c5fafb16f22df60acd266c9c7f23f73208ee The package contains highly obfuscated content, that install another, downloaded from a remote location obfuscated script in the installation path of the...

MAL-2024-12342 Malicious code in rwoka (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 601385385b682f6bdaa31c763e64c5fafb16f22df60acd266c9c7f23f73208ee The package contains highly obfuscated content, that install another, downloaded from a remote location obfuscated script in the installation path of the...

Malicious code in python-bitget-api (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 cac6988c3746b27c0cc34a156657431c2a0c0c36de45c6b88a00130d30dfd66e Importing the module starts an obfuscated PowerShell code, which downloads and executes a remote script. On Windows, the script appears to just start the...

MAL-2024-12333 Malicious code in python-bitget-api (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 cac6988c3746b27c0cc34a156657431c2a0c0c36de45c6b88a00130d30dfd66e Importing the module starts an obfuscated PowerShell code, which downloads and executes a remote script. On Windows, the script appears to just start the...

CVE-2024-54935

A Stored Cross-Site Scripting XSS vulnerability was found in /sendmessageteachertostudent.php of kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the mymessage parameter...

CVE-2024-53283

Improper neutralization of input during web page generation 'Cross-site Scripting' vulnerability in Router Port Forward functionality in Synology Router Manager SRM before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to read or write specific files containing...

CVE-2024-53282

Improper neutralization of input during web page generation 'Cross-site Scripting' vulnerability in WiFi Connect MAC Filter functionality in Synology Router Manager SRM before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to read or write specific files containing...

CVE-2024-54935

A Stored Cross-Site Scripting XSS vulnerability was found in /sendmessageteachertostudent.php of kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the mymessage parameter...

Malicious code in bestcolorsever2 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 fa4352627d3e53d9bea22f4b439c0749f5a88407f6dda914fe43ca7612c5b101 Packages either test the malicious behaviour, or actually download and run a simple remote script during the installation. --- Category: PROBABLYPENTEST -...

Malicious code in bestcolorsever3 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4870c1bbc72ff9abf86bcdb025ddf4a63c361c3bd3081db4cc812f4564e6301c Packages either test the malicious behaviour, or actually download and run a simple remote script during the installation. --- Category: PROBABLYPENTEST -...

Malicious code in bettercolorstesting (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 607fc60886a9983c22c65cd01bb93585f27b0830f203f3b3b181ff12026ea036 Packages either test the malicious behaviour, or actually download and run a simple remote script during the installation. --- Category: PROBABLYPENTEST -...

Malicious code in calc123lorc (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8694d9aee1895d2410aefdedcf0d8ca642301ed44085b3674a62856a4d4e42b2 Packages either test the malicious behaviour, or actually download and run a simple remote script during the installation. --- Category: PROBABLYPENTEST -...

Malicious code in calccc (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 66371c79f4cedb638d8d283883415c46a4bf6be25e3699fe5229bc8cd71a2f0a Packages either test the malicious behaviour, or actually download and run a simple remote script during the installation. --- Category: PROBABLYPENTEST -...

Malicious code in calcnotepad (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 84ad749380bb774a5cc7da818c03f863ee2838773e46e0a5c4cff469e1647962 Packages either test the malicious behaviour, or actually download and run a simple remote script during the installation. --- Category: PROBABLYPENTEST -...

Malicious code in newpackagetest2024 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 1e2e6f858089751c96fa15bde74d24a4dc6a68758e3ee4870a9c0d1f7c66d378 Packages either test the malicious behaviour, or actually download and run a simple remote script during the installation. --- Category: PROBABLYPENTEST -...