Malicious code in pycolorom (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 6babcee81c12759b66be4c0a8ba33c3f0272b052a47fda31227f4a6087ba8e5b The package, distinguished as a speed testing or typosquatted Telegram library, contains a Telegram bot to perform remote control of the computer --- Category:...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the variableSave function of the /admin/system/variableList.do endpoint when handling the Description argument. An attacker can inject and execute arbitrary scripts in the context of a user's browser by...

CVE-2026-21451 Bagisto has HTML Filter Bypass that Enables Stored XSS

Bagisto is an open source laravel eCommerce platform. A stored Cross-Site Scripting XSS vulnerability exists in Bagisto prior to version 2.3.10 within the CMS page editor. Although the platform normally attempts to sanitize tags, the filtering can be bypassed by manipulating the raw HTTP POST...

CVE-2025-45286

CVE-2025-45286 : A cross-site scripting (XSS) vulnerability affects the Go-based web framework/application mccutchen httpbin version 2.17.1 . The issue allows an attacker to inject arbitrary web scripts or HTML via a crafted payload. According to the CVE metadata, the attack vector is network-bas...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the /siteVar/save.do endpoint. An attacker can inject and execute arbitrary scripts by submitting crafted input to the Remark or Variable Value parameters. Details Cross-site scripting or XSS is a code...

Cross-site Scripting (XSS)

Overview trix is a Rich Text Editor. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to applying DOMPurify.isValidAttribute to data-trix-attachments before rendering them as anchor tags. An attacker can execute arbitrary JavaScript code within the user's session,...

Malicious code in telegreph (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 cca72e5a6a205d657e13d29aee3f5448061afd17f222f11db168ef8a20744992 The package, distinguished as a speed testing or typosquatted Telegram library, contains a Telegram bot to perform remote control of the computer --- Category:...

Malicious code in aiogrem (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2429ae6fbbf21c43b0bb5cc9a1ed320a2b7df0433adac380ec5902508727bc98 The package, distinguished as a speed testing or typosquatted Telegram library, contains a Telegram bot to perform remote control of the computer --- Category:...

CVE-2022-50802

ETAP Safety Manager 1.0.0.32 contains a cross-site scripting vulnerability in the 'action' GET parameter that allows unauthenticated attackers to inject malicious HTML and JavaScript. Attackers can craft specially formed requests to execute arbitrary scripts in victim browser sessions, potentiall...

PT-2025-54249

Name of the Vulnerable Software and Affected Versions ETAP Safety Manager version 1.0.0.32 Description ETAP Safety Manager version 1.0.0.32 contains a cross-site scripting issue in the action GET parameter. This allows unauthenticated attackers to inject malicious HTML and JavaScript. Attackers c...

PT-2025-54174

Name of the Vulnerable Software and Affected Versions sunhailin12315 product-review 商品评价系统 versions up to 91ead6890b4065bb45b7602d0d73348e75cb4639 Description A security flaw exists in the sunhailin12315 product-review 商品评价系统. The issue is related to cross site scripting, which can be triggered b...

MachSol MachPanel 安全漏洞

MachSol MachPanel is a cloud automation control panel and billing platform from US-based MachSol. A security vulnerability exists in MachSol MachPanel version 8.0.32, which stems from mishandling of specially crafted PDF files and could lead to the execution of arbitrary web script or HTML...

Malicious code in telegrem (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f2186dc29d07dc851d756bae0b5d080ebe5923efe6654fdb4aa9ec55bbba9b6a The package, distinguished as a speed testing or typosquatted Telegram library, contains a Telegram bot to perform remote control of the computer --- Category:...

MAL-2025-192943 Malicious code in telegrem (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f2186dc29d07dc851d756bae0b5d080ebe5923efe6654fdb4aa9ec55bbba9b6a The package, distinguished as a speed testing or typosquatted Telegram library, contains a Telegram bot to perform remote control of the computer --- Category:...

Kentico Xperience Rich Text Editor Component Cross-Site Scripting Vulnerability

Kentico Xperience is a digital experience platform from Kentico. A cross-site scripting vulnerability exists in the Kentico Xperience rich text editor component that can be exploited by an attacker to execute arbitrary script in a user's browser...

Kentico Xperience cross-site scripting vulnerability (CNVD-2026-05127)

Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the administration interface, which can be exploited by an attacker to execute...

Kentico Xperience cross-site scripting vulnerability (CNVD-2026-04266)

Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary web script or HTML by injecting a crafted payload...

RiteCMS Cross-Site Scripting Vulnerability

RiteCMS is an open source content management system based on php and sqlite. RiteCMS suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data, which can be exploited by an attacker to execute arbitrary Web...

CVE-2025-14412

Soda PDF Desktop XLS File Insufficient UI Warning Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Soda PDF Desktop. User interaction is required to exploit this vulnerability in that the target must visit a...

CVE-2025-14418 pdfforge PDF Architect XLS File Insufficient UI Warning Remote Code Execution Vulnerability

pdfforge PDF Architect XLS File Insufficient UI Warning Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of pdfforge PDF Architect. User interaction is required to exploit this vulnerability in that the target must...