47 matches found
CVE-2026-28355 "PWA" Canarytoken Vulnerable to Stored Self Cross-Site Scripting
Canarytokens help track activity and actions on a network. Versions prior to sha-7ff0e12 have a Self Cross-Site Scripting vulnerability in the "PWA" Canarytoken, whereby the Canarytoken's creator can attack themselves or someone they share the link with. The creator of a PWA Canarytoken can inser...
CVE-2019-7171
A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/blocks/blocks/edit/8...
EUVD-2018-20684
Malware in sbrugna...
EUVD-2017-16814
Malware in sbrugna...
EUVD-2020-29160
Malware in sbrugna...
EUVD-2023-52725
Malicious code in bioql PyPI...
EUVD-2025-22334
Malicious code in bioql PyPI...
EUVD-2025-9623
Malicious code in bioql PyPI...
EUVD-2022-51987
Malicious code in bioql PyPI...
EUVD-2021-31050
Malicious code in bioql PyPI...
CVE-2025-51863
Self Cross Site Scripting XSS vulnerability in ChatGPT Unli ChatGPTUnli.com thru 2025-05-26 allows attackers to execute arbitrary code via a crafted SVG file to the chat interface...
CVE-2025-51858
The CVE-2025-51858 entry concerns a self XSS vulnerability in ChatPlayground.ai up to 2025-05-24, exploitable via crafted SVG content sent in the chat component. Affected software is ChatPlayground.ai (chat feature) with the root cause described as SVG content in chat triggering script execution ...
CVE-2025-51858
Self Cross-Site Scripting XSS vulnerability in ChatPlayground.ai through 2025-05-24, allows attackers to execute arbitrary code and gain sensitive information via a crafted SVG file contents sent through the chat component...
Exploit for CVE-2025-51863
CVE-2025-51863 Vulnerability description ChatGPTUtil is...
CVE-2022-4663
The Members Import plugin for WordPress is vulnerable to Self Cross-Site Scripting via the userlogin parameter in an imported CSV file in versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web...
CVE-2025-27608
Arduino IDE 2.x is an IDE based on the Theia IDE framework and built with Electron. A Self Cross-Site Scripting XSS vulnerability has been identified within the Arduino-IDE prior to version v2.3.5. The vulnerability occurs in the Additional Board Manager URLs field, which can be found in the...
CVE-2025-27608
Arduino IDE 2.x is an IDE based on the Theia IDE framework and built with Electron. A Self Cross-Site Scripting XSS vulnerability has been identified within the Arduino-IDE prior to version v2.3.5. The vulnerability occurs in the Additional Board Manager URLs field, which can be found in the...
CVE-2025-27608 Self Cross-Site Scripting in Arduino IDE
Arduino IDE 2.x is an IDE based on the Theia IDE framework and built with Electron. A Self Cross-Site Scripting XSS vulnerability has been identified within the Arduino-IDE prior to version v2.3.5. The vulnerability occurs in the Additional Board Manager URLs field, which can be found in the...
CVE-2025-27608 Self Cross-Site Scripting in Arduino IDE
Arduino IDE 2.x is an IDE based on the Theia IDE framework and built with Electron. A Self Cross-Site Scripting XSS vulnerability has been identified within the Arduino-IDE prior to version v2.3.5. The vulnerability occurs in the Additional Board Manager URLs field, which can be found in the...
CVE-2025-27608
Arduino IDE 2.x (Electron-based Theia-derived IDE) contains a Self-XSS vulnerability in the Additional Board Manager URLs field found under Preferences → Settings. In vulnerable releases prior to 2.3.5, input in this field is displayed to users via a notification tooltip without proper output enc...