CI4MS 跨站脚本漏洞

CI4MS is an open-source blog page management tool developed by Ci4MS. Versions of CI4MS prior to 0.31.0.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from the failure to properly clean user-controlled input when creating or editing blog tags. Attackers could inject...

MAL-2025-193000 Malicious code in @vietmoney/react-native-tags-input (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4eaba1a91c6cb85d46db01b9c4e96157cdeb905c8c7d1b0d6b3dbd507a58f402 The package @vietmoney/react-native-tags-input was found to contain malicious code. Source: ghsa-malware...

Malicious Package

Overview @vietmoney/react-native-tags-input is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and...

Malicious code in @vietmoney/react-native-tags-input (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4eaba1a91c6cb85d46db01b9c4e96157cdeb905c8c7d1b0d6b3dbd507a58f402 The package @vietmoney/react-native-tags-input was found to contain malicious code. Source: ghsa-malware...

EUVD-2025-205932

Malicious code in @vietmoney/react-native-tags-input npm...

CVE-2025-68942

Gitea before 1.22.2 allows XSS because the search input box for creating tags and branches is v-html instead of v-text...

CVE-2025-57520

A Cross Site Scripting XSS vulnerability exists in Decap CMS thru 3.8.3. Input fields such as body, tags, title, and description are not properly sanitized before being rendered in the content preview pane. This enables an attacker to inject arbitrary JavaScript which executes whenever a user vie...

CVE-2025-9823

SummaryA Cross-Site Scripting XSS vulnerability allows an attacker to execute arbitrary JavaScript in the context of another user’s session. This occurs because user-supplied input is reflected back in the server’s response without proper sanitization or escaping, potentially enabling malicious...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the lead:addLeadTags process. An attacker can execute arbitrary JavaScript in another user's browser session by injecting malicious input into the Tags field, which is reflected in the server's response...

CVE-2025-9823

SummaryA Cross-Site Scripting XSS vulnerability allows an attacker to execute arbitrary JavaScript in the context of another user’s session. This occurs because user-supplied input is reflected back in the server’s response without proper sanitization or escaping, potentially enabling malicious...

CVE-2025-9823

SummaryA Cross-Site Scripting XSS vulnerability allows an attacker to execute arbitrary JavaScript in the context of another user’s session. This occurs because user-supplied input is reflected back in the server’s response without proper sanitization or escaping, potentially enabling malicious...

PT-2025-35773

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. affected versions not specified Description: A Cross-Site Scripting XSS vulnerability allows an attacker to execute arbitrary JavaScript in the context of another user’s session. This occurs because...

DRUPAL-CONTRIB-2022-051

This module provides a widget to transform entity reference fields into a more user-friendly tags input component with a great performance. The module doesn't sufficiently check access for the add operation. Users with permission to edit content can view and reference unpublished terms. The edit...

Cross-site Scripting (XSS)

ng-tags-input is vulnerable to cross-site scripting XSS attacks. These attacks are possible through the safeHighlight function...