CVE-2019-25378

Smoothwall Express 3.1-SP4-polar-x8664-update9 contains multiple cross-site scripting vulnerabilities in the proxy.cgi endpoint that allow attackers to inject malicious scripts through parameters including CACHESIZE, MAXSIZE, MINSIZE, MAXOUTGOINGSIZE, and MAXINCOMINGSIZE. Attackers can submit POS...

CVE-2025-66470 NiceGUI Stored/Reflected XSS in ui.interactive_image via unsanitized SVG content

NiceGUI is a Python-based UI framework. Versions 3.3.1 and below are subject to a XSS vulnerability through the ui.interactiveimage component of NiceGUI. The component renders SVG content using Vue's v-html directive without any sanitization. This allows attackers to inject malicious HTML or...

CVE-2020-11704

An issue was discovered in ProVide formerly zFTPServer through 13.1. The Admin Web Interface has Multiple Stored and Reflected XSS. GetInheritedProperties is Reflected via the groups parameter. GetUserInfo is Reflected via POST data. SetUserInfo is Stored via the general parameter...

Registration Magic < 4.6.0.3 - Multiple Cross-Site Scripting (XSS)

The plugin is affected by an unauthenticated Stored XSS on the Contact Form which could allow attacks against administrators viewing the submissions. As well as multiple reflected XSS...

NULL NUKE CMS 2.2 CSRF / XSS / SQL Injection / Shell Upload

NULL NUKE CMS v2.2 Multiple Vulnerabilities Vendor: nullwanton Product web page: http://sourceforge.net/projects/nullnuke/ Affected version: 2.2 and 2.1 rc3 Summary: NULL-8x3-NUKE is a fast, powerful and secure cross platform CMS for windows and Linux using base or full drive paths. Desc: NULL...