MiracleLinux 7 : firefox-128.11.0-1.0.1.el7.AXS7 (AXSA:2025-9973:18)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2025-9973:18 advisory. firefox: thunderbird: Clickjacking vulnerability could have led to leaking saved payment card details CVE-2025-5267 firefox: thunderbird: Potential...

MiracleLinux 8 : firefox-128.11.0-1.el8_10.ML.1 (AXSA:2025-9974:19)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2025-9974:19 advisory. firefox: thunderbird: Clickjacking vulnerability could have led to leaking saved payment card details CVE-2025-5267 firefox: thunderbird: Potential...

MiracleLinux 9 : thunderbird-128.11.0-1.el9_6.ML.1 (AXSA:2025-10532:16)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2025-10532:16 advisory. firefox: thunderbird: Out-of-bounds access when resolving Promise objects CVE-2025-4918 firefox: thunderbird: Out-of-bounds access when optimizing...

MAL-2026-236 Malicious code in graponater (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 9bbd986bf5883f6b5b40a7061c514b13f71a27c021471595671d060b260affc3 The package, distinguished as a speed testing or typosquatted Telegram library, contains a Telegram bot to perform remote control of the computer --- Category:...

CVE-2025-61674

October is a Content Management System CMS and web platform. Prior to versions 3.7.13 and 4.0.12, a cross-site scripting XSS vulnerability was identified in October CMS backend configuration forms. A user with the Global Editor Settings permission could inject malicious HTML/JS into the styleshee...

CVE-2025-61674 October CMS Vulnerable to Stored XSS via Editor and Branding Styles

October is a Content Management System CMS and web platform. Prior to versions 3.7.13 and 4.0.12, a cross-site scripting XSS vulnerability was identified in October CMS backend configuration forms. A user with the Global Editor Settings permission could inject malicious HTML/JS into the styleshee...

CVE-2025-61676 October CMS Vulnerable to Stored XSS via Branding Styles

October is a Content Management System CMS and web platform. Prior to versions 3.7.13 and 4.0.12, a cross-site scripting XSS vulnerabilities was identified in October CMS backend configuration forms. A user with the Customize Backend Styles permission could inject malicious HTML/JS into the...

CVE-2026-22029

React Router is a router for React. In @remix-run/router version prior to 1.23.2 and react-router 7.0.0 through 7.11.0, React Router and Remix v1/v2 SPA open navigation redirects originating from loaders or actions in Framework Mode, Data Mode, or the unstable RSC modes can result in unsafe URLs...

PT-2026-1832

Name of the Vulnerable Software and Affected Versions October versions prior to 3.7.13 October versions prior to 4.0.12 Description October is a Content Management System CMS and web platform. A cross-site scripting XSS issue exists in October CMS backend configuration forms. A user possessing th...

CVE-2023-43876

A Cross-Site Scripting XSS vulnerability in installation of October v.3.4.16 allows an attacker to execute arbitrary web scripts via a crafted payload injected into the dbhost field...

CVE-2023-43232

A stored cross-site scripting XSS vulnerability in the Website column management function of DedeBIZ v6.2.11 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter...

CVE-2023-43830

A Cross-site scripting XSS vulnerability in /panel/configuration/financial/ of Subrion v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into several fields: 'Minimum deposit', 'Maximum deposit' and/or 'Maximum balance'...

CVE-2023-49779

Stored cross-site scripting vulnerability exists in the anchor tag of GROWI versions prior to v6.0.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product...

CVE-2023-49117

PowerCMS 6 Series, 5 Series, and 4 Series contains a stored cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on a logged-in user's web browser. Note that all versions of PowerCMS 3 Series and earlier which are unsupported End-of-Life, EOL...

CVE-2023-49225

A cross-site-scripting vulnerability exists in Ruckus Access Point products ZoneDirector, SmartZone, and AP Solo. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is logging in the product. As for the affected products/models/versions, see...

CVE-2023-49971

A cross-site scripting XSS vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the firstname parameter at /customersupport/index.php?page=customerlist...

CVE-2023-49598

Stored cross-site scripting vulnerability exists in the event handlers of the pre tags in GROWI versions prior to v6.0.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product...

CVE-2023-49987

A cross-site scripting XSS vulnerability in the component /management/term of School Fees Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tname parameter...

CVE-2023-45737

Stored cross-site scripting vulnerability exists in the App Settings /admin/app page and the Markdown Settings /admin/markdown page of GROWI versions prior to v3.5.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using...

CVE-2023-31548

A stored Cross-site scripting XSS vulnerability in the FundRaiserEditor.php component of ChurchCRM v4.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...