566 matches found
EUVD-2024-1196
Malicious code in bioql PyPI...
EUVD-2022-1759
Malicious code in bioql PyPI...
EUVD-2024-40459
Malicious code in bioql PyPI...
EUVD-2022-37278
Malicious code in bioql PyPI...
EUVD-2022-2122
Malicious code in bioql PyPI...
EUVD-2024-26856
Malicious code in bioql PyPI...
CVE-2025-59838 Monkeytype Vulnerable to Self-XSS on loading saved custom text
Monkeytype is a minimalistic and customizable typing test. In versions 25.36.0 and prior, improper handling of user input when loading a saved custom text results in XSS. This issue has been fixed in version 25.44.0...
CVE-2025-59838
CVE-2025-59838 describes a self-XSS vulnerability in Monkeytype prior to version 25.44.0, triggered by improper handling of user input when loading a saved custom text. The issue affects Monkeytype versions up to 25.36.0, where loading saved text could execute unintended scripts. The fixed versio...
CVE-2025-6999 WatchGuard Firebox Authentication Portal Request Smuggling Vulnerability
An HTTP Request Smuggling CWE-444 vulnerability in the Authentication portal of WatchGuard Fireware OS allows a remote attacker to evade request parameter sanitation and perform a reflected self-Cross-Site Scripting XSS attack.This issue affects Fireware OS: from 12.0 through 12.11.2...
Cloudflare Public Bug Bounty: [Variation of #1554049] 1-Click Chaining of Self-XSS, Cookie Tossing and AntiCSRF Token Prediction leads to auto approval in Access Temp Auth
A vulnerability was discovered in Cloudflare Access that could allow for unauthorized approvals within the Temporary Auth workflow. The issue was resolved after the researcher reported it to Cloudflare...
CVE-2025-54789 Files is Vulnerable to Reflected Self-XSS through its File Move Functionality
Files is a module for managing files inside spaces and user profiles. In versions 0.16.9 and below, the File Move functionality does not contain logic that prevents injection of arbitrary JavaScript, which can lead to Browser JS code execution in the context of the user’s session. This is fixed i...
CVE-2025-54789
The CVE-2025-54789 entry relates to the Files module, specifically the File Move functionality. Versions ≤ 0.16.9 allow injection of arbitrary JavaScript, enabling Browser JavaScript execution in the user’s session. This is the underlying issue described across multiple sources (NVD, Red Hat advi...
CVE-2025-54789 Files is Vulnerable to Reflected Self-XSS through its File Move Functionality
Files is a module for managing files inside spaces and user profiles. In versions 0.16.9 and below, the File Move functionality does not contain logic that prevents injection of arbitrary JavaScript, which can lead to Browser JS code execution in the context of the user’s session. This is fixed i...
rsmail
Extension: RSMail! Version: Old 1.22.26, 1.22.27, 1.22.28 / New 1.22.29 Update details: Versions affected 1.19.20 through 1.22.28. Self XSS allows remote authenticated attackers to inject arbitrary web script or HTML via a crafted parameter. Fixed in 1.22.29 Update URL:...
CVE-2024-43808
In JetBrains TeamCity before 2024.07.1 self XSS was possible in the HashiCorp Vault plugin...
CVE-2024-29865
Logpoint before 7.1.0 allows Self-XSS on the LDAP authentication page via the username to the LDAP login form...
CVE-2024-21730
The fancyselect list field layout does not correctly escape inputs, leading to a self-XSS vector...
CVE-2024-26481
Kirby CMS v4.1.0 was discovered to contain a reflected self-XSS vulnerability via the URL parameter...
CVE-2024-32468
Deno is a runtime for JavaScript and TypeScript written in rust. Several cross-site scripting vulnerabilities existed in the denodoc crate which lead to Self-XSS with deno doc --html. 1. XSS in generated searchindex.js, denodoc outputs a JavaScript file for searching. However, the generated file...
CVE-2022-46904
Insufficient processing of user input in WebSoft HCM 2021.2.3.327 allows an authenticated attacker to inject arbitrary HTML tags into the page processed by the user's browser, including scripts in the JavaScript programming language, which leads to Self-XSS...