EUVD-2025-34047

A stored Cross-site Scripting XSS vulnerability affecting Issue Management in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session...

EUVD-2025-18374

Malicious code in bioql PyPI...

EUVD-2025-6575

Malicious code in bioql PyPI...

CVE-2025-4987

A stored Cross-site Scripting XSS vulnerability affecting Opportunity Management in Project Portfolio Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session...

CVE-2025-4992

A stored Cross-site Scripting XSS vulnerability affecting Service Items Management in Service Process Engineer from Release 3DEXPERIENCE R2024x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session...

CVE-2024-10208

An Improper Neutralization of Input During Web Page Generation vulnerability in the APROL Web Portal used in B APROL 4.4-00P5 may allow an authenticated network-based attacker to insert malicious code which is then executed in the context of the user’s browser session...

CVE-2024-10208 Cross Site Scripting vulnerability in APROL Web Portal

An Improper Neutralization of Input During Web Page Generation vulnerability in the APROL Web Portal used in B&R APROL 4.4-00P5 may allow an authenticated network-based attacker to insert malicious code which is then executed in the context of the user’s browser session...

CVE-2024-7938

A stored Cross-site Scripting XSS vulnerability affecting 3DDashboard in 3DSwymer from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session...

CVE-2024-8004

A stored Cross-site Scripting XSS vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session...

CVE-2024-6881 Stored XSS Vulnerability

Stored XSS in M-Files Hubshare versions before 5.0.6.0 allows an authenticated attacker to execute arbitrary JavaScript in user's browser session...

GHSA-7J98-H7FP-4VWJ smarty Cross-site Scripting vulnerability in Javascript escaping

Impact An attacker could exploit this vulnerability to execute arbitrary JavaScript code in the context of the user's browser session. This may lead to unauthorized access to sensitive user data, manipulation of the web application's behavior, or unauthorized actions performed on behalf of the...

Delta Controls enteliTOUCH 3.40.3935 Cross Site Scripting Vulnerability

enteliTouch XSS alertdocument.cookie" / input type="hidden" n...

HomeAutomation 3.3.2 - Persistent Cross-Site Scripting Vulnerability

Exploit for hardware platform in category web applications Exploit: HomeAutomation 3.3.2 - Persistent Cross-Site Scripting Author: LiquidWorm Vendor: Tom Rosenback and Daniel Malmgren Product web page: http://karpero.mine.nu/ha/ Affected version: 3.3.2 Tested on: Apache/2.4.41 centos...

HTML Injection Vulnerability in Multiple EMC Products

EMC is a U.S. information storage information technology company.EMC RSA Identity Management and Governance is an enterprise-class identity management solution. An HTML injection vulnerability exists in multiple EMC products. A remote attacker with low privileges could exploit the vulnerability t...

Infor CRM 8.2.0.1136 - Multiple HTML Script Injection Vulnerabilities

Infor CRM 8.2.0.1136 - Multiple HTML Script Injection Vulnerabilities Infor CRM 8.2.0.1136 Multiple HTML Script Injection Vulnerabilities Vendor: Infor Product web page: http://www.infor.com Affected version: 8.2.0.1136 Summary: Infor® CRM, formerly Saleslogix, is an award-winning customer...

Debian Security Advisory DSA 2651-1 (smokeping - cross-site scripting vulnerability)

A cross-site scripting vulnerability was discovered in smokeping, a latency logging and graphing system. Input passed to the displaymode parameter was not properly sanitized. An attacker could use this flaw to execute arbitrary HTML and script code in a user's browser session in the context of an...

SiT! Support Incident Tracker 3.64 XSS / CSRF / SQL Injection

Advisory Details: High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in SiT! Support Incident Tracker, which can be exploited to perform SQL injection, cross-site scripting, cross-site request forgery attacks. 1 Input passed via the "start" GET parameter to...

Traq 2.2 Cross Site Scripting / SQL Injection

Vulnerability ID: HTB23046 Reference: https://www.htbridge.ch/advisory/multiplevulnerabilitiesintraq.html Product: Traq Vendor: Jack Polgar http://traqproject.org/ Vulnerable Version: 2.2 and probably prior Tested Version: 2.2 Vendor Notification: 07 September 2011 Vulnerability Type: XSS, SQL...

SiT! Support Incident Tracker 3.64 XSS / XSRF / SQL Injection

Vulnerability ID: HTB23043 Reference: https://www.htbridge.ch/advisory/multiplevulnerabilitiesinsitsupportincidenttracker.html Product: SiT! Support Incident Tracker Vendor: The Support Incident Tracker Project http://sitracker.org/ Vulnerable Version: 3.64 and probably prior Tested Version: 3.64...

Sitebeater News System XSS vuln.

Sitebeater News System XSS vuln. Vuln. dicovered by : r0t Date: 3 dec. 2005 Orginal advisory:http://pridels.blogspot.com/2005/12/sitebeater-news-system-xss-vuln.html affected version: 4.00 and prior Product Description: News Features: mailing lists, polls, themes, attachments, search, categories,...