EUVD-2024-55023

Malicious code in bioql PyPI...

EUVD-2021-28343

Malicious code in bioql PyPI...

CVE-2024-6429

A content spoofing vulnerability exists in multiple WSO2 products due to improper error message handling. Under certain conditions, error messages are passed through URL parameters without validation, allowing malicious actors to inject arbitrary content into the UI. By exploiting this...

CVE-2025-36000

IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure with...

CVE-2023-20231

A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the...

Apache Ranger Cross-Site Scripting Vulnerability (CNVD-2025-03540)

Apache Ranger is a set of architectures from the U.S.-based Apache Foundation for implementing comprehensive security measures for Hadoop clusters. The product provides centralized security policy management for core enterprise security requirements such as authorization, billing and data...

CVE-2024-47107

IBM QRadar SIEM 7.5 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

Northern.tech CFEngine Security Breach

Northern.tech CFEngine is an IT infrastructure configuration management and automation framework. A security vulnerability exists in Northern.tech CFEngine Enterprise versions 3.6.0 through 3.18.6 and prior to 3.21.3, which stems from an injection flaw in the Web UI, Mission Portal, and results i...

UBUNTU-CVE-2022-2861

Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.101 allowed an attacker who convinced a user to install a malicious extension to inject arbitrary scripts into WebUI via a crafted HTML page...

Cross site scripting

A XSS vulnerability was found in Apache NiFi 1.0.0 to 1.10.0. Malicious scripts could be injected to the UI through action by an unaware authenticated user in Firefox. Did not appear to occur in other browsers...

CVE-2019-16468

Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have an user interface injection vulnerability. Successful exploitation could lead to sensitive information disclosure...

CVE-2019-16468

Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have an user interface injection vulnerability. Successful exploitation could lead to sensitive information disclosure...

CVE-2019-16468

Adobe Experience Manager (AEM) CVE-2019-16468 is a user interface injection vulnerability affecting AEM 6.0–6.5. Exploitation could disclose sensitive information. Public sources in the connected set confirm the issue and reference APSB20-01, which documents multiple vulnerabilities and associate...

IBM Security Guardium Cross-Site Scripting Vulnerability (CNVD-2018-25401)

IBM Security Guardium is a suite of platforms from IBM in the United States that provide data protection capabilities. The platform includes features such as custom UI, report management and streamlined audit process building. A cross-site scripting vulnerability exists in IBM Security Guardium...

IBM Maximo Asset Management Cross-Site Scripting Vulnerability (CNVD-2018-24264)

IBM Maximo Asset Management is a comprehensive asset lifecycle and maintenance management solution from IBM USA. The solution is capable of managing all types of assets, such as facilities, transportation, etc., on a single platform with a single point of control for these assets. A cross-site...

IBM Rational Engineering Lifecycle Manager Cross-Site Scripting Vulnerability (CNVD-2017-33349)

IBM Rational Engineering Lifecycle Manager RELM is a suite of engineering lifecycle management software from IBM in the United States. A cross-site scripting vulnerability exists in IBM RELM. A remote attacker can exploit this vulnerability to inject arbitrary JavaScript code into the Web UI...

IBM Jazz Reporting Service Cross-Site Scripting Vulnerability (CNVD-2017-15928)

IBM Jazz Reporting Service JRS is a suite of IBM USA applications for discovering cross-project reports that can be used in integration with IBM Rational CLM's Rational solution for managing all lifecycles of a development project. CLM users can access reports provided by JRS in dashboards,...