CVE-2020-24594

Mitel MiCloud Management Portal before 6.1 SP5 could allow an unauthenticated attacker to execute arbitrary scripts due to insufficient input validation, aka XSS. A successful exploit could allow an attacker to gain access to a user session...

EUVD-2018-20783

Malware in sbrugna...

EUVD-2023-48082

Malicious code in bioql PyPI...

EUVD-2023-48114

Malicious code in bioql PyPI...

EUVD-2023-1273

Malicious code in bioql PyPI...

EUVD-2025-3994

Malicious code in bioql PyPI...

CVE-2025-46818 Redis: Authenticated users can execute LUA scripts as a different user

Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to manipulate different LUA objects and potentially run their own code in the context of another user. The problem exists in all versions o...

PT-2025-30412

Name of the Vulnerable Software and Affected Versions: ETQ Reliance CG legacy platform affected versions not specified Description: A reflected cross-site scripting XSS issue exists within the SQLConverterServlet component. This requires user interaction, such as clicking a crafted link, and may...

CVE-2025-53397 Advantech iView Cross-site Scripting

A vulnerability exists in Advantech iView versions prior to 5.7.05 build 7057, which could allow a reflected cross-site scripting XSS attack. By exploiting this flaw, an attacker could execute unauthorized scripts in the user's browser, potentially leading to information disclosure or other...

PT-2025-25430 · Xwiki · Xwiki

Name of the Vulnerable Software and Affected Versions: XWiki versions 7.4.5 through 16.4.7 XWiki versions 8.2 through 16.10.4 XWiki versions 17.1.0-rc-1 and earlier Description: The issue allows pages to gain script or programming rights when they contain a link and the target of the link is...

CVE-2024-0606

An attacker could execute unauthorized script on a legitimate site through UXSS using window.open by opening a javascript URI leading to unauthorized actions within the user's loaded webpage. This vulnerability affects Focus for iOS 122...

CVE-2023-50732

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to execute a Velocity script without script right through the document tree. This has been patched in XWiki 14.10.7 and 15.2RC1...

CVE-2025-30366

WeGIA is a Web manager for charitable institutions. Versions prior to 3.2.8 are vulnerable to stored cross-site scripting. This vulnerability allows unauthorized scripts to be executed within the user's browser context. Stored XSS is particularly critical, as the malicious code is permanently...

CVE-2025-30363

WeGIA is a Web manager for charitable institutions. A stored Cross-Site Scripting XSS vulnerability was identified in versions prior to 3.2.6. This vulnerability allows unauthorized scripts to be executed within the user's browser context. Stored XSS is particularly critical, as the malicious cod...

CVE-2025-24967 Stored XSS on Admin Panel When Deleting a User in reNgine

reNgine is an automated reconnaissance framework for web applications. A stored cross-site scripting XSS vulnerability exists in the admin panel's user management functionality. An attacker can exploit this issue by injecting malicious payloads into the username field during user creation. This...

PT-2025-5610 · Rengine · Rengine

Name of the Vulnerable Software and Affected Versions: reNgine versions prior to 2.20 Description: A stored cross-site scripting XSS issue exists in the admin panel's user management functionality, allowing an attacker to inject malicious payloads into the username field during user creation. Thi...

CVE-2024-36819

MAP-OS 4.45.0 and earlier is vulnerable to Cross-Site Scripting XSS. This vulnerability allows malicious users to insert a malicious payload into the "Client Name" input. When a service order from this client is created, the malicious payload is displayed on the administrator and employee...

PT-2024-27168 · Mapos · Mapos

Name of the Vulnerable Software and Affected Versions: MAP-OS versions 4.45.0 and earlier Description: The issue allows malicious users to insert a malicious payload into the Client Name input, resulting in unauthorized script execution on the administrator and employee dashboards when a service...

CVE-2024-36819

MAP-OS 4.45.0 and earlier is vulnerable to Cross-Site Scripting XSS. This vulnerability allows malicious users to insert a malicious payload into the "Client Name" input. When a service order from this client is created, the malicious payload is displayed on the administrator and employee...

CVE-2024-26283

CVE-2024-26283 affects Firefox for iOS prior to version 123. The issue arises when opening an external URL with a custom Firefox scheme, allowing a JavaScript URI to execute unauthorized scripts on top-origin sites (cross-site scripting). Impact is described as potential unauthorized script execu...