CVE-2021-33982

An insufficient session expiration vulnerability exists in the "Fish | Hunt FL" iOS app version 3.8.0 and earlier, which allows a remote attacker to reuse, spoof, or steal other user and admin sessions...

CVE-2021-22920

A vulnerability has been discovered in Citrix ADC formerly known as NetScaler ADC and Citrix Gateway formerly known as NetScaler Gateway, and Citrix SD-WAN WANOP Edition models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. These vulnerabilities, if exploited, could lead to a phishing attack through a...

EUVD-2018-17248

Malware in sbrugna...

EUVD-2021-10049

Malware in sbrugna...

EUVD-2018-0142

Malware in sbrugna...

EUVD-2024-41607

Malicious code in bioql PyPI...

EUVD-2024-21335

Malicious code in bioql PyPI...

EUVD-2024-46630

Malicious code in bioql PyPI...

WordPress Uncode Core Cross-Site Scripting Vulnerability

WordPress Uncode Core is a creative multipurpose theme for the WordPress platform. WordPress Uncode Core suffers from a cross-site scripting vulnerability that stems from insufficient input cleanup and output escaping, which can be exploited by an attacker to steal user session information by...

WordPress web-cam cross-site scripting vulnerability

WordPress web-cam is a plugin for integrating instant photo taking feature in WordPress website, by calling user's device camera to realize real-time photo taking feature. WordPress web-cam suffers from a cross-site scripting vulnerability that stems from insufficient input cleanup and escaping,...

WordPress Tournament Bracket Generator Cross-Site Scripting Vulnerability

WordPress Tournament Bracket Generator is a plugin for generating fixture maps for the knockout stages of tournaments. A cross-site scripting vulnerability exists in WordPress Tournament Bracket Generator, which stems from insufficient input cleanup and escaping, and can be exploited by an attack...

CVE-2023-36288

An unauthenticated Cross-Site Scripting XSS vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then impersonate that user via GET configure parameter...

CVE-2021-42545

An insufficient session expiration vulnerability exists in Business-DNA Solutions GmbH’s TopEase® Platform Version = 7.1.27, which allows a remote attacker to reuse, spoof, or steal other user and admin sessions...

CVE-2025-46550 Yeswiki Vulnerable to Unauthenticated Reflected Cross-site Scripting

YesWiki is a wiki system written in PHP. Prior to version 4.5.4, the /?BazaR endpoint and idformulaire parameter are vulnerable to cross-site scripting. An attacker can use a reflected cross-site scripting attack to steal cookies from an authenticated user by having them click on a malicious link...

CVE-2024-9572

Cross-Site Scripting XSS vulnerability in SOPlanning 1.45, due to lack of proper validation of user input via /soplanning/www/process/groupesave.php, in the groupeid parameter. This could allow a remote user to send a specially crafted query to an authenticated user and steal their session detail...

PT-2023-27069 · Bdcom · Bdcom Olt P3310D-2Ac

Name of the Vulnerable Software and Affected Versions: BDCOM OLT P3310D-2AC version 10.1.0F Build 69083 Description: A cross-site scripting XSS vulnerability in the device web interface, specifically the Log Query page, allows attackers to execute arbitrary web scripts or HTML via a crafted paylo...

Cross-site Scripting (XSS) - Generic in zikula/core

Description In zikula/core cross site scripting vulnerability is present in block module description field Proof of Concept 1. login to the demo account 2. go to blocks https://demo.ziku.la/blocks/admin/view 3. Add payload in title field and save 4 payload = " Impact This vulnerability is capable...

Design/Logic Flaw

FoxSash ImgHosting 1.5 according to footer information is vulnerable to XSS attacks. The affected function is its search engine via the search parameter to the default URI. Since there is an user/admin login interface, it's possible for attackers to steal sessions of users and thus admins. By...

ImgHosting 1.5 - Cross-Site Scripting

ImgHosting 1.5 - Cross-Site Scripting Exploit Title: ImgHosting Image Storage System 1.5 - Cross-Site-Scripting Date: 12-01-2018 Exploit Author: Dennis Veninga Contact Author: d.veninga at networking4all.com Vendor Homepage: foxsash.com Version: 1.5 CVE-ID: CVE-2018-5479 ImgHosting – Image Storag...