CVE-2019-7168

A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Blog field to /admin/nodes/nodes/add/blog...

CVE-2019-7171

A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/blocks/blocks/edit/8...

EUVD-2019-16541

Malware in sbrugna...

EUVD-2019-16543

Malware in sbrugna...

EUVD-2019-16717

Malware in sbrugna...

EUVD-2022-4895

Malicious code in bioql PyPI...

EUVD-2022-5626

Malicious code in bioql PyPI...

EUVD-2022-3361

Malicious code in bioql PyPI...

EUVD-2022-2122

Malicious code in bioql PyPI...

EUVD-2022-5299

Malicious code in bioql PyPI...

CVE-2020-10114

cPanel before 84.0.20 allows stored self-XSS via the HTML file editor SEC-535...

CVE-2019-6990

A stored-self XSS exists in web/skins/classic/views/zones.php of ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in a vulnerable field via a crafted Zone NAME to the index.php?view=zones=zoneImage∣=1 URI...

CVE-2019-6992

A stored-self XSS exists in web/skins/classic/views/controlcaps.php of ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in a vulnerable field via a long NAME or PROTOCOL to the index.php?view=controlcaps URI...

CVE-2019-7170

A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/taxonomy/vocabularies...

CVE-2025-27139 Combodo iTop vulnerable to stored self Cross-site Scripting in preferences

Combodo iTop is a web based IT service management tool. Versions prior to 2.7.12, 3.1.2, and 3.2.0 are vulnerable to cross-site scripting when the preferences page is opened. Versions 2.7.12, 3.1.2, and 3.2.0 fix the issue...

CVE-2024-47536 starcitizentools/citizen-skin vulnerable to stored, self-XSS in the "real name" field

Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. A user with the editmyprivateinfo right or who can otherwise change their name can XSS themselves by setting their "real name" to an XSS payload. This vulnerability is fixed in 2.31.0...

Croogo vulnerable to XSS in title field

A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/blocks/blocks/edit/8...

GHSA-36PQ-CJH9-FV46 Croogo vulnerable to XSS in title field

A stored-self XSS exists in Croogo allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/taxonomy/vocabularies...

Croogo vulnerable to XSS in Blog field

A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Blog field to /admin/nodes/nodes/add/blog...

GHSA-9F9R-W3XQ-F722 Croogo vulnerable to XSS in Blog field

A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Blog field to /admin/nodes/nodes/add/blog...