CVE-2021-41917

webTareas version 2.4 and earlier allows an authenticated user to store arbitrary web script or HTML by creating or editing a client name in the clients section, due to incorrect sanitization of user-supplied data and achieve a Stored Cross-Site Scripting attack against the platform users and...

EUVD-2018-6683

Malware in sbrugna...

EUVD-2020-28695

Malware in sbrugna...

EUVD-2018-10339

Malware in sbrugna...

EUVD-2022-6443

Malicious code in bioql PyPI...

EUVD-2023-32570

Malicious code in bioql PyPI...

PT-2025-30330 · Unknown · Livehelperchat

Name of the Vulnerable Software and Affected Versions: Live Helper Chat version 4.60 Description: A stored cross-site scripting XSS vulnerability exists in Live Helper Chat version 4.60. This allows attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the Telegra...

Cross-Site Scripting (XSS)

barryvdh/laravel-translation-manager is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to incorrect input validation and sanitization of user-input data, allowing attackers to inject arbitrary HTML or JavaScript code...

Remote Code Execution (RCE)

srfeuserregister is vulnerable to Remote Code Execution. The vulnerability is due to improper input validation and insufficient sanitization of user-supplied data, which allows attackers to inject and execute arbitrary PHP code on the server...

CVE-2020-7571

A CWE-79 Multiple Improper Neutralization of Input During Web Page Generation Cross-site Scripting Reflected vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause a remote attacker to inject arbitrary web script or HTML due to incorrect sanitization of use...

Cross-site Scripting (XSS)

github.com/beego/beego is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper HTML escaping due to user-controlled data not being sanitized in the RenderForm function...

PT-2024-20717 · Ibm · Ibm Cognos Analytics

Name of the Vulnerable Software and Affected Versions: IBM Cognos Analytics versions 11.2.0 through 11.2.4 IBM Cognos Analytics versions 12.0.0 through 12.0.2 Description: The issue is related to injection attacks in application logging due to the lack of sanitization of user-provided data. This...

Mars: Reflected XSS on formaction parameter

The formaction parameter of the target application was found to contain a reflected Cross-Site Scripting XSS vulnerability. User-supplied data was reflected back without proper sanitization, allowing for the injection of malicious JavaScript code. The issue was compounded by potential cache...

Cross-site Scripting (XSS)

Concrete CMS is vulnerable to cross-site scripting.The vulnerability exists in multiple functions due to insufficient sanitization of user-supplied data which allows an attacker to inject and execute malicious JavaScript via the Image Manipulation Library...

CVE-2022-35652

An open redirect issue was found in Moodle due to improper sanitization of user-supplied data in mobile auto-login feature. A remote attacker can create a link that leads to a trusted website, however, when clicked, it redirects the victims to arbitrary URL/domain. Successful exploitation of this...

Client Management System 1.1 SQL Injection

Exploit Title: Client Management System 1.1 - 'Search' SQL Injection Date: 14 June 2021 Exploit Author: BHAVESH KAUL Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/client-management-system-using-php-mysql/ Version: 1.1 Tested on: Server: XAMPP Description Client...

Unspecified vulnerability in php factory Telop01

php factory Telop01 is a simple PHP program from Japan's PHP Factory that displays subtitles, news tickers and headlines in flowing characters on the home page and any page. A security vulnerability exists in Telop01 1.0.1, which stems from insufficient sanitization of user-supplied data in the...

pfSense cross-site scripting vulnerability (CNVD-2021-33242)

pfSense is a set of network firewalls based on FreeBSD Linux. A cross-site scripting vulnerability exists in pfsense version 2.5.0, which stems from not sufficiently sanitizing user-supplied data passed to the serviceswoledit.php script via the Description field. An attacker could exploit this...

CVE-2020-5905

Summary of CVE-2020-5905: In BIG-IP, the Configuration utility (TMUI) on the Network > WCCP page fails to sanitize all user-provided data before display, enabling an XSS-style attack when accessed by an authenticated administrator. Affected versions are BIG-IP 11.6.1–11.6.5.2 (per F5 advisory)...

PT-2020-4421

Name of the Vulnerable Software and Affected Versions: jQuery versions 1.0.3 through 3.4.1 Description: The issue arises from insufficient cleaning of user-provided data when passing HTML elements to jQuery's DOM manipulation methods, such as .html and .append. This can allow an attacker to execu...