CVE-2021-41142

Tuleap Open ALM is a libre and open source tool for end to end traceability of application and system developments. There is a cross-site scripting vulnerability in Tuleap Community Edition prior to 12.11.99.25 and Tuleap Enterprise Edition 12.11-2. A malicious user with the capability to add and...

CVE-2019-7333

Reflected Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'Exportfile' parameter value in the view download download.php because proper filtration is omitted...

EUVD-2019-1731

Malware in sbrugna...

EUVD-2024-41067

Malicious code in bioql PyPI...

CVE-2023-47620

Scrypted is a home video integration and automation platform. In versions 0.55.0 and prior, a reflected cross-site scripting vulnerability exists in the plugin-http.ts file via the owner' and 'pkg parameters. An attacker can run arbitrary JavaScript code...

CVE-2020-18724

Authenticated stored cross-site scripting XSS in the contact name field in the distribution list of MDaemon webmail 19.5.5 allows an attacker to executes code and perform a XSS attack while opening a contact list...

pgAdmin < 9.2 Multiple Vulnerabilities

The version of pgAdmin installed on the remote host is prior to 9.2. It is, therefore, affected by the following vulnerabilities: - Remote Code Execution security vulnerability in pgAdmin 4 Query Tool and Cloud Deployment modules. The vulnerability is associated with the 2 POST endpoints;...

CVE-2025-2946

CVE-2025-2946 is a Cross‑Site Scripting (XSS) vulnerability in pgAdmin 4 where arbitrary HTML/JavaScript can execute in a user’s browser via query result rendering. Affected version: pgAdmin

CVE-2025-25747

Cross Site Scripting vulnerability in DigitalDruid HotelDruid v.3.0.7 allows an attacker to execute arbitrary code and obtain sensitive information via the ripristinabackup parameter in the creabackup.php endpoint...

CVE-2025-25747

CVE-2025-25747: A Cross Site Scripting vulnerability in DigitalDruid HotelDruid v3.0.7 allows an attacker to execute arbitrary code and disclose sensitive information via the ripristina_backup parameter in crea_backup.php. Root cause details are not provided beyond the parameter abuse; the provid...

CVE-2023-43878

Rite CMS 3.0 has Multiple Cross-Site scripting XSS vulnerabilities that allow attackers to execute arbitrary code via a crafted payload into the Main Menu Items in the Administration Menu...

GHSA-P495-JRPQ-P66G MantisBT XSS when uploading an attachment

The projdoceditpage.php Project Documentation feature in MantisBT before 2.21.3 has a stored cross-site scripting XSS vulnerability, allowing execution of arbitrary code if CSP settings permit it after uploading an attachment with a crafted filename. The code is executed when editing the document...

MGASA-2019-0281 Updated webkit2 packages fix security vulnerabilities

Updated webkit2 packages fix security vulnerabilities: Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling CVE-2019-8644. Processing maliciously crafted web content may lead to universal...

sNews CMS 1.7.1 CSRF / Cross Site Scripting / Code Execution

Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/SNEWS-RCE-CSRF-XSS.txt + ISR: APPARITIONSEC Vendor: ============ snewscms.com Product: ================ sNews CMS v1.7.1 Vulnerability Type: =================================== Persistent...

HP Intelligent Management Center multiple security vulnerabilities

Crossite scripting, code execution, information disclosure...

Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities

Crossite scripting, code execution, memory corruptions, information leakage...

Gmail Checker Plus Chrome Extension Cross Site Scripting

Gmail Checker plus Chrome extension XSS extension: https://chrome.google.com/extensions/detail/mihcahmgecmbnbcchbopgniflfhgnkff advisore:http://lostmon.blogspot.com/2010/06/gmail-checker-plus-chrome-extension-xss.html Exploit available:yes So in this case "Google Mail Checker Plus" version 1.1.7...

Gentoo Security Advisory GLSA 200506-12 (mediawiki)

The remote host is missing updates announced in advisory GLSA 200506-12. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Gentoo Security Advisory GLSA 200505-10 (phpBB)

The remote host is missing updates announced in advisory GLSA 200505-10. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...