CVE-2013-20006

Qool CMS contains multiple persistent cross-site scripting vulnerabilities in several administrative scripts where POST parameters are not properly sanitized before being stored and returned to users. Attackers can inject malicious JavaScript code through parameters like 'title', 'name', 'email',...

CVE-2015-20115

Next Click Ventures RealtyScript 4.0.2 fails to properly sanitize file uploads, allowing attackers to store malicious scripts through the file POST parameter in admin/tools.php. Attackers can upload files containing JavaScript code that executes in the context of admin/tools.php when accessed by...

D-Link多款产品 命令注入漏洞

D-Link DNS-120, etc., are products of D-Link Corporation from China. The D-Link DNS-120 is a network storage adapter. The D-Link DNR-202L is a network video camera. The D-Link DNS-315L is a network attached storage device. Several D-Link products have command injection vulnerabilities, which stem...

Exploit for Classic Buffer Overflow in Freefloat Freefloat_Ftp_Server

CVE 2025-5548 Este es el repositorio principal donde document...

CVE-2015-20115 RealtyScript 4.0.2 Stored Cross-Site Scripting via File Upload Parameter

Next Click Ventures RealtyScript 4.0.2 fails to properly sanitize file uploads, allowing attackers to store malicious scripts through the file POST parameter in admin/tools.php. Attackers can upload files containing JavaScript code that executes in the context of admin/tools.php when accessed by...

CVE-2015-20113

CVE-2015-20113 affects RealtyScript 4.0.2 (Next Click Ventures). Connected sources confirm multiple vulnerabilities: cross-site request forgery (CSRF) and persistent cross-site scripting (XSS). The explorable impact described is that an attacker can craft a malicious page to trigger unauthorized ...

CVE-2013-20006 Qool CMS Multiple Persistent Cross-Site Scripting Vulnerabilities

Qool CMS contains multiple persistent cross-site scripting vulnerabilities in several administrative scripts where POST parameters are not properly sanitized before being stored and returned to users. Attackers can inject malicious JavaScript code through parameters like 'title', 'name', 'email',...

CVE-2013-20006 Qool CMS Multiple Persistent Cross-Site Scripting Vulnerabilities

Qool CMS contains multiple persistent cross-site scripting vulnerabilities in several administrative scripts where POST parameters are not properly sanitized before being stored and returned to users. Attackers can inject malicious JavaScript code through parameters like 'title', 'name', 'email',...

CVE-2013-20006

Qool CMS (notably version 2.0 RC2 per ZSL report) contains multiple persistent cross-site scripting vulnerabilities in administrative scripts. POST parameters such as title, name, email, username, link, and task are not properly sanitized before storage and return, allowing injected JavaScript to...

CVE-2013-20006

Qool CMS contains multiple persistent cross-site scripting vulnerabilities in several administrative scripts where POST parameters are not properly sanitized before being stored and returned to users. Attackers can inject malicious JavaScript code through parameters like 'title', 'name', 'email',...

PT-2026-25571

A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This impacts the function cgi...

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition via the system.run process. An attacker can execute unintended local code as the runtime user by modifying an approved local script after...

Malicious code in @immuta/flag-providers-web (npm)

Malicious package due to data exfiltration, command execution, and suspicious install scripts. Gathers system info and sends it to a remote server. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 041967637fd096ee4ba0091769b628c2c7da4bd4a60f38a6b4e3ba5cea9cf788 T...

MAL-2026-1382 Malicious code in @immuta/flag-providers-web (npm)

Malicious package due to data exfiltration, command execution, and suspicious install scripts. Gathers system info and sends it to a remote server. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 041967637fd096ee4ba0091769b628c2c7da4bd4a60f38a6b4e3ba5cea9cf788 T...

Malicious code in @lux2/ssr-catalogue-sfcc (npm)

Package collects system info, exfiltrates data to a suspicious IP, executes shell commands, and uses pre/postinstall scripts. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b625e0932d70166d526fb8fa4993c8c448699203e795ad308cfe52cd784b28ff The package...

MAL-2026-1384 Malicious code in @lux2/ssr-catalogue-sfcc (npm)

Package collects system info, exfiltrates data to a suspicious IP, executes shell commands, and uses pre/postinstall scripts. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b625e0932d70166d526fb8fa4993c8c448699203e795ad308cfe52cd784b28ff The package...

MAL-2026-1383 Malicious code in @immuta/pxl-components (npm)

Malicious package due to data exfiltration, arbitrary command execution, and suspicious install scripts targeting dependency confusion. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 03d86f67d7f931d0f720838a4bda33d56a54a5502b29ebe3e1094a984041b7a2 The package...

Malicious code in @immuta/pxl-components (npm)

Malicious package due to data exfiltration, arbitrary command execution, and suspicious install scripts targeting dependency confusion. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 03d86f67d7f931d0f720838a4bda33d56a54a5502b29ebe3e1094a984041b7a2 The package...

Cisco Finesse XSS (cisco-sa-cc-xss-MrNAH5Jh)

According to its self-reported version, Cisco Finesse is affected by a cross-site scripting vulnerability in the web-based management interface due to insufficient validation of user-supplied input. An unauthenticated, remote attacker could exploit this vulnerability by persuading a user of the...

CVE-2026-2987

The Simple Ajax Chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'c' parameter in versions up to, and including, 20260217 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts ...